8213008: Cipher with UNWRAP_MODE should support the generation of an AES key type

Replaced CKK_GENERIC_SECRET with alorithm-specific key type in P11RSACipher unwrap impl Reviewed-by: ascarpino
2019-03-11 23:48:32 +00:00 · 2019-03-11 23:48:32 +00:00 · ed87f68640
commit ed87f68640
parent 1b9db9b7a1
2 changed files with 17 additions and 5 deletions
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -550,13 +550,14 @@ final class P11RSACipher extends CipherSpi {
            try {
                try {
                    s = token.getObjSession();
-                    long keyType = CKK_GENERIC_SECRET;
+                    long p11KeyType =
+                        P11SecretKeyFactory.getPKCS11KeyType(algorithm);
                    CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
                            new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
-                            new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
+                            new CK_ATTRIBUTE(CKA_KEY_TYPE, p11KeyType),
                        };
                    attributes = token.getAttributes(
-                            O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
+                            O_IMPORT, CKO_SECRET_KEY, p11KeyType, attributes);

                    long keyID = token.p11.C_UnwrapKey(s.id(),
                                    new CK_MECHANISM(mechanism), p11KeyID,
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -86,6 +86,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
        keyTypes.put(name.toUpperCase(Locale.ENGLISH), l);
    }

+    // returns the PKCS11 key type of the specified algorithm
+    // no psuedo KeyTypes
+    static long getPKCS11KeyType(String algorithm) {
+        long kt = getKeyType(algorithm);
+        if (kt == -1 || kt > PCKK_ANY) {
+            kt = CKK_GENERIC_SECRET;
+        }
+        return kt;
+    }
+
+    // returns direct lookup result of keyTypes using algorithm
    static long getKeyType(String algorithm) {
        Long l = keyTypes.get(algorithm);
        if (l == null) {