diff options
| author | Ade Lee <alee@redhat.com> | 2017-02-28 12:18:29 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-03-14 17:09:09 -0400 |
| commit | d13181faea23cdb5a07136d3fdabeedb70effda9 (patch) | |
| tree | b944588c3adfd297bcda4b4a26360d982557e3da /base/kra/src/com | |
| parent | e1789708a9a6f66c3e3f1478e7bbc03da5b3b0df (diff) | |
Change internal wrapping to AES
There are several changes in this patch:
1. Simplify EncryptionUnit by moving the methods called by either the StorageUnit or the
TransportUnit into those classes. This helps to determine which methods are called by
which class (because in general they require different arguments). It may be possible
to later simplify and reduce code repetition by pulling core functionality back into
the EncryptionUnit.
2. Add methods to WrappingParameters and KeyRecord to store the Wrapping Parameter values
as part of the KeyRecord when the key is stored. On retrieval, this data is read and
used to extract the data. If the data is not present, then use the old DES3 parameters.
3. Change the internal (storageUnit) wrapping to use AES-CBC for encryption and AES-KeyWrap
for storage by default. If a parameter kra.storageUnit.useOldWrapping=true, then
the old wrapping will be used instead.
Change-Id: I098b0b3bd3b0ad917483e4e07925adfedacc3562
Diffstat (limited to 'base/kra/src/com')
10 files changed, 408 insertions, 402 deletions
diff --git a/base/kra/src/com/netscape/kra/AsymKeyGenService.java b/base/kra/src/com/netscape/kra/AsymKeyGenService.java index 7b43548d5..ffd8b03cf 100644 --- a/base/kra/src/com/netscape/kra/AsymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/AsymKeyGenService.java @@ -197,6 +197,14 @@ public class AsymKeyGenService implements IService { record.set(KeyRecord.ATTR_REALM, realm); } + try { + record.setWrappingParams(storageUnit.getOldWrappingParams()); + } catch (Exception e) { + auditAsymKeyGenRequestProcessed(auditSubjectID, ILogger.FAILURE, request.getRequestId(), + clientKeyId, null, "Failed to store wrapping params"); + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); + } + storage.addKeyRecord(record); auditAsymKeyGenRequestProcessed(auditSubjectID, ILogger.SUCCESS, request.getRequestId(), diff --git a/base/kra/src/com/netscape/kra/EncryptionUnit.java b/base/kra/src/com/netscape/kra/EncryptionUnit.java index af4c3ec19..c337e7f04 100644 --- a/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -35,10 +35,6 @@ import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.security.IEncryptionUnit; import com.netscape.certsrv.security.WrappingParams; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; - /** * A class represents the transport key pair. This key pair * is used to protected EE's private key in transit. @@ -51,13 +47,13 @@ public abstract class EncryptionUnit implements IEncryptionUnit { /* Establish one constant IV for base class, to be used for internal operations. Constant IV acceptable for symmetric keys. */ - private byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; - protected IVParameterSpec IV = null; + public static final byte[] iv = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + public static final byte[] iv2 = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + public static final IVParameterSpec IV = new IVParameterSpec(iv); + public static final IVParameterSpec IV2 = new IVParameterSpec(iv2); public EncryptionUnit() { CMS.debug("EncryptionUnit.EncryptionUnit this: " + this.toString()); - - IV = new IVParameterSpec(iv); } public abstract CryptoToken getToken(); @@ -72,51 +68,13 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public abstract PrivateKey getPrivateKey(org.mozilla.jss.crypto.X509Certificate cert); - /** - * Protects the private key so that it can be stored in - * internal database. - */ - public byte[] encryptInternalPrivate(byte priKey[]) throws Exception { - try (DerOutputStream out = new DerOutputStream()) { - CMS.debug("EncryptionUnit.encryptInternalPrivate"); - CryptoToken internalToken = getInternalToken(); - - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - // (1) generate session key - SymmetricKey sk = generate_session_key(internalToken, false, params); - - // (2) wrap private key with session key - byte[] pri = encrypt_private_key(internalToken, sk, priKey, params); - - // (3) wrap session with transport public - byte[] session = wrap_session_key(internalToken, getPublicKey(), sk, params); - - // use MY own structure for now: - // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING - // } - - DerOutputStream tmp = new DerOutputStream(); - - tmp.putOctetString(session); - tmp.putOctetString(pri); - out.write(DerValue.tag_Sequence, tmp); - - return out.toByteArray(); - } - } - - public byte[] wrap(PrivateKey privKey) throws Exception { - return _wrap(privKey,null); - } + public abstract WrappingParams getWrappingParams() throws EBaseException; - public byte[] wrap(SymmetricKey symmKey) throws Exception { - return _wrap(null,symmKey); + public WrappingParams getOldWrappingParams() { + return new WrappingParams( + SymmetricKey.DES3, KeyGenAlgorithm.DES3, 0, + KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, + KeyWrapAlgorithm.DES3_CBC_PAD, IV, IV); } public SymmetricKey unwrap_session_key(CryptoToken token, byte encSymmKey[], SymmetricKey.Usage usage, @@ -129,288 +87,6 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return unwrap_session_key(token, encSymmKey, usage, wrappingKey, params); } - public SymmetricKey unwrap_sym(byte encSymmKey[], WrappingParams params) { - return unwrap_session_key(getToken(), encSymmKey, SymmetricKey.Usage.WRAP, params); - } - - /** - * Decrypts the user private key. - */ - public byte[] decryptExternalPrivate(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], byte encValue[]) - throws Exception { - return decryptExternalPrivate(encSymmKey, symmAlgOID, symmAlgParams, - encValue, null); - } - - /** - * Decrypts the user private key. - */ - public byte[] decryptExternalPrivate(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], byte encValue[], - org.mozilla.jss.crypto.X509Certificate transCert) - throws Exception { - - CMS.debug("EncryptionUnit.decryptExternalPrivate"); - CryptoToken token = getToken(transCert); - - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - PrivateKey wrappingKey = getPrivateKey(transCert); - String priKeyAlgo = wrappingKey.getAlgorithm(); - if (priKeyAlgo.equals("EC")) - params.setSkWrapAlgorithm(KeyWrapAlgorithm.AES_ECB); - - SymmetricKey sk = unwrap_session_key( - token, - encSymmKey, - SymmetricKey.Usage.DECRYPT, - wrappingKey, - params); - - return decrypt_private_key(token, new IVParameterSpec(symmAlgParams), sk, encValue, params); - } - - /** - * External unwrapping. Unwraps the symmetric key using - * the transport private key. - */ - public SymmetricKey unwrap_symmetric(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[], SymmetricKey.Type algorithm, int strength) - throws Exception { - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - CryptoToken token = getToken(); - // (1) unwrap the session key - SymmetricKey sk = unwrap_session_key(token, encSymmKey, SymmetricKey.Usage.UNWRAP, params); - - // (2) unwrap the session-wrapped-symmetric-key - SymmetricKey symKey = unwrap_symmetric_key( - token, - new IVParameterSpec(symmAlgParams), - algorithm, - strength, - SymmetricKey.Usage.DECRYPT, - sk, - encValue, - params); - - return symKey; - } - - /** - * External unwrapping. Unwraps the data using - * the transport private key. - */ - public PrivateKey unwrap(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[], PublicKey pubKey) - throws Exception { - return unwrap (encSymmKey, symmAlgOID, symmAlgParams, - encValue, pubKey, null); - } - - /** - * External unwrapping. Unwraps the data using - * the transport private key. - */ - public PrivateKey unwrap(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[], PublicKey pubKey, - org.mozilla.jss.crypto.X509Certificate transCert) - throws Exception { - CryptoToken token = getToken(transCert); - - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - PrivateKey wrappingKey = getPrivateKey(transCert); - String priKeyAlgo = wrappingKey.getAlgorithm(); - if (priKeyAlgo.equals("EC")) - params.setSkWrapAlgorithm(KeyWrapAlgorithm.AES_ECB); - - // (1) unwrap the session key - SymmetricKey sk = unwrap_session_key( - token, - encSymmKey, - SymmetricKey.Usage.UNWRAP, - wrappingKey, - params); - - // (2) unwrap the session-wrapped-private key - return unwrap_private_key( - token, - pubKey, - new IVParameterSpec(symmAlgParams), - true /*temporary*/, - sk, - encValue, - params); - } - - /** - * External unwrapping. Unwraps the data using - * the transport private key. - */ - - public byte[] decryptInternalPrivate(byte wrappedKeyData[]) - throws Exception { - CMS.debug("EncryptionUnit.decryptInternalPrivate"); - DerValue val = new DerValue(wrappedKeyData); - // val.tag == DerValue.tag_Sequence - DerInputStream in = val.data; - DerValue dSession = in.getDerValue(); - byte session[] = dSession.getOctetString(); - DerValue dPri = in.getDerValue(); - byte pri[] = dPri.getOctetString(); - - CryptoToken token = getToken(); - - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - // (1) unwrap the session key - CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:" + token.getName()); - SymmetricKey sk = unwrap_session_key(token, session, SymmetricKey.Usage.DECRYPT, params); - - // (2) decrypt the private key - return decrypt_private_key(token, IV, sk, pri, params); - } - - /** - * External unwrapping of stored symmetric key. - */ - public SymmetricKey unwrap(byte wrappedKeyData[], SymmetricKey.Type algorithm, int keySize) - throws Exception { - DerValue val = new DerValue(wrappedKeyData); - // val.tag == DerValue.tag_Sequence - DerInputStream in = val.data; - DerValue dSession = in.getDerValue(); - byte session[] = dSession.getOctetString(); - DerValue dPri = in.getDerValue(); - byte pri[] = dPri.getOctetString(); - - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - CryptoToken token = getToken(); - // (1) unwrap the session key - SymmetricKey sk = unwrap_session_key(token, session, SymmetricKey.Usage.UNWRAP, params); - - // (2) unwrap