diff options
author | Ade Lee <alee@redhat.com> | 2017-04-28 17:44:19 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-04-28 20:13:57 -0400 |
commit | 9590944d5726ff32d94c6a2b2909175eae946466 (patch) | |
tree | 18dd4d0afc52b13c521f5dea95a312d8ca12c17b /base/common/python | |
parent | d98f20d33378a37898d4d6ffec80b09261504823 (diff) | |
download | pki-9590944d5726ff32d94c6a2b2909175eae946466.tar.gz pki-9590944d5726ff32d94c6a2b2909175eae946466.tar.xz pki-9590944d5726ff32d94c6a2b2909175eae946466.zip |
Fix symkey retrieval using NSS python client
This is tested using Barbican as a client. We are simply
reverting to the same behavior we had before for the
NSS Crypto provider case.
Change-Id: I11300b3bea5670c783e1b4736d98f35f30ecf2ce
Diffstat (limited to 'base/common/python')
-rw-r--r-- | base/common/python/pki/crypto.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py index 7f0384658..edb32c044 100644 --- a/base/common/python/pki/crypto.py +++ b/base/common/python/pki/crypto.py @@ -325,9 +325,17 @@ class NSSCryptoProvider(CryptoProvider): :param nonce_iv Nonce data :return: Unwrapped data - Return unwrapped data for data wrapped using AES KeyWrap + Return unwrapped data for data that has been keywrapped. + For NSS, we only support 3DES - so something that has been + keywrapped can be decrypted. This is precisely what we used + to do before. """ - raise NotImplementedError() + return self.symmetric_unwrap( + data, + wrapping_key, + mechanism=nss.CKM_DES3_CBC_PAD, + nonce_iv=nonce_iv + ) def get_cert(self, cert_nick): """ |