diff options
Diffstat (limited to 'base/kra/src')
4 files changed, 24 insertions, 7 deletions
diff --git a/base/kra/src/com/netscape/kra/EncryptionUnit.java b/base/kra/src/com/netscape/kra/EncryptionUnit.java index c082a784f..71bd1d781 100644 --- a/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -301,7 +301,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { */ public SymmetricKey unwrap_symmetric(byte encSymmKey[], String symmAlgOID, byte symmAlgParams[], - byte encValue[]) + byte encValue[], SymmetricKey.Type algorithm, int strength) throws EBaseException { try { CryptoToken token = getToken(); @@ -323,7 +323,8 @@ public abstract class EncryptionUnit implements IEncryptionUnit { wrapper.initUnwrap(sk, new IVParameterSpec( symmAlgParams)); - SymmetricKey symKey = wrapper.unwrapSymmetric(encValue, SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0); + SymmetricKey symKey = wrapper.unwrapSymmetric(encValue, algorithm, + SymmetricKey.Usage.DECRYPT, strength); return symKey; } catch (TokenException e) { @@ -513,7 +514,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { /** * External unwrapping of stored symmetric key. */ - public SymmetricKey unwrap(byte wrappedKeyData[]) + public SymmetricKey unwrap(byte wrappedKeyData[], SymmetricKey.Type algorithm, int keySize) throws EBaseException { try { DerValue val = new DerValue(wrappedKeyData); @@ -540,8 +541,8 @@ public abstract class EncryptionUnit implements IEncryptionUnit { wrapper.initUnwrap(sk, IV); SymmetricKey sk_ret = wrapper.unwrapSymmetric(pri, - SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, - 0); + algorithm, SymmetricKey.Usage.UNWRAP, + keySize); return sk_ret; } catch (TokenException e) { diff --git a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java index 50f163dfa..f3b7709e7 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java @@ -64,6 +64,7 @@ import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.cms.servlet.request.KeyRequestService; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmsutil.util.Utils; @@ -277,7 +278,9 @@ public class SecurityDataRecoveryService implements IService { try { SymmetricKey symKey = mStorageUnit.unwrap( - keyRecord.getPrivateKeyData()); + keyRecord.getPrivateKeyData(), + KeyRequestService.SYMKEY_TYPES.get(keyRecord.getAlgorithm()), + keyRecord.getKeySize()); if (symKey == null) { throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", diff --git a/base/kra/src/com/netscape/kra/SecurityDataService.java b/base/kra/src/com/netscape/kra/SecurityDataService.java index 428dd660b..bbea11c32 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataService.java @@ -35,6 +35,7 @@ import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.cms.servlet.request.KeyRequestService; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmsutil.util.Utils; @@ -85,6 +86,8 @@ public class SecurityDataService implements IService { String clientId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_ID); String wrappedSecurityData = request.getExtDataInString(IEnrollProfile.REQUEST_ARCHIVE_OPTIONS); String dataType = request.getExtDataInString(IRequest.SECURITY_DATA_TYPE); + String algorithm = request.getExtDataInString(IRequest.SECURITY_DATA_ALGORITHM); + int strength = request.getExtDataInInteger(IRequest.SECURITY_DATA_STRENGTH); CMS.debug("SecurityDataService.serviceRequest. Request id: " + id); CMS.debug("SecurityDataService.serviceRequest wrappedSecurityData: " + wrappedSecurityData); @@ -123,7 +126,9 @@ public class SecurityDataService implements IService { securitySymKey = mTransportUnit.unwrap_symmetric(options.getEncSymmKey(), options.getSymmAlgOID(), options.getSymmAlgParams(), - options.getEncValue()); + options.getEncValue(), + KeyRequestService.SYMKEY_TYPES.get(algorithm), + strength); } else if (dataType.equals(KeyRequestResource.PASS_PHRASE_TYPE)) { keyType = KeyRequestResource.PASS_PHRASE_TYPE; @@ -175,6 +180,12 @@ public class SecurityDataService implements IService { rec.set(KeyRecord.ATTR_ID, serialNo); rec.set(KeyRecord.ATTR_DATA_TYPE, keyType); rec.set(KeyRecord.ATTR_STATUS, STATUS_ACTIVE); + + if (dataType.equals(KeyRequestResource.SYMMETRIC_KEY_TYPE)) { + rec.set(KeyRecord.ATTR_ALGORITHM, algorithm); + rec.set(KeyRecord.ATTR_KEY_SIZE, strength); + } + request.setExtData(ATTR_KEY_RECORD, serialNo); CMS.debug("KRA adding Security Data key record " + serialNo); diff --git a/base/kra/src/com/netscape/kra/SymKeyGenService.java b/base/kra/src/com/netscape/kra/SymKeyGenService.java index 3ebf1bed0..32dc1ceb9 100644 --- a/base/kra/src/com/netscape/kra/SymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/SymKeyGenService.java @@ -209,6 +209,8 @@ public class SymKeyGenService implements IService { rec.set(KeyRecord.ATTR_ID, serialNo); rec.set(KeyRecord.ATTR_DATA_TYPE, KeyRequestResource.SYMMETRIC_KEY_TYPE); rec.set(KeyRecord.ATTR_STATUS, STATUS_ACTIVE); + rec.set(KeyRecord.ATTR_ALGORITHM, algorithm); + rec.set(KeyRecord.ATTR_KEY_SIZE, keySize); request.setExtData(ATTR_KEY_RECORD, serialNo); CMS.debug("KRA adding Security Data key record " + serialNo); |