the session-wrapped-symmetric key - return unwrap_symmetric_key(token, IV, algorithm, keySize, SymmetricKey.Usage.UNWRAP, sk, pri, params); - } - - /** - * Internal unwrapping. - */ - public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) - throws Exception { - return _unwrap(wrappedKeyData, pubKey, true); - } - - /** - * Internal unwrapping. - */ - public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey) - throws Exception { - return _unwrap(wrappedKeyData, pubKey, false); - } - - /** - * Internal unwrapping. - */ - private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey pubKey, boolean temporary) - throws Exception { - DerValue val = new DerValue(wrappedKeyData); - // val.tag == DerValue.tag_Sequence - DerInputStream in = val.data; - DerValue dSession = in.getDerValue(); - byte session[] = dSession.getOctetString(); - DerValue dPri = in.getDerValue(); - byte pri[] = dPri.getOctetString(); - - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - CryptoToken token = getToken(); - // (1) unwrap the session key - SymmetricKey sk = unwrap_session_key(token, session, SymmetricKey.Usage.UNWRAP, params); - - // (2) unwrap the private key - return unwrap_private_key(token, pubKey, IV, temporary, sk, pri, params); - } - - /*** - * Internal wrap, accounts for either private or symmetric key - */ - private byte[] _wrap(PrivateKey priKey, SymmetricKey symmKey) throws Exception { - try (DerOutputStream out = new DerOutputStream()) { - if ((priKey == null && symmKey == null) || (priKey != null && symmKey != null)) { - return null; - } - CMS.debug("EncryptionUnit.wrap interal."); - CryptoToken token = getToken(); - - SymmetricKey.Usage usages[] = new SymmetricKey.Usage[2]; - usages[0] = SymmetricKey.Usage.WRAP; - usages[1] = SymmetricKey.Usage.UNWRAP; - - WrappingParams params = new WrappingParams( - SymmetricKey.DES3, usages, KeyGenAlgorithm.DES3, 0, - KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); - - // (1) generate session key - SymmetricKey sk = generate_session_key(token, true, params); - - // (2) wrap private key with session key - // KeyWrapper wrapper = internalToken.getKeyWrapper( - - byte pri[] = null; - - if (priKey != null) { - pri = wrap_private_key(token, sk, priKey, params); - } else if (symmKey != null) { - pri = wrap_symmetric_key(token, sk, symmKey, params); - } - - CMS.debug("EncryptionUnit:wrap() privKey wrapped"); - - byte[] session = wrap_session_key(token, getPublicKey(), sk, params); - CMS.debug("EncryptionUnit:wrap() session key wrapped"); - - // use MY own structure for now: - // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING - // } - - DerOutputStream tmp = new DerOutputStream(); - - tmp.putOctetString(session); - tmp.putOctetString(pri); - out.write(DerValue.tag_Sequence, tmp); - - return out.toByteArray(); - } - } - /** * Verify the given key pair. */ @@ -422,10 +98,9 @@ public abstract class EncryptionUnit implements IEncryptionUnit { // Crypto specific methods below here ... ////////////////////////////////////////////////////////////////////////////////////////////////////////////// - private SymmetricKey generate_session_key(CryptoToken token, boolean temporary, WrappingParams params) - throws Exception{ + protected SymmetricKey generate_session_key(CryptoToken token, boolean temporary, WrappingParams params, + SymmetricKey.Usage[] usages) throws Exception { org.mozilla.jss.crypto.KeyGenerator kg = token.getKeyGenerator(params.getSkKeyGenAlgorithm()); - SymmetricKey.Usage[] usages = params.getSkUsages(); if (usages != null) kg.setKeyUsages(usages); kg.temporaryKeys(temporary); @@ -436,7 +111,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return sk; } - private byte[] wrap_session_key(CryptoToken token, PublicKey wrappingKey, SymmetricKey sessionKey, + protected byte[] wrap_session_key(CryptoToken token, PublicKey wrappingKey, SymmetricKey sessionKey, WrappingParams params) throws Exception { KeyWrapper rsaWrap = token.getKeyWrapper(params.getSkWrapAlgorithm()); rsaWrap.initWrap(wrappingKey, null); @@ -444,7 +119,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return session; } - public SymmetricKey unwrap_session_key(CryptoToken token, byte[] wrappedSessionKey, SymmetricKey.Usage usage, + protected SymmetricKey unwrap_session_key(CryptoToken token, byte[] wrappedSessionKey, SymmetricKey.Usage usage, PrivateKey wrappingKey, WrappingParams params) { try { KeyWrapper keyWrapper = token.getKeyWrapper(params.getSkWrapAlgorithm()); @@ -452,7 +127,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { SymmetricKey sk = keyWrapper.unwrapSymmetric( wrappedSessionKey, - params.getSkTyoe(), + params.getSkType(), usage, 0); CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: " @@ -464,15 +139,14 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } } - private byte[] wrap_symmetric_key(CryptoToken token, SymmetricKey sessionKey, SymmetricKey data, + protected byte[] wrap_symmetric_key(CryptoToken token, SymmetricKey sessionKey, SymmetricKey data, WrappingParams params) throws Exception { KeyWrapper wrapper = token.getKeyWrapper(params.getPayloadWrapAlgorithm()); - - wrapper.initWrap(sessionKey, IV); + wrapper.initWrap(sessionKey, params.getPayloadEncryptionIV()); return wrapper.wrap(data); } - private SymmetricKey unwrap_symmetric_key(CryptoToken token, IVParameterSpec iv, SymmetricKey.Type algorithm, + protected SymmetricKey unwrap_symmetric_key(CryptoToken token, IVParameterSpec iv, SymmetricKey.Type algorithm, int strength, SymmetricKey.Usage usage, SymmetricKey sessionKey, byte[] wrappedData, WrappingParams params) throws Exception { KeyWrapper wrapper = token.getKeyWrapper(params.getPayloadWrapAlgorithm()); @@ -481,18 +155,18 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return symKey; } - private byte[] wrap_private_key(CryptoToken token, SymmetricKey sessionKey, PrivateKey data, + protected byte[] wrap_private_key(CryptoToken token, SymmetricKey sessionKey, PrivateKey data, WrappingParams params) throws Exception { KeyWrapper wrapper = token.getKeyWrapper(params.getPayloadWrapAlgorithm()); - wrapper.initWrap(sessionKey, IV); + wrapper.initWrap(sessionKey, params.getPayloadWrappingIV()); return wrapper.wrap(data); } - private PrivateKey unwrap_private_key(CryptoToken token, PublicKey pubKey, IVParameterSpec iv, + protected PrivateKey unwrap_private_key(CryptoToken token, PublicKey pubKey, boolean temporary, SymmetricKey sessionKey, byte[] wrappedData, WrappingParams params) throws Exception { KeyWrapper wrapper = token.getKeyWrapper(params.getPayloadWrapAlgorithm()); - wrapper.initUnwrap(sessionKey, iv); + wrapper.initUnwrap(sessionKey, params.getPayloadWrappingIV()); // Get the key type for unwrapping the private key. PrivateKey.Type keyType = null; @@ -515,19 +189,18 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return pk; } - private byte[] encrypt_private_key(CryptoToken token, SymmetricKey sessionKey, byte[] data, WrappingParams params) + protected byte[] encrypt_private_key(CryptoToken token, SymmetricKey sessionKey, byte[] data, WrappingParams params) throws Exception { Cipher cipher = token.getCipherContext(params.getPayloadEncryptionAlgorithm()); - - cipher.initEncrypt(sessionKey, IV); + cipher.initEncrypt(sessionKey, params.getPayloadEncryptionIV()); byte pri[] = cipher.doFinal(data); return pri; } - private byte[] decrypt_private_key(CryptoToken token, IVParameterSpec iv, SymmetricKey sessionKey, + protected byte[] decrypt_private_key(CryptoToken token, SymmetricKey sessionKey, byte[] encryptedData, WrappingParams params) throws Exception { Cipher cipher = token.getCipherContext(params.getPayloadEncryptionAlgorithm()); - cipher.initDecrypt(sessionKey, iv); + cipher.initDecrypt(sessionKey, params.getPayloadEncryptionIV()); return cipher.doFinal(encryptedData); } diff --git a/base/kra/src/com/netscape/kra/EnrollmentService.java b/base/kra/src/com/netscape/kra/EnrollmentService.java index fbefc549e..5aa35da57 100644 --- a/base/kra/src/com/netscape/kra/EnrollmentService.java +++ b/base/kra/src/com/netscape/kra/EnrollmentService.java @@ -169,7 +169,7 @@ public class EnrollmentService implements IService { if (CMS.debugOn()) CMS.debug("EnrollmentServlet: KRA services enrollment request"); - // the request reocrd field delayLDAPCommit == "true" will cause + // the request record field delayLDAPCommit == "true" will cause // updateRequest() to delay actual write to ldap request.setExtData("delayLDAPCommit", "true"); @@ -502,6 +502,22 @@ public class EnrollmentService implements IService { rec.set(KeyRecord.ATTR_REALM, realm); } + try { + rec.setWrappingParams(mStorageUnit.getWrappingParams()); + } catch (Exception e) { + mKRA.log(ILogger.LL_FAILURE, "Failed to store wrapping parameters"); + // TODO(alee) Set correct audit message here + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); + + audit(auditMessage); + throw new EKRAException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); + } + IKeyRepository storage = mKRA.getKeyRepository(); BigInteger serialNo = storage.getNextSerialNumber(); diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java index d3937915b..da227a113 100644 --- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java +++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java @@ -456,9 +456,9 @@ public class NetkeyKeygenService implements IService { (wrapped_des_key.length > 0)) { WrappingParams wrapParams = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, + SymmetricKey.DES3, KeyGenAlgorithm.DES3, 0, KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); + KeyWrapAlgorithm.DES3_CBC_PAD, EncryptionUnit.IV, EncryptionUnit.IV); // unwrap the DES key sk = (PK11SymKey) mTransportUnit.unwrap_sym(wrapped_des_key, wrapParams); @@ -686,6 +686,9 @@ public class NetkeyKeygenService implements IService { CMS.debug("NetkeyKeygenService: serialNo null"); return false; } + + rec.setWrappingParams(mStorageUnit.getWrappingParams()); + CMS.debug("NetkeyKeygenService: before addKeyRecord"); rec.set(KeyRecord.ATTR_ID, serialNo); request.setExtData(ATTR_KEY_RECORD, serialNo); diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index 70b5e57a7..c89e2f388 