|
 |
6fc53e |
From 55482c8bfa0addeb9db7b590703ba3704c5db167 Mon Sep 17 00:00:00 2001
|
|
|
6fc53e |
From: Alexander Scheel <ascheel@redhat.com>
|
|
|
6fc53e |
Date: Fri, 28 Feb 2020 14:39:29 -0500
|
|
|
6fc53e |
Subject: [PATCH 2/2] Use specified algorithm for KeyWrap
|
|
|
6fc53e |
|
|
|
6fc53e |
When the token-specified from of EncryptedPrivateKeyInfo.createPBE is
|
|
|
6fc53e |
called, it would always request DES3_CBC_PAD as the key wrapping
|
|
|
6fc53e |
algorithm, regardless of the input PBE key type. However, the other form
|
|
|
6fc53e |
(with an implicit token) was correctly handling this case.
|
|
|
6fc53e |
|
|
|
6fc53e |
Introduces a new KeyWrapAlgorithm method to take an OBJECT_IDENTIFIER
|
|
|
6fc53e |
instead of having to convert to/from a String form.
|
|
|
6fc53e |
|
|
|
6fc53e |
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
|
|
6fc53e |
---
|
|
|
6fc53e |
org/mozilla/jss/crypto/KeyWrapAlgorithm.java | 5 ++++-
|
|
|
6fc53e |
org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++--
|
|
|
6fc53e |
2 files changed, 6 insertions(+), 3 deletions(-)
|
|
|
6fc53e |
|
|
|
6fc53e |
diff --git a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
|
|
|
6fc53e |
index 3113f614..3a106977 100644
|
|
|
6fc53e |
--- a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
|
|
|
6fc53e |
+++ b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
|
|
|
6fc53e |
@@ -138,7 +138,10 @@ public class KeyWrapAlgorithm extends Algorithm {
|
|
|
6fc53e |
|
|
|
6fc53e |
public static KeyWrapAlgorithm fromOID(String wrapOID) throws NoSuchAlgorithmException {
|
|
|
6fc53e |
OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER(wrapOID);
|
|
|
6fc53e |
+ return fromOID(oid);
|
|
|
6fc53e |
+ }
|
|
|
6fc53e |
|
|
|
6fc53e |
+ public static KeyWrapAlgorithm fromOID(OBJECT_IDENTIFIER oid) throws NoSuchAlgorithmException {
|
|
|
6fc53e |
if (oid.equals(AES_KEY_WRAP_PAD_OID))
|
|
|
6fc53e |
return AES_KEY_WRAP_PAD;
|
|
|
6fc53e |
|
|
|
6fc53e |
@@ -154,6 +157,6 @@ public class KeyWrapAlgorithm extends Algorithm {
|
|
|
6fc53e |
if (oid.equals(DES_CBC_PAD_OID))
|
|
|
6fc53e |
return DES_CBC_PAD;
|
|
|
6fc53e |
|
|
|
6fc53e |
- throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + wrapOID);
|
|
|
6fc53e |
+ throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + oid);
|
|
|
6fc53e |
}
|
|
|
6fc53e |
}
|
|
|
6fc53e |
diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
|
|
|
6fc53e |
index ebd269f3..abfc39a7 100644
|
|
|
6fc53e |
--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
|
|
|
6fc53e |
+++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
|
|
|
6fc53e |
@@ -337,8 +337,8 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {
|
|
|
6fc53e |
}
|
|
|
6fc53e |
}
|
|
|
6fc53e |
|
|
|
6fc53e |
- KeyWrapper wrapper = token.getKeyWrapper(
|
|
|
6fc53e |
- KeyWrapAlgorithm.DES3_CBC_PAD);
|
|
|
6fc53e |
+ // wrap the key
|
|
|
6fc53e |
+ KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.fromOID(encAlg.toOID()));
|
|
|
6fc53e |
wrapper.initWrap(key, params);
|
|
|
6fc53e |
byte encrypted[] = wrapper.wrap(pri);
|
|
|
6fc53e |
|
|
|
6fc53e |
--
|
|
|
6fc53e |
2.24.1
|
|
|
6fc53e |
|