diff options
author | Ade Lee <alee@redhat.com> | 2017-05-05 21:30:15 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-05-06 10:07:00 -0400 |
commit | 00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1 (patch) | |
tree | e454a6f35dcf3a9de06cb8820f26a47682eccdd9 /base/util | |
parent | bea446868e282955d9c70028be657530eaccbe29 (diff) | |
download | pki-00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1.tar.gz pki-00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1.tar.xz pki-00c17b3e2f81c9df12e1a89fc85dc2e3d4c3a2b1.zip |
Fix symmetic key retrieval in HSM
When using an HSM, AES KeyWrapping is not available and so
some different code paths were exercised. Fixing bugs in those
paths uncovered a case where we were calling unwrapSymmetric()
with bits and not bytes for the key length.
This does not matter for 3DES, where JSS expects a length of 0,
but very much matters for AES. Fixing this - and the KeyClient
to actually use the returned wrapping algorithm to unwrap, allows
us now to return generated symmetric keys correctly.
Bugzilla BZ#1448521
Pagure: 2690
Change-Id: I2c5c87e28f6f36798b16de238bbaa21da90e7890
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index d22856db5..e529a0f91 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -2346,7 +2346,7 @@ public class CryptoUtil { KeyWrapAlgorithm wrapAlgorithm, IVParameterSpec wrappingIV) throws Exception { KeyWrapper wrapper = token.getKeyWrapper(wrapAlgorithm); wrapper.initUnwrap(wrappingKey, wrappingIV); - return wrapper.unwrapSymmetric(wrappedData, keyType, usage, strength); + return wrapper.unwrapSymmetric(wrappedData, keyType, usage, strength/8); } public static SymmetricKey unwrap(CryptoToken token, SymmetricKey.Type keyType, @@ -2355,7 +2355,7 @@ public class CryptoUtil { KeyWrapper keyWrapper = token.getKeyWrapper(wrapAlgorithm); keyWrapper.initUnwrap(wrappingKey, null); - return keyWrapper.unwrapSymmetric(wrappedData, keyType, usage, strength); + return keyWrapper.unwrapSymmetric(wrappedData, keyType, usage, strength/8); } public static PrivateKey unwrap(CryptoToken token, PublicKey pubKey, boolean temporary, |