Fix symmetic key retrieval in HSM

When using an HSM, AES KeyWrapping is not available and so
some different code paths were exercised.  Fixing bugs in those
paths uncovered a case where we were calling unwrapSymmetric()
with bits and not bytes for the key length.

This does not matter for 3DES, where JSS expects a length of 0,
but very much matters for AES.  Fixing this - and the KeyClient
to actually use the returned wrapping algorithm to unwrap, allows
us now to return generated symmetric keys correctly.

Bugzilla BZ#1448521
Pagure: 2690

Change-Id: I2c5c87e28f6f36798b16de238bbaa21da90e7890

1 files changed, 2 insertions, 2 deletions

diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java
index 2c99e1c22..9a69372b5 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyClient.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java
@@ -429,7 +429,7 @@ public class KeyClient extends Client {
             bytes = crypto.unwrapSymmetricKeyWithSessionKey(
                     data.getEncryptedData(),
                     sessionKey,
-                    wrapAlgorithm,
+                    KeyWrapAlgorithm.fromString(data.getWrapAlgorithm()),
                     data.getNonceData(),
                     data.getAlgorithm(),
                     data.getSize());
@@ -446,7 +446,7 @@ public class KeyClient extends Client {
             bytes = crypto.unwrapAsymmetricKeyWithSessionKey(
                     data.getEncryptedData(),
                     sessionKey,
-                    wrapAlgorithm,
+                    KeyWrapAlgorithm.fromString(data.getWrapAlgorithm()),
                     data.getNonceData(),
                     pubKey);
         }