Fix RSA OKCS OAEP mechanism

wiktor-k · probablynachi · ionut-arm · commit 532416e827f9 · 2023-09-25T21:17:43.000+01:00
Handling of empty data specified was broken. As specified in "2.1.7 PKCS #1 RSA OAEP mechanism parameters" the `CKZ_DATA_SPECIFIED` source: > Array of CK_BYTE containing the value of the encoding parameter. > If the parameter is empty, pSourceData must be NULL and ulSourceDataLen > must be zero. Adjusts by returning `std::ptr::null()` when the source data has not been specified (`PkcsOaepSource::empty()` was used) and adds a tests case for this. One more test case that is ignored is added to handle the case when the data specified is non-empty. Unfortunately this test fails for unknown reasons (I haven't been able to find if SoftHSM supports it or not). Fixes: #163 Fixes: #164 Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz> Co-authored-by: Nachiketh S Ujjainimath <nachiketh01@gmail.com>
diff --git a/cryptoki/src/mechanism/rsa.rs b/cryptoki/src/mechanism/rsa.rs
@@ -79,27 +79,32 @@ impl TryFrom<CK_RSA_PKCS_MGF_TYPE> for PkcsMgfType {
 #[derive(Debug, Clone, Copy)]
 /// Source of the encoding parameter when formatting a message block for the PKCS #1 OAEP
 /// encryption scheme
-pub struct PkcsOaepSource<'a>(&'a [u8]);
+pub struct PkcsOaepSource<'a>(Option<&'a [u8]>);
 
 impl<'a> PkcsOaepSource<'a> {
     /// Construct an empty encoding parameter.
     ///
     /// This is equivalent to `data_specified(&[])`.
     pub fn empty() -> Self {
-        Self(&[])
+        Self(None)
     }
 
     /// Construct an encoding parameter from an array of bytes.
     pub fn data_specified(source_data: &'a [u8]) -> Self {
-        Self(source_data)
+        Self(Some(source_data))
     }
 
     pub(crate) fn source_ptr(&self) -> *const c_void {
-        self.0.as_ptr() as _
+        if let Some(source_data) = self.0 {
+            source_data.as_ptr() as _
+        } else {
+            std::ptr::null()
+        }
     }
 
     pub(crate) fn source_len(&self) -> Ulong {
         self.0
+            .unwrap_or_default()
             .len()
             .try_into()
             .expect("usize can not fit in CK_ULONG")
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -6,7 +6,8 @@ use crate::common::{get_pkcs11, SO_PIN, USER_PIN};
 use common::init_pins;
 use cryptoki::error::{Error, RvError};
 use cryptoki::mechanism::aead::GcmParams;
-use cryptoki::mechanism::Mechanism;
+use cryptoki::mechanism::rsa::{PkcsMgfType, PkcsOaepParams, PkcsOaepSource};
+use cryptoki::mechanism::{Mechanism, MechanismType};
 use cryptoki::object::{Attribute, AttributeInfo, AttributeType, KeyType, ObjectClass};
 use cryptoki::session::{SessionState, UserType};
 use cryptoki::types::AuthPin;
@@ -1028,6 +1029,57 @@ fn aes_gcm_with_aad() -> TestResult {
     Ok(())
 }
 
+#[test]
+#[serial]
+fn rsa_pkcs_oaep_empty() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let pub_key_template = [Attribute::ModulusBits(2048.into())];
+    let (pubkey, privkey) =
+        session.generate_key_pair(&Mechanism::RsaPkcsKeyPairGen, &pub_key_template, &[])?;
+    let oaep = PkcsOaepParams::new(
+        MechanismType::SHA1,
+        PkcsMgfType::MGF1_SHA1,
+        PkcsOaepSource::empty(),
+    );
+    let encrypt_mechanism: Mechanism = Mechanism::RsaPkcsOaep(oaep);
+    let encrypted_data = session.encrypt(&encrypt_mechanism, pubkey, b"Hello")?;
+
+    let decrypted_data = session.decrypt(&encrypt_mechanism, privkey, &encrypted_data)?;
+    let decrypted = String::from_utf8(decrypted_data)?;
+    assert_eq!("Hello", decrypted);
+
+    Ok(())
+}
+
+#[test]
+#[serial]
+#[ignore] // it's not clear why the test with data specified fails
+fn rsa_pkcs_oaep_with_data() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let pub_key_template = [Attribute::ModulusBits(2048.into())];
+    let (pubkey, privkey) =
+        session.generate_key_pair(&Mechanism::RsaPkcsKeyPairGen, &pub_key_template, &[])?;
+    let oaep = PkcsOaepParams::new(
+        MechanismType::SHA1,
+        PkcsMgfType::MGF1_SHA1,
+        PkcsOaepSource::data_specified(&[1, 2, 3, 4, 5, 6, 7, 8]),
+    );
+    let encrypt_mechanism: Mechanism = Mechanism::RsaPkcsOaep(oaep);
+    let encrypted_data = session.encrypt(&encrypt_mechanism, pubkey, b"Hello")?;
+
+    let decrypted_data = session.decrypt(&encrypt_mechanism, privkey, &encrypted_data)?;
+    let decrypted = String::from_utf8(decrypted_data)?;
+    assert_eq!("Hello", decrypted);
+
+    Ok(())
+}
+
 #[test]
 #[serial]
 fn get_slot_event() -> TestResult {