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -274,7 +274,10 @@ public class RecoveryService implements IService { try { mKRA.getStorageKeyUnit().unwrap( - keyRecord.getPrivateKeyData(), null); + keyRecord.getPrivateKeyData(), + null, + false, + keyRecord.getWrappingParams(mKRA.getStorageKeyUnit().getOldWrappingParams())); } catch (Exception e) { throw new EBaseException("Failed to unwrap private key", e); } @@ -393,33 +396,21 @@ public class RecoveryService implements IService { mStorageUnit.login(creds); } - /* wrapped retrieve session key and private key */ - DerValue val = new DerValue(keyRecord.getPrivateKeyData()); - DerInputStream in = val.data; - DerValue dSession = in.getDerValue(); - byte session[] = dSession.getOctetString(); - DerValue dPri = in.getDerValue(); - byte pri[] = dPri.getOctetString(); - - /* debug */ - byte publicKeyData[] = keyRecord.getPublicKeyData(); PublicKey pubkey = null; try { - pubkey = X509Key.parsePublicKey(new DerValue(publicKeyData)); + pubkey = X509Key.parsePublicKey(new DerValue(keyRecord.getPublicKeyData())); } catch (Exception e) { CMS.debug("RecoverService: after parsePublicKey:" + e.toString()); throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "public key parsing failure")); } - byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + PrivateKey privKey = null; try { privKey = mStorageUnit.unwrap( - session, - keyRecord.getAlgorithm(), - iv, - pri, - pubkey); - + keyRecord.getPrivateKeyData(), + pubkey, + false, + keyRecord.getWrappingParams(mKRA.getStorageKeyUnit().getOldWrappingParams())); } catch (Exception e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PRIVATE_KEY_NOT_FOUND")); throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", @@ -564,7 +555,9 @@ public class RecoveryService implements IService { mKRA.log(ILogger.LL_INFO, "KRA decrypts internal private"); try { - byte[] privateKeyData = mStorageUnit.decryptInternalPrivate(keyRecord.getPrivateKeyData()); + byte[] privateKeyData = mStorageUnit.decryptInternalPrivate( + keyRecord.getPrivateKeyData(), + keyRecord.getWrappingParams(mKRA.getStorageKeyUnit().getOldWrappingParams())); if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { mStorageUnit.logout(); diff --git a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java index 1c94bca6e..212e99217 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java +++ b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java @@ -179,7 +179,8 @@ public class SecurityDataProcessor { wrappedSessionKey, algStr, sparams, - secdata); + secdata, + null); } catch (Exception e) { throw new EBaseException("Can't decrypt symm key using allEncDecrypt_archival : true ."); @@ -215,7 +216,8 @@ public class SecurityDataProcessor { wrappedSessionKey, algStr, sparams, - secdata); + secdata, + null); } catch (Exception e) { throw new EBaseException("Can't decrypt passphrase.", e); } @@ -290,6 +292,16 @@ public class SecurityDataProcessor { rec.set(KeyRecord.ATTR_REALM, realm); } + try { + rec.setWrappingParams(storageUnit.getWrappingParams()); + } catch (Exception e) { + kra.log(ILogger.LL_FAILURE, + "Failed to store wrapping parameters: " + e); + auditArchivalRequestProcessed(auditSubjectID, ILogger.FAILURE, requestId, + clientKeyId, null, "Failed to store wrapping parameters"); + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE"), e); + } + CMS.debug("KRA adding Security Data key record " + serialNo); keyRepository.addKeyRecord(rec); @@ -406,7 +418,11 @@ public class SecurityDataProcessor { byte[] privateKeyData = keyRecord.getPrivateKeyData(); PublicKey publicKey = X509Key.parsePublicKey(new DerValue(publicKeyData)); - privateKey = storageUnit.unwrap_temp(privateKeyData, publicKey); + privateKey = storageUnit.unwrap( + privateKeyData, + publicKey, + true, + keyRecord.getWrappingParams(storageUnit.getOldWrappingParams())); } } catch (Exception e) { @@ -420,9 +436,9 @@ public class SecurityDataProcessor { CryptoToken ct = transportUnit.getToken(); WrappingParams wrapParams = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, + SymmetricKey.DES3, KeyGenAlgorithm.DES3, 0, KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); + KeyWrapAlgorithm.DES3_CBC_PAD, EncryptionUnit.IV, EncryptionUnit.IV); byte[] key_data = null; String pbeWrappedData = null; @@ -612,7 +628,8 @@ public class SecurityDataProcessor { storageUnit.unwrap( keyRecord.getPrivateKeyData(), KeyRequestService.SYMKEY_TYPES.get(keyRecord.getAlgorithm()), - keyRecord.getKeySize()); + keyRecord.getKeySize(), + keyRecord.getWrappingParams(storageUnit.getOldWrappingParams())); return symKey; } catch (Exception e) { throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", @@ -623,7 +640,9 @@ public class SecurityDataProcessor { public byte[] recoverSecurityData(KeyRecord keyRecord) throws EBaseException { try { - return storageUnit.decryptInternalPrivate(keyRecord.getPrivateKeyData()); + return storageUnit.decryptInternalPrivate( + keyRecord.getPrivateKeyData(), + keyRecord.getWrappingParams(storageUnit.getOldWrappingParams())); } catch (Exception e) { CMS.debug("Failed to recover security