Fix DRM archival, recovery and generation for non-DES3 keys.

In the archival, recovery and generation code for symmetric keys,
we use functions that require knowledge of the symmetric keys algorithm
and key size.  These were hardcoded to DES3, and so only DES3 worked.

We added those parameters to the archival request, save them in the
KeyRecord and retrive them when recovering the key.

Tests have been added to DRMTest for the relevant usages.

6 files changed, 53 insertions, 12 deletions

diff --git a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
index 1655fdb28..bb25974e9 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
@@ -39,6 +39,8 @@ public class KeyArchivalRequest extends ResourceMessage {
     private static final String CLIENT_ID = "clientID";
     private static final String DATA_TYPE = "dataType";
     private static final String WRAPPED_PRIVATE_DATA = "wrappedPrivateData";
+    private static final String KEY_ALGORITHM = "keyAlgorithm";
+    private static final String KEY_STRENGTH = "keyStrength";
 
     public KeyArchivalRequest() {
         // required for JAXB (defaults)
@@ -49,6 +51,8 @@ public class KeyArchivalRequest extends ResourceMessage {
         attributes.put(CLIENT_ID, form.getFirst(CLIENT_ID));
         attributes.put(DATA_TYPE, form.getFirst(DATA_TYPE));
         attributes.put(WRAPPED_PRIVATE_DATA, form.getFirst(WRAPPED_PRIVATE_DATA));
+        attributes.put(KEY_ALGORITHM, form.getFirst(KEY_ALGORITHM));
+        attributes.put(KEY_STRENGTH, form.getFirst(KEY_STRENGTH));
         setClassName(getClass().getName());
     }
 
@@ -99,6 +103,34 @@ public class KeyArchivalRequest extends ResourceMessage {
         attributes.put(WRAPPED_PRIVATE_DATA, wrappedPrivateData);
     }
 
+    /**
+     * @return the keyAlgorithm (valid for symmetric keys)
+     */
+    public String getKeyAlgorithm() {
+        return attributes.get(KEY_ALGORITHM);
+    }
+
+    /**
+     * @param algorithm the key algorithm to set (valid for symmetric keys)
+     */
+    public void setKeyAlgorithm(String algorithm) {
+        attributes.put(KEY_ALGORITHM, algorithm);
+    }
+
+    /**
+     * @return the key strength (valid for symmetric keys)
+     */
+    public int getKeyStrength() {
+        return Integer.parseInt(attributes.get(KEY_STRENGTH));
+    }
+
+    /**
+     * @param strength the key strength to set (valid for symmetric keys)
+     */
+    public void setKeyStrength(int strength) {
+        attributes.put(KEY_STRENGTH, Integer.toString(strength));
+    }
+
     public String toString() {
         try {
             return ResourceMessage.marshal(this, KeyArchivalRequest.class);
@@ -121,6 +153,8 @@ public class KeyArchivalRequest extends ResourceMessage {
         before.setClientId("vek 12345");
         before.setDataType(KeyRequestResource.SYMMETRIC_KEY_TYPE);
         before.setWrappedPrivateData("XXXXABCDEFXXX");
+        before.setKeyAlgorithm(KeyRequestResource.AES_ALGORITHM);
+        before.setKeyStrength(128);
 
         String string = before.toString();
         System.out.println(string);
diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
index 27f0362a1..81cca7b41 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
@@ -28,6 +28,14 @@ public interface KeyRequestResource {
     public static final String PASS_PHRASE_TYPE = "passPhrase";
     public static final String ASYMMETRIC_KEY_TYPE = "asymmetricKey";
 
+    /* Symmetric Key Algorithms */
+    public static final String DES_ALGORITHM = "DES";
+    public static final String DESEDE_ALGORITHM = "DESede";
+    public static final String DES3_ALGORITHM = "DES3";
+    public static final String RC2_ALGORITHM = "RC2";
+    public static final String RC4_ALGORITHM = "RC4";
+    public static final String AES_ALGORITHM = "AES";
+
     /**
      * Used to generate list of key requests based on the search parameters
      */
diff --git a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java
index f9feb6410..c0445e455 100644
--- a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java
+++ b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java
@@ -26,14 +26,6 @@ public class SymKeyGenerationRequest extends ResourceMessage {
     private static final String KEY_ALGORITHM = "keyAlgorithm";
     private static final String KEY_USAGE = "keyUsage";
 
