From cc8ef4b200d4ea5851916c7967beac81ef44367b Mon Sep 17 00:00:00 2001 From: Michal Skrivanek Date: Wed, 25 May 2022 11:57:33 +0200 Subject: [PATCH] [WIP] remove SHA-1 from cryptotool Needs a similar change in aaa-jdbc --- .../engine/core/uutils/crypto/EnvelopeEncryptDecrypt.java | 2 +- .../ovirt/engine/core/uutils/crypto/EnvelopePBETest.java | 6 +++--- .../org/ovirt/engine/core/cryptotool/arguments.properties | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/crypto/EnvelopeEncryptDecrypt.java b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/crypto/EnvelopeEncryptDecrypt.java index 17a60aa19f4..8cfdd3417e6 100644 --- a/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/crypto/EnvelopeEncryptDecrypt.java +++ b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/crypto/EnvelopeEncryptDecrypt.java @@ -26,7 +26,7 @@ public class EnvelopeEncryptDecrypt { private static final String ARTIFACT = "EnvelopeEncryptDecrypt"; private static final String VERSION = "1"; - private static final String PUBKEY_DIGEST_ALGO = "SHA-1"; + private static final String PUBKEY_DIGEST_ALGO = "SHA-256"; private static final String PKEY_MODE_PADDING = "ECB/PKCS1Padding"; private static final String CONTENT_KEY = "content"; diff --git a/backend/manager/modules/uutils/src/test/java/org/ovirt/engine/core/uutils/crypto/EnvelopePBETest.java b/backend/manager/modules/uutils/src/test/java/org/ovirt/engine/core/uutils/crypto/EnvelopePBETest.java index f4389fb4238..95fdfb03959 100644 --- a/backend/manager/modules/uutils/src/test/java/org/ovirt/engine/core/uutils/crypto/EnvelopePBETest.java +++ b/backend/manager/modules/uutils/src/test/java/org/ovirt/engine/core/uutils/crypto/EnvelopePBETest.java @@ -20,7 +20,7 @@ public void test1() throws Exception { byte[] r = new byte[i]; random.nextBytes(r); String password = new Base64(0).encodeToString(r); - String encoded = EnvelopePBE.encode("PBKDF2WithHmacSHA1", 256, 4000, null, password); + String encoded = EnvelopePBE.encode("PBEWithHmacSHA512AndAES_256", 256, 4000, null, password); assertTrue( EnvelopePBE.check( encoded, @@ -57,7 +57,7 @@ public void test2() throws Exception { public void test3() throws Exception { String password = "password"; - assertNotEquals(EnvelopePBE.encode("PBKDF2WithHmacSHA1", 256, 4000, null, password), - EnvelopePBE.encode("PBKDF2WithHmacSHA1", 256, 4000, null, password)); + assertNotEquals(EnvelopePBE.encode("PBEWithHmacSHA512AndAES_256", 256, 4000, null, password), + EnvelopePBE.encode("PBEWithHmacSHA512AndAES_256", 256, 4000, null, password)); } } diff --git a/backend/manager/tools/src/main/resources/org/ovirt/engine/core/cryptotool/arguments.properties b/backend/manager/tools/src/main/resources/org/ovirt/engine/core/cryptotool/arguments.properties index f8572811baf..512c481b11a 100644 --- a/backend/manager/tools/src/main/resources/org/ovirt/engine/core/cryptotool/arguments.properties +++ b/backend/manager/tools/src/main/resources/org/ovirt/engine/core/cryptotool/arguments.properties @@ -124,7 +124,7 @@ Password can be specified in one of the following format:\n\ \ file:FILE - provide a password as 1st line of FILE. pbe-encode.arg.algorithm.name = algorithm pbe-encode.arg.algorithm.type = required_argument -pbe-encode.arg.algorithm.default = PBKDF2WithHmacSHA1 +pbe-encode.arg.algorithm.default = PBEWithHmacSHA512AndAES_256 pbe-encode.arg.algorithm.metavar = ALGORITHM pbe-encode.arg.algorithm.help = PBE algorithm, default: @CLI_PRM_DEFAULT@ pbe-encode.arg.key-size.name = key-size