From 55482c8bfa0addeb9db7b590703ba3704c5db167 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 28 Feb 2020 14:39:29 -0500
Subject: [PATCH 2/2] Use specified algorithm for KeyWrap
When the token-specified from of EncryptedPrivateKeyInfo.createPBE is
called, it would always request DES3_CBC_PAD as the key wrapping
algorithm, regardless of the input PBE key type. However, the other form
(with an implicit token) was correctly handling this case.
Introduces a new KeyWrapAlgorithm method to take an OBJECT_IDENTIFIER
instead of having to convert to/from a String form.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
org/mozilla/jss/crypto/KeyWrapAlgorithm.java | 5 ++++-
org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
index 3113f614..3a106977 100644
--- a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
+++ b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
@@ -138,7 +138,10 @@ public class KeyWrapAlgorithm extends Algorithm {
public static KeyWrapAlgorithm fromOID(String wrapOID) throws NoSuchAlgorithmException {
OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER(wrapOID);
+ return fromOID(oid);
+ }
+ public static KeyWrapAlgorithm fromOID(OBJECT_IDENTIFIER oid) throws NoSuchAlgorithmException {
if (oid.equals(AES_KEY_WRAP_PAD_OID))
return AES_KEY_WRAP_PAD;
@@ -154,6 +157,6 @@ public class KeyWrapAlgorithm extends Algorithm {
if (oid.equals(DES_CBC_PAD_OID))
return DES_CBC_PAD;
- throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + wrapOID);
+ throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + oid);
}
}
diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
index ebd269f3..abfc39a7 100644
--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
+++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
@@ -337,8 +337,8 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {
}
}
- KeyWrapper wrapper = token.getKeyWrapper(
- KeyWrapAlgorithm.DES3_CBC_PAD);
+ // wrap the key
+ KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.fromOID(encAlg.toOID()));
wrapper.initWrap(key, params);
byte encrypted[] = wrapper.wrap(pri);
--
2.24.1