stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8213008: Cipher with UNWRAP_MODE should support the generation of an AES key type

Browse Source 
Replaced CKK_GENERIC_SECRET with alorithm-specific key type in P11RSACipher unwrap impl

Reviewed-by: ascarpino
This commit is contained in:
Valerie Peng 2019-03-11 23:48:32 +00:00
parent 1b9db9b7a1
commit ed87f68640
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -550,13 +550,14 @@ final class P11RSACipher extends CipherSpi {
try { try {
try { try {
s = token.getObjSession(); s = token.getObjSession();
long keyType = CKK_GENERIC_SECRET; long p11KeyType =
P11SecretKeyFactory.getPKCS11KeyType(algorithm);
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), new CK_ATTRIBUTE(CKA_KEY_TYPE, p11KeyType),
}; };
attributes = token.getAttributes( attributes = token.getAttributes(
O_IMPORT, CKO_SECRET_KEY, keyType, attributes); O_IMPORT, CKO_SECRET_KEY, p11KeyType, attributes);
long keyID = token.p11.C_UnwrapKey(s.id(), long keyID = token.p11.C_UnwrapKey(s.id(),
new CK_MECHANISM(mechanism), p11KeyID, new CK_MECHANISM(mechanism), p11KeyID,

13
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -86,6 +86,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
keyTypes.put(name.toUpperCase(Locale.ENGLISH), l); keyTypes.put(name.toUpperCase(Locale.ENGLISH), l);
} }
// returns the PKCS11 key type of the specified algorithm
// no psuedo KeyTypes
static long getPKCS11KeyType(String algorithm) {
long kt = getKeyType(algorithm);
if (kt == -1 || kt > PCKK_ANY) {
kt = CKK_GENERIC_SECRET;
}
return kt;
}
// returns direct lookup result of keyTypes using algorithm
static long getKeyType(String algorithm) { static long getKeyType(String algorithm) {
Long l = keyTypes.get(algorithm); Long l = keyTypes.get(algorithm);
if (l == null) { if (l == null) {