diff options
author | Ade Lee <alee@redhat.com> | 2017-03-28 13:01:30 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-03-28 14:18:14 -0400 |
commit | a5cbfd0fcd966604a5188352bb09042e3132eb32 (patch) | |
tree | c8c8f4a44363860149d604a0b45d8e78da53f06b /base/util | |
parent | 358064eed09fd43e9fe7b08e43bd03775df880df (diff) | |
download | pki-a5cbfd0fcd966604a5188352bb09042e3132eb32.tar.gz pki-a5cbfd0fcd966604a5188352bb09042e3132eb32.tar.xz pki-a5cbfd0fcd966604a5188352bb09042e3132eb32.zip |
Fix retrieval for symmetric keys
Up to now, we have only ever used the same algorithm (DES3_CBC)
for key wrapping and encryption. With the change to use AES Keywrap
and AES CBC, we need to know which mechanism was used to encrypt/wrap
the secrets when returned to the client.
This means passing back more information to the client with the key
data, and also modifying the client to use this information to decode
the data correctly.
Change-Id: I7232085c1eedf38c63abad81db08acc912fa1da1
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/netscape/security/util/WrappingParams.java | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/base/util/src/netscape/security/util/WrappingParams.java b/base/util/src/netscape/security/util/WrappingParams.java index ab7868097..b2814a356 100644 --- a/base/util/src/netscape/security/util/WrappingParams.java +++ b/base/util/src/netscape/security/util/WrappingParams.java @@ -45,6 +45,15 @@ public class WrappingParams { this.payloadWrappingIV = payloadWrapIV; } + public static EncryptionAlgorithm getEncryptionAlgorithmFromName(String name) throws Exception { + String fields[] = name.split("//"); + String alg = fields[0]; + String mode = fields[1]; + String padding = fields[2]; + int strength = Integer.parseInt(fields[3]); + return EncryptionAlgorithm.lookup(alg, mode, padding, strength); + } + public WrappingParams() {} public WrappingParams(String encryptOID, String wrapName, String priKeyAlgo, IVParameterSpec encryptIV, IVParameterSpec wrapIV) @@ -172,6 +181,15 @@ public class WrappingParams { this.payloadEncryptionAlgorithm = EncryptionAlgorithm.lookup(algName, modeName, paddingName, keyStrength); } + public String getPayloadEncryptionAlgorithmName() { + // work around some of the issues with OIDs in JSS + int strength = payloadEncryptionAlgorithm.getKeyStrength(); + String mode = payloadEncryptionAlgorithm.getMode().toString(); + String padding = payloadEncryptionAlgorithm.getPadding().toString(); + String alg = payloadEncryptionAlgorithm.getAlg().toString(); + return alg + "/" + mode + "/" + padding + "/" + Integer.toString(strength); + } + public KeyWrapAlgorithm getPayloadWrapAlgorithm() { return payloadWrapAlgorithm; } |