From ed87f6864037c3d80d362d80b1aeeee915f7da76 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Mon, 11 Mar 2019 23:48:32 +0000 Subject: [PATCH] 8213008: Cipher with UNWRAP_MODE should support the generation of an AES key type Replaced CKK_GENERIC_SECRET with alorithm-specific key type in P11RSACipher unwrap impl Reviewed-by: ascarpino --- .../classes/sun/security/pkcs11/P11RSACipher.java | 9 +++++---- .../sun/security/pkcs11/P11SecretKeyFactory.java | 13 ++++++++++++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java index 39e87b2ae8c..aff8b34167f 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -550,13 +550,14 @@ final class P11RSACipher extends CipherSpi { try { try { s = token.getObjSession(); - long keyType = CKK_GENERIC_SECRET; + long p11KeyType = + P11SecretKeyFactory.getPKCS11KeyType(algorithm); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), - new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), + new CK_ATTRIBUTE(CKA_KEY_TYPE, p11KeyType), }; attributes = token.getAttributes( - O_IMPORT, CKO_SECRET_KEY, keyType, attributes); + O_IMPORT, CKO_SECRET_KEY, p11KeyType, attributes); long keyID = token.p11.C_UnwrapKey(s.id(), new CK_MECHANISM(mechanism), p11KeyID, diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java index e6ed8874196..a81d5feb230 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -86,6 +86,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { keyTypes.put(name.toUpperCase(Locale.ENGLISH), l); } + // returns the PKCS11 key type of the specified algorithm + // no psuedo KeyTypes + static long getPKCS11KeyType(String algorithm) { + long kt = getKeyType(algorithm); + if (kt == -1 || kt > PCKK_ANY) { + kt = CKK_GENERIC_SECRET; + } + return kt; + } + + // returns direct lookup result of keyTypes using algorithm static long getKeyType(String algorithm) { Long l = keyTypes.get(algorithm); if (l == null) {