-    /* Symmetric Key Algorithms */
-    public static final String DES_ALGORITHM = "DES";
-    public static final String DESEDE_ALGORITHM = "DESede";
-    public static final String DES3_ALGORITHM = "DES3";
-    public static final String RC2_ALGORITHM = "RC2";
-    public static final String RC4_ALGORITHM = "RC4";
-    public static final String AES_ALGORITHM = "AES";
-
     /* Symmetric Key usages */
     public static final String UWRAP_USAGE = "unwrap";
     public static final String WRAP_USAGE = "wrap";
@@ -148,7 +140,7 @@ public class SymKeyGenerationRequest extends ResourceMessage {
 
         SymKeyGenerationRequest before = new SymKeyGenerationRequest();
         before.setClientId("vek 12345");
-        before.setKeyAlgorithm(SymKeyGenerationRequest.AES_ALGORITHM);
+        before.setKeyAlgorithm(KeyRequestResource.AES_ALGORITHM);
         before.setKeySize(128);
         before.addUsage(SymKeyGenerationRequest.DECRYPT_USAGE);
         before.addUsage(SymKeyGenerationRequest.ENCRYPT_USAGE);
diff --git a/base/common/src/com/netscape/certsrv/kra/KRAClient.java b/base/common/src/com/netscape/certsrv/kra/KRAClient.java
index 943a6f21f..76e321ac8 100644
--- a/base/common/src/com/netscape/certsrv/kra/KRAClient.java
+++ b/base/common/src/com/netscape/certsrv/kra/KRAClient.java
@@ -69,13 +69,15 @@ public class KRAClient extends SubsystemClient {
         return list;
     }
 
-    public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId, String dataType) {
+    public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId, String dataType, String algorithm, int strength) {
         // create archival request
         KeyArchivalRequest data = new KeyArchivalRequest();
         String req1 = Utils.base64encode(encoded);
         data.setWrappedPrivateData(req1);
         data.setClientId(clientId);
         data.setDataType(dataType);
+        data.setKeyAlgorithm(algorithm);
+        data.setKeyStrength(strength);
 
         @SuppressWarnings("unchecked")
         ClientResponse<KeyRequestInfo> response = (ClientResponse<KeyRequestInfo>)
diff --git a/base/common/src/com/netscape/certsrv/request/IRequest.java b/base/common/src/com/netscape/certsrv/request/IRequest.java
index 05908fc1d..8dbbb5cd3 100644
--- a/base/common/src/com/netscape/certsrv/request/IRequest.java
+++ b/base/common/src/com/netscape/certsrv/request/IRequest.java
@@ -158,6 +158,8 @@ public interface IRequest extends Serializable {
     public static final String SECURITY_DATA_ENROLLMENT_REQUEST = "securityDataEnrollment";
     public static final String SECURITY_DATA_RECOVERY_REQUEST = "securityDataRecovery";
     public static final String SECURITY_DATA_CLIENT_ID = "clientID";
+    public static final String SECURITY_DATA_STRENGTH = "strength";
+    public static final String SECURITY_DATA_ALGORITHM = "algorithm";
     public static final String SECURITY_DATA_TYPE = "dataType";
     public static final String SECURITY_DATA_STATUS = "status";
     public static final String SECURITY_DATA_TRANS_SESS_KEY = "transWrappedSessionKey";
diff --git a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
index 55bd56318..6e4b9252c 100644
--- a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
+++ b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
@@ -21,6 +21,7 @@ import java.security.PublicKey;
 
 import org.mozilla.jss.crypto.PrivateKey;
 import org.mozilla.jss.crypto.SymmetricKey;
+import org.mozilla.jss.crypto.SymmetricKey.Type;
 
 import com.netscape.certsrv.base.EBaseException;
 
@@ -111,7 +112,7 @@ public interface IEncryptionUnit extends IToken {
      * @exception EBaseException failed to unwrap
      */
 
-    public SymmetricKey unwrap(byte wrappedKeyData[])
+    public SymmetricKey unwrap(byte wrappedKeyData[], SymmetricKey.Type algorithm, int keySize)
             throws EBaseException;
 
     /**
@@ -122,12 +123,14 @@ public interface IEncryptionUnit extends IToken {
      * @param symmAlgOID symmetric algorithm
      * @param symmAlgParams symmetric algorithm parameters
      * @param symmetricKey  symmetric key data
+     * @param type symmetric key algorithm
+     * @param strength symmetric key strength in bytes
      * @return Symmetric key object
      * @exception EBaseException failed to unwrap
      */
 
     public SymmetricKey unwrap_symmetric(byte sessionKey[], String symmAlgOID,
-            byte symmAlgParams[], byte symmetricKey[])
+            byte symmAlgParams[], byte symmetricKey[], Type type, int strength)
             throws EBaseException;
 
     /**