From 55482c8bfa0addeb9db7b590703ba3704c5db167 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Fri, 28 Feb 2020 14:39:29 -0500 Subject: [PATCH 2/2] Use specified algorithm for KeyWrap When the token-specified from of EncryptedPrivateKeyInfo.createPBE is called, it would always request DES3_CBC_PAD as the key wrapping algorithm, regardless of the input PBE key type. However, the other form (with an implicit token) was correctly handling this case. Introduces a new KeyWrapAlgorithm method to take an OBJECT_IDENTIFIER instead of having to convert to/from a String form. Signed-off-by: Alexander Scheel --- org/mozilla/jss/crypto/KeyWrapAlgorithm.java | 5 ++++- org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java index 3113f614..3a106977 100644 --- a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java +++ b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java @@ -138,7 +138,10 @@ public class KeyWrapAlgorithm extends Algorithm { public static KeyWrapAlgorithm fromOID(String wrapOID) throws NoSuchAlgorithmException { OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER(wrapOID); + return fromOID(oid); + } + public static KeyWrapAlgorithm fromOID(OBJECT_IDENTIFIER oid) throws NoSuchAlgorithmException { if (oid.equals(AES_KEY_WRAP_PAD_OID)) return AES_KEY_WRAP_PAD; @@ -154,6 +157,6 @@ public class KeyWrapAlgorithm extends Algorithm { if (oid.equals(DES_CBC_PAD_OID)) return DES_CBC_PAD; - throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + wrapOID); + throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + oid); } } diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java index ebd269f3..abfc39a7 100644 --- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java +++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java @@ -337,8 +337,8 @@ public class EncryptedPrivateKeyInfo implements ASN1Value { } } - KeyWrapper wrapper = token.getKeyWrapper( - KeyWrapAlgorithm.DES3_CBC_PAD); + // wrap the key + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.fromOID(encAlg.toOID())); wrapper.initWrap(key, params); byte encrypted[] = wrapper.wrap(pri); -- 2.24.1