diff options
| author | Ade Lee <alee@redhat.com> | 2014-02-04 13:17:18 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2014-02-04 22:31:04 -0500 |
| commit | 02f9be1caa6310b5758b96d56d946e04557459c7 (patch) | |
| tree | e0729755a0ac33808d6dea0557caa1956bcc3df9 /base/common/src/com/netscape/certsrv/security | |
| parent | 94840d5720b660e145aaca4bea0ec623c74396d8 (diff) | |
| download | pki-02f9be1caa6310b5758b96d56d946e04557459c7.tar.gz pki-02f9be1caa6310b5758b96d56d946e04557459c7.tar.xz pki-02f9be1caa6310b5758b96d56d946e04557459c7.zip | |
Fix DRM archival, recovery and generation for non-DES3 keys.
In the archival, recovery and generation code for symmetric keys,
we use functions that require knowledge of the symmetric keys algorithm
and key size. These were hardcoded to DES3, and so only DES3 worked.
We added those parameters to the archival request, save them in the
KeyRecord and retrive them when recovering the key.
Tests have been added to DRMTest for the relevant usages.
Diffstat (limited to 'base/common/src/com/netscape/certsrv/security')
| -rw-r--r-- | base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java index 55bd56318..6e4b9252c 100644 --- a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java +++ b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java @@ -21,6 +21,7 @@ import java.security.PublicKey; import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.crypto.SymmetricKey; +import org.mozilla.jss.crypto.SymmetricKey.Type; import com.netscape.certsrv.base.EBaseException; @@ -111,7 +112,7 @@ public interface IEncryptionUnit extends IToken { * @exception EBaseException failed to unwrap */ - public SymmetricKey unwrap(byte wrappedKeyData[]) + public SymmetricKey unwrap(byte wrappedKeyData[], SymmetricKey.Type algorithm, int keySize) throws EBaseException; /** @@ -122,12 +123,14 @@ public interface IEncryptionUnit extends IToken { * @param symmAlgOID symmetric algorithm * @param symmAlgParams symmetric algorithm parameters * @param symmetricKey symmetric key data + * @param type symmetric key algorithm + * @param strength symmetric key strength in bytes * @return Symmetric key object * @exception EBaseException failed to unwrap */ public SymmetricKey unwrap_symmetric(byte sessionKey[], String symmAlgOID, - byte symmAlgParams[], byte symmetricKey[]) + byte symmAlgParams[], byte symmetricKey[], Type type, int strength) throws EBaseException; /** |