Fix symkey retrieval using NSS python client

This is tested using Barbican as a client.  We are simply
reverting to the same behavior we had before for the
NSS Crypto provider case.

Change-Id: I11300b3bea5670c783e1b4736d98f35f30ecf2ce

1 files changed, 10 insertions, 2 deletions

diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py
index 7f0384658..edb32c044 100644
--- a/base/common/python/pki/crypto.py
+++ b/base/common/python/pki/crypto.py
@@ -325,9 +325,17 @@ class NSSCryptoProvider(CryptoProvider):
         :param nonce_iv         Nonce data
         :return:                Unwrapped data
 
-        Return unwrapped data for data wrapped using AES KeyWrap
+        Return unwrapped data for data that has been keywrapped.
+        For NSS, we only support 3DES - so something that has been
+        keywrapped can be decrypted.  This is precisely what we used
+        to do before.
         """
-        raise NotImplementedError()
+        return self.symmetric_unwrap(
+            data,
+            wrapping_key,
+            mechanism=nss.CKM_DES3_CBC_PAD,
+            nonce_iv=nonce_iv
+        )
 
     def get_cert(self, cert_nick):
         """