data: " + e); throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", diff --git a/base/kra/src/com/netscape/kra/StorageKeyUnit.java b/base/kra/src/com/netscape/kra/StorageKeyUnit.java index 83f3e2a79..d486fa7f6 100644 --- a/base/kra/src/com/netscape/kra/StorageKeyUnit.java +++ b/base/kra/src/com/netscape/kra/StorageKeyUnit.java @@ -36,6 +36,7 @@ import org.mozilla.jss.crypto.Cipher; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.EncryptionAlgorithm; import org.mozilla.jss.crypto.IllegalBlockSizeException; +import org.mozilla.jss.crypto.KeyGenAlgorithm; import org.mozilla.jss.crypto.KeyGenerator; import org.mozilla.jss.crypto.KeyWrapAlgorithm; import org.mozilla.jss.crypto.KeyWrapper; @@ -60,9 +61,14 @@ import com.netscape.certsrv.kra.IShare; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; +import com.netscape.certsrv.security.WrappingParams; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.util.DerInputStream; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; + /** * A class represents a storage key unit. Currently, this * is implemented with cryptix, the final implementation @@ -99,6 +105,7 @@ public class StorageKeyUnit extends EncryptionUnit implements public static final String PROP_KEYDB = "keydb"; public static final String PROP_CERTDB = "certdb"; public static final String PROP_MN = "mn"; + public static final String PROP_OLD_WRAPPING = "useOldWrapping"; /** * Constructs this token. @@ -123,6 +130,17 @@ public class StorageKeyUnit extends EncryptionUnit implements throw new EBaseException(CMS.getUserMessage("CMS_INVALID_OPERATION")); } + public WrappingParams getWrappingParams() throws EBaseException { + if (mConfig.getBoolean(PROP_OLD_WRAPPING, false)) { + return this.getOldWrappingParams(); + } + + return new WrappingParams( + SymmetricKey.AES, KeyGenAlgorithm.AES, 256, + KeyWrapAlgorithm.RSA, EncryptionAlgorithm.AES_256_CBC_PAD, + KeyWrapAlgorithm.AES_KEY_WRAP_PAD, IV2, null); + } + /** * return true if byte arrays are equal, false otherwise */ @@ -1001,4 +1019,160 @@ public class StorageKeyUnit extends EncryptionUnit implements return true; } + /**************************************************************************************** + * Methods to encrypt and store secrets in the database + ***************************************************************************************/ + + public byte[] encryptInternalPrivate(byte priKey[]) throws Exception { + try (DerOutputStream out = new DerOutputStream()) { + CMS.debug("EncryptionUnit.encryptInternalPrivate"); + CryptoToken internalToken = getInternalToken(); + + WrappingParams params = getWrappingParams(); + + // (1) generate session key + SymmetricKey sk = generate_session_key(internalToken, false, params, null); + + // (2) wrap private key with session key + byte[] pri = encrypt_private_key(internalToken, sk, priKey, params); + + // (3) wrap session with storage public + byte[] session = wrap_session_key(internalToken, getPublicKey(), sk, params); + + // use MY own structure for now: + // SEQUENCE { + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING + // } + + DerOutputStream tmp = new DerOutputStream(); + + tmp.putOctetString(session); + tmp.putOctetString(pri); + out.write(DerValue.tag_Sequence, tmp); + + return out.toByteArray(); + } + } + + public byte[] wrap(PrivateKey privKey) throws Exception { + return _wrap(privKey,null); + } + + public byte[] wrap(SymmetricKey symmKey) throws Exception { + return _wrap(null,symmKey); + } + + /*** + * Internal wrap, accounts for either private or symmetric key + */ + private byte[] _wrap(PrivateKey priKey, SymmetricKey symmKey) throws Exception { + try (DerOutputStream out = new DerOutputStream()) { + if ((priKey == null && symmKey == null) || (priKey != null && symmKey != null)) { + return null; + } + CMS.debug("EncryptionUnit.wrap interal."); + WrappingParams params = getWrappingParams(); + CryptoToken token = getToken(); + + SymmetricKey.Usage usages[] = new SymmetricKey.Usage[2]; + usages[0] = SymmetricKey.Usage.WRAP; + usages[1] = SymmetricKey.Usage.UNWRAP; + + // (1) generate session key + SymmetricKey sk = generate_session_key(token, true, params, usages); + + // (2) wrap private key with session key + // KeyWrapper wrapper = internalToken.getKeyWrapper( + + byte pri[] = null; + + if (priKey != null) { + pri = wrap_private_key(token, sk, priKey, params); + } else if (symmKey != null) { + pri = wrap_symmetric_key(token, sk, symmKey, params); + } + + CMS.debug("EncryptionUnit:wrap() privKey wrapped"); + + byte[] session = wrap_session_key(token, getPublicKey(), sk, params); + CMS.debug("EncryptionUnit:wrap() session key wrapped"); + + // use MY own structure for now: + // SEQUENCE { + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING + // } + + DerOutputStream tmp = new DerOutputStream(); + + tmp.putOctetString(session); + tmp.putOctetString(pri); + out.write(DerValue.tag_Sequence, tmp); + + return out.toByteArray(); + } + } + + /**************************************************************************************** + * Methods to decrypt and retrieve