diff options
author | Ade Lee <alee@redhat.com> | 2017-05-05 21:30:15 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-05-06 10:07:00 -0400 |
commit | 00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1 (patch) | |
tree | e454a6f35dcf3a9de06cb8820f26a47682eccdd9 /base/common/src | |
parent | bea446868e282955d9c70028be657530eaccbe29 (diff) | |
download | pki-00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1.tar.gz pki-00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1.tar.xz pki-00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1.zip |
Fix symmetic key retrieval in HSM
When using an HSM, AES KeyWrapping is not available and so
some different code paths were exercised. Fixing bugs in those
paths uncovered a case where we were calling unwrapSymmetric()
with bits and not bytes for the key length.
This does not matter for 3DES, where JSS expects a length of 0,
but very much matters for AES. Fixing this - and the KeyClient
to actually use the returned wrapping algorithm to unwrap, allows
us now to return generated symmetric keys correctly.
Bugzilla BZ#1448521
Pagure: 2690
Change-Id: I2c5c87e28f6f36798b16de238bbaa21da90e7890
Diffstat (limited to 'base/common/src')
-rw-r--r-- | base/common/src/com/netscape/certsrv/key/KeyClient.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 2c99e1c22..9a69372b5 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -429,7 +429,7 @@ public class KeyClient extends Client { bytes = crypto.unwrapSymmetricKeyWithSessionKey( data.getEncryptedData(), sessionKey, - wrapAlgorithm, + KeyWrapAlgorithm.fromString(data.getWrapAlgorithm()), data.getNonceData(), data.getAlgorithm(), data.getSize()); @@ -446,7 +446,7 @@ public class KeyClient extends Client { bytes = crypto.unwrapAsymmetricKeyWithSessionKey( data.getEncryptedData(), sessionKey, - wrapAlgorithm, + KeyWrapAlgorithm.fromString(data.getWrapAlgorithm()), data.getNonceData(), pubKey); } |