Fix symmetic key retrieval in HSM

When using an HSM, AES KeyWrapping is not available and so
some different code paths were exercised.  Fixing bugs in those
paths uncovered a case where we were calling unwrapSymmetric()
with bits and not bytes for the key length.

This does not matter for 3DES, where JSS expects a length of 0,
but very much matters for AES.  Fixing this - and the KeyClient
to actually use the returned wrapping algorithm to unwrap, allows
us now to return generated symmetric keys correctly.

Bugzilla BZ#1448521
Pagure: 2690

Change-Id: I2c5c87e28f6f36798b16de238bbaa21da90e7890

1 files changed, 2 insertions, 2 deletions

diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index d22856db5..e529a0f91 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -2346,7 +2346,7 @@ public class CryptoUtil {
             KeyWrapAlgorithm wrapAlgorithm, IVParameterSpec wrappingIV) throws Exception {
         KeyWrapper wrapper = token.getKeyWrapper(wrapAlgorithm);
         wrapper.initUnwrap(wrappingKey, wrappingIV);
-        return wrapper.unwrapSymmetric(wrappedData, keyType, usage, strength);
+        return wrapper.unwrapSymmetric(wrappedData, keyType, usage, strength/8);
     }
 
     public static SymmetricKey unwrap(CryptoToken token, SymmetricKey.Type keyType,
@@ -2355,7 +2355,7 @@ public class CryptoUtil {
         KeyWrapper keyWrapper = token.getKeyWrapper(wrapAlgorithm);
         keyWrapper.initUnwrap(wrappingKey, null);
 
-        return keyWrapper.unwrapSymmetric(wrappedData, keyType, usage, strength);
+        return keyWrapper.unwrapSymmetric(wrappedData, keyType, usage, strength/8);
     }
 
     public static PrivateKey unwrap(CryptoToken token, PublicKey pubKey, boolean temporary,