Closed Bug 1328675 Opened 9 years ago Closed 8 years ago

Simple problem unwrapping AES sym keys on token

Categories

(JSS Graveyard :: Library, defect)

Product:
JSS Graveyard
Version:
4.2.6
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jmagne, Assigned: jmagne)

References

Details

Attachments

(1 file)

Simple patch with fix.
878 bytes, patch
mharmsen
: review+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0 Build ID: 20161114215916 Steps to reproduce: I wrote some code that tries to unwrap an aes sym key on the token like this: aes128 = keyWrap.unwrapSymmetric(wrappedKey, SymmetricKey.AES, 16); Actual results: When later getting the algorithm like this: String alg = aes128.getAlgorithm(); It was returning RCS which is incorrect. The cause seems to be a simple switch statement that doesn't handle AES. This will be evident in the very simple patch to follow. Expected results: It should give us the AES type key.
Very simple patch to address this: diff -up ./jss-4.2.6.aes/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java.aes ./jss-4.2.6.aes/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java --- ./jss-4.2.6.aes/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java.aes 2017-01-03 17:14:57.642278989 -0800 +++ ./jss-4.2.6.aes/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java 2017-01-03 17:44:03.220626460 -0800 @@ -617,7 +617,9 @@ final class PK11KeyWrapper implements Ke return EncryptionAlgorithm.DES3_ECB; } else if( type == SymmetricKey.RC4 ) { return EncryptionAlgorithm.RC4; - } else { + } else if( type == SymmetricKey.AES ) { + return EncryptionAlgorithm.AES_128_ECB; + } else { Assert._assert( type == SymmetricKey.RC2 ); return EncryptionAlgorithm.RC2_CBC; }
Target Milestone: --- → 4.4
Version: 4.4 → 4.2.6
Assignee: glenbeasley → jmagne
Attachment #8844694 - Flags: review?(mharmsen)
Comment on attachment 8844694 [details] [diff] [review] Simple patch with fix. ACK -- this patch should be applied as Patch #34 upstream: * jss-unwrap-AES-sym-keys-on-token.patch
Attachment #8844694 - Flags: review?(mharmsen) → review+
Blocks: 1307859
Pushed: https://hg.mozilla.org/projects/jss/rev/62b912cd573bdb08c391a3082538c3ae76da1b9a
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Historical Note: Patch34: jss-unwrap-AES-sym-keys-on-token.patch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: