Fix Java client to use AES

* Changed the client to use AES-128-CBC-PAD rather than DES-3.
  Because AES-256-CBC-PAD has no OID defined, we use the following
  hack:
  * Pass in the AES-256-CBC OID as the encrypt algorithm OID
  * Use PKCS#1.5 Padding.
* Changed the client to use AES for the wrapping key on retrieval.
* Changed the server to implicitly assume PKCS#1.5 (and a key size
  of 128) when recieving the OID for AES.
* Changed the client to send, and the server to pass through
  the encryption algorithm expected when retrieving the key.
* Fixed the generate_iv() function to generate an appropriately
  sized IV on retrieval.

This code has been tested to successfully create and retrieve
secrets using AES.  Ideally, we'd be using GCM rather than CBC,
which then requires no padding - and no hack needed.  Hopefully,
we can get that working in a subsequent commit.

Change-Id: Ic9e8d50169be0fe357a48a5a1b1c452c7a3dfad0

1 files changed, 2 insertions, 0 deletions

diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index c436b4d02..593d93f46 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -1938,6 +1938,8 @@ public class CryptoUtil {
         EncryptedContentInfo cInfo = null;
 
         //We have to do this to get the decoding to work.
+        // TODO (alee) - this needs to work with AES keys.  It does not appear to be used though in the current KeyClient
+        // We may end up simply removing this.
         @SuppressWarnings("unused")
         PBEAlgorithm pbeAlg = PBEAlgorithm.PBE_SHA1_DES3_CBC;