secrets from the database + ***************************************************************************************/ + + public byte[] decryptInternalPrivate(byte wrappedKeyData[], WrappingParams params) + throws Exception { + CMS.debug("EncryptionUnit.decryptInternalPrivate"); + DerValue val = new DerValue(wrappedKeyData); + // val.tag == DerValue.tag_Sequence + DerInputStream in = val.data; + DerValue dSession = in.getDerValue(); + byte session[] = dSession.getOctetString(); + DerValue dPri = in.getDerValue(); + byte pri[] = dPri.getOctetString(); + + CryptoToken token = getToken(); + + // (1) unwrap the session key + CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:" + token.getName()); + SymmetricKey sk = unwrap_session_key(token, session, SymmetricKey.Usage.DECRYPT, params); + + // (2) decrypt the private key + return decrypt_private_key(token, sk, pri, params); + } + + public SymmetricKey unwrap(byte wrappedKeyData[], SymmetricKey.Type algorithm, int keySize, + WrappingParams params) throws Exception { + DerValue val = new DerValue(wrappedKeyData); + // val.tag == DerValue.tag_Sequence + DerInputStream in = val.data; + DerValue dSession = in.getDerValue(); + byte session[] = dSession.getOctetString(); + DerValue dPri = in.getDerValue(); + byte pri[] = dPri.getOctetString(); + + CryptoToken token = getToken(); + // (1) unwrap the session key + SymmetricKey sk = unwrap_session_key(token, session, SymmetricKey.Usage.UNWRAP, params); + + // (2) unwrap the session-wrapped-symmetric key + return unwrap_symmetric_key(token, params.getPayloadWrappingIV(), algorithm, keySize, SymmetricKey.Usage.UNWRAP, + sk, pri, params); + } + + public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey, boolean temporary, WrappingParams params) + throws Exception { + DerValue val = new DerValue(wrappedKeyData); + // val.tag == DerValue.tag_Sequence + DerInputStream in = val.data; + DerValue dSession = in.getDerValue(); + byte session[] = dSession.getOctetString(); + DerValue dPri = in.getDerValue(); + byte pri[] = dPri.getOctetString(); + + CryptoToken token = getToken(); + // (1) unwrap the session key + SymmetricKey sk = unwrap_session_key(token, session, SymmetricKey.Usage.UNWRAP, params); + + // (2) unwrap the private key + return unwrap_private_key(token, pubKey, temporary, sk, pri, params); + } } diff --git a/base/kra/src/com/netscape/kra/SymKeyGenService.java b/base/kra/src/com/netscape/kra/SymKeyGenService.java index 7d42cb45b..17475d922 100644 --- a/base/kra/src/com/netscape/kra/SymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/SymKeyGenService.java @@ -224,6 +224,16 @@ public class SymKeyGenService implements IService { rec.set(KeyRecord.ATTR_REALM, realm); } + try { + rec.setWrappingParams(mStorageUnit.getWrappingParams()); + } catch (Exception e) { + mKRA.log(ILogger.LL_FAILURE, + "Failed to store wrapping parameters: " + e); + auditSymKeyGenRequestProcessed(auditSubjectID, ILogger.FAILURE, request.getRequestId(), + clientKeyId, null, "Failed to store wraping parameters."); + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE"), e); + } + CMS.debug("KRA adding Security Data key record " + serialNo); storage.addKeyRecord(rec); diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index 5ad8044d7..c08369271 100644 --- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -273,9 +273,9 @@ public class TokenKeyRecoveryService implements IService { (wrapped_des_key.length > 0)) { WrappingParams wrapParams = new WrappingParams( - SymmetricKey.DES3, null, KeyGenAlgorithm.DES3, 0, + SymmetricKey.DES3, KeyGenAlgorithm.DES3, 0, KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, - KeyWrapAlgorithm.DES3_CBC_PAD); + KeyWrapAlgorithm.DES3_CBC_PAD, EncryptionUnit.IV, EncryptionUnit.IV); // unwrap the des key sk = (PK11SymKey) mTransportUnit.unwrap_sym(wrapped_des_key, wrapParams); @@ -676,31 +676,21 @@ public class TokenKeyRecoveryService implements IService { } try { - /* wrapped retrieve session key and private key */ - DerValue val = new DerValue(keyRecord.getPrivateKeyData()); - DerInputStream in = val.data; - DerValue dSession = in.getDerValue(); - byte session[] = dSession.getOctetString(); - DerValue dPri = in.getDerValue(); - byte pri[] = dPri.getOctetString(); - - byte publicKeyData[] = keyRecord.getPublicKeyData(); PublicKey pubkey = null; try { - pubkey = X509Key.parsePublicKey (new DerValue(publicKeyData)); + pubkey = X509Key.parsePublicKey (new DerValue(keyRecord.getPublicKeyData())); } catch (Exception e) { CMS.debug("TokenKeyRecoverService: after parsePublicKey:"+e.toString()); throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "public key parsing failure")); } - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + PrivateKey privKey = null; try { privKey = mStorageUnit.unwrap( - session, - keyRecord.getAlgorithm(), - iv, - pri, - pubkey); + keyRecord.getPrivateKeyData(), + pubkey, + false, + keyRecord.getWrappingParams(mStorageUnit.getOldWrappingParams())); } catch (Exception e) { CMS.debug("TokenKeyRecoveryService: recoverKey() - recovery failure"); throw new EKRAException( @@ -728,7 +718,9 @@ public class TokenKeyRecoveryService implements IService { mStorageUnit.login(creds); */ try { - return mStorageUnit.decryptInternalPrivate(keyRecord.getPrivateKeyData()); + return mStorageUnit.decryptInternalPrivate( + keyRecord.getPrivateKeyData(), + keyRecord.getWrappingParams(mStorageUnit.getOldWrappingParams())); /* mStorageUnit.logout();*/ } catch (Exception e){ mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PRIVATE_KEY_NOT_FOUND")); diff --git a/base/kra/src/com/netscape/kra/TransportKeyUnit.java b/base/kra/src/com/netscape/kra/TransportKeyUnit.java index 2efdac7ad..768aee552 100644 --- a/base/kra/src/com/netscape/kra/TransportKeyUnit.java +++ b/base/kra/src/com/netscape/kra/TransportKeyUnit.java @@ -21,10 +21,15 @@ import java.security.PublicKey; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.EncryptionAlgorithm; +import org.mozilla.jss.crypto.IVParameterSpec; +import org.mozilla.jss.crypto.KeyGenAlgorithm; +import org.mozilla.jss.crypto.KeyWrapAlgorithm; import org.mozilla.jss.crypto.ObjectNotFoundException; import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.crypto.Signature; import org.mozilla.jss.crypto.SignatureAlgorithm; +import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.crypto.TokenException; import com.netscape.certsrv.apps.CMS; @@ -32,6 +37,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.certsrv.security.WrappingParams; import com.netscape.cmsutil.util.Cert; /** @@ -110,6 +116,10 @@ public class TransportKeyUnit extends EncryptionUnit implements } } + public WrappingParams getWrappingParams() { + return getOldWrappingParams(); + } + public CryptoToken getInternalToken() { try { return CryptoManager.getInstance().getInternalKeyStorageToken(); @@ -253,4 +263,112 @@ public class TransportKeyUnit extends EncryptionUnit implements throws EBaseException { // XXX } + + public SymmetricKey unwrap_sym(byte encSymmKey[], WrappingParams params) { + return unwrap_session_key(getToken(), encSymmKey, SymmetricKey.Usage.WRAP, params); + } + + /** + * Decrypts the user private key. This is called on the transport unit. + */ + public byte[] decryptExternalPrivate(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], byte encValue[], + org.mozilla.jss.crypto.X509Certificate transCert) + throws Exception { + + CMS.debug("EncryptionUnit.decryptExternalPrivate"); + CryptoToken token = getToken(transCert); + + // TODO(alee) Strictly speaking, we should set the wrapping params from the + // params coming in. (symmAlgOID etc). Will fix this in a later patch. + WrappingParams params = getWrappingParams(); + params.setPayloadEncryptionIV(new IVParameterSpec(symmAlgParams)); + + PrivateKey wrappingKey = getPrivateKey(transCert); + String priKeyAlgo = wrappingKey.getAlgorithm(); + if (priKeyAlgo.equals("EC")) + params.setSkWrapAlgorithm(KeyWrapAlgorithm.AES_ECB); + + SymmetricKey sk = unwrap_session_key( + token, + encSymmKey, + SymmetricKey.Usage.DECRYPT, + wrappingKey, + params); + + return decrypt_private_key(token, sk, encValue, params); + } + + /** + * External unwrapping. Unwraps the symmetric key using + * the transport private key. + */ + public SymmetricKey unwrap_symmetric(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], + byte encValue[], SymmetricKey.Type algorithm, int strength) + throws Exception { + + // TODO(alee) Strictly speaking, we should set the wrapping params from the + // params coming in. (symmAlgOID etc). Will fix this in a later patch. + WrappingParams params = getWrappingParams(); + params.setPayloadEncryptionIV(new IVParameterSpec(symmAlgParams)); + + CryptoToken token = getToken(); + // (1) unwrap the session key + SymmetricKey sk = unwrap_session_key(token, encSymmKey, SymmetricKey.Usage.UNWRAP, params); + + // (2) unwrap the session-wrapped-symmetric-key + SymmetricKey symKey = unwrap_symmetric_key( + token, + new IVParameterSpec(symmAlgParams), + algorithm, + strength, + SymmetricKey.Usage.DECRYPT, + sk, + encValue, + params); + + return symKey; + } + + /** + * External unwrapping. Unwraps the data using + * the transport private key. + */ + public PrivateKey unwrap(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], + byte encValue[], PublicKey pubKey, + org.mozilla.jss.crypto.X509Certificate transCert) + throws Exception { + CryptoToken token = getToken(transCert); + + WrappingParams params = new WrappingParams( + SymmetricKey.DES3, KeyGenAlgorithm.DES3, 0, + KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD, + KeyWrapAlgorithm.DES3_CBC_PAD, + new IVParameterSpec(symmAlgParams), + new IVParameterSpec(symmAlgParams)); + + PrivateKey wrappingKey = getPrivateKey(transCert); + String priKeyAlgo = wrappingKey.getAlgorithm(); + if (priKeyAlgo.equals("EC")) + params.setSkWrapAlgorithm(KeyWrapAlgorithm.AES_ECB); + + // (1) unwrap the session key + SymmetricKey sk = unwrap_session_key( + token, + encSymmKey, + SymmetricKey.Usage.UNWRAP, + wrappingKey, + params); + + // (2) unwrap the session-wrapped-private key + return unwrap_private_key( + token, + pubKey, + true /*temporary*/, + sk, + encValue, + params); + } } |