search

parallaxsecond / rust-cryptoki

Rust wrapper for the PKCS #11 API, Cryptoki
https://docs.rs/cryptoki/
Apache License 2.0
77 stars 61 forks source link

Fix RSA OKCS OAEP mechanism #165

Closed wiktor-k closed 1 year ago

wiktor-k commented 1 year ago

Handling of empty data specified was broken.

As specified in "2.1.7 PKCS #1 RSA OAEP mechanism parameters" the CKZ_DATA_SPECIFIED source:

Array of CK_BYTE containing the value of the encoding parameter. If the parameter is empty, pSourceData must be NULL and ulSourceDataLen must be zero.

Adjusts by returning std::ptr::null() when the source data has not been specified (PkcsOaepSource::empty() was used) and adds a tests case for this.

One more test case that is ignored is added to handle the case when the data specified is non-empty. Unfortunately this test fails for unknown reasons (I haven't been able to find if SoftHSM supports it or not).

Fixes: https://github.com/parallaxsecond/rust-cryptoki/issues/163 Fixes: https://github.com/parallaxsecond/rust-cryptoki/pull/164

probablynachi commented 1 year ago

Thank you so much for your quick response and fix!

wiktor-k commented 1 year ago

Thank you so much for your quick response and fix!

No problem. I surveyed existing alternative implementations and started changing stuff here and there and finally your test case succeeded. Thanks for submitting it as this was the critical factor that allowed me to quickly check various things.

(Note that it may take some time until it's reviewed and a new version of the crate is released to crates.io)

See you later! :wave: