pvpkcs11 consists of a input validation library and a set of PKCS#11 implementations that wrap operating system and browser cryptographic implementations.
PKCS#11 has 2 mechanisms CKM_AES_CBC and CKM_AES_CBC_PAD. 1st mechanism doesn't use padding and incoming must be multiple to BLOCK LENGTH (16), otherwise throw CKR_DATA_LEN_RANGE error.
I've got this error for CKM_AES_ECB mechanism with SoftHSM in node-webcrypto-p11. I can resolve this error on webcrypto layer.
node-webcrypto-ossl and webcrypto-liner use padding.
@rmhrisk What should I do for pvpkcs11? Current AES-ECB implementation supports padding and I use CKM_AES-ECB mechanism. Should I add vendor mechanism CKM_AES_ECB_PAD for it?
PKCS#11 has 2 mechanisms
CKM_AES_CBC
andCKM_AES_CBC_PAD
. 1st mechanism doesn't use padding and incoming must be multiple to BLOCK LENGTH (16), otherwise throwCKR_DATA_LEN_RANGE
error.I've got this error for
CKM_AES_ECB
mechanism with SoftHSM innode-webcrypto-p11
. I can resolve this error on webcrypto layer.node-webcrypto-ossl
andwebcrypto-liner
use padding.@rmhrisk What should I do for pvpkcs11? Current AES-ECB implementation supports padding and I use
CKM_AES-ECB
mechanism. Should I add vendor mechanismCKM_AES_ECB_PAD
for it?CKM_AES_ECB_PAD