parallaxsecond · ionut-arm · Sep 25, 2023 · Sep 12, 2023 · Sep 12, 2023 · Sep 12, 2023
diff --git a/cryptoki/src/mechanism/rsa.rs b/cryptoki/src/mechanism/rsa.rs
@@ -79,27 +79,32 @@ impl TryFrom<CK_RSA_PKCS_MGF_TYPE> for PkcsMgfType {
 #[derive(Debug, Clone, Copy)]
 /// Source of the encoding parameter when formatting a message block for the PKCS #1 OAEP
 /// encryption scheme
-pub struct PkcsOaepSource<'a>(&'a [u8]);
+pub struct PkcsOaepSource<'a>(Option<&'a [u8]>);
 
 impl<'a> PkcsOaepSource<'a> {
     /// Construct an empty encoding parameter.
     ///
     /// This is equivalent to `data_specified(&[])`.
     pub fn empty() -> Self {
-        Self(&[])
+        Self(None)
     }
 
     /// Construct an encoding parameter from an array of bytes.
     pub fn data_specified(source_data: &'a [u8]) -> Self {
-        Self(source_data)
+        Self(Some(source_data))
     }
 
     pub(crate) fn source_ptr(&self) -> *const c_void {
-        self.0.as_ptr() as _
+        if let Some(source_data) = self.0 {
+            source_data.as_ptr() as _
+        } else {
+            std::ptr::null()
+        }
     }
 
     pub(crate) fn source_len(&self) -> Ulong {
         self.0
+            .unwrap_or_default()
             .len()
             .try_into()
             .expect("usize can not fit in CK_ULONG")

diff --git a/cryptoki/src/session/random.rs b/cryptoki/src/session/random.rs
@@ -32,7 +32,7 @@ impl Session {
         unsafe {
             Rv::from(get_pkcs11!(self.client(), C_GenerateRandom)(
                 self.handle(),
-                result.as_mut_ptr() as *mut u8,
+                result.as_mut_ptr(),
                 random_len.try_into()?,
             ))
             .into_result()?;

diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -6,7 +6,8 @@ use crate::common::{get_pkcs11, SO_PIN, USER_PIN};
 use common::init_pins;
 use cryptoki::error::{Error, RvError};
 use cryptoki::mechanism::aead::GcmParams;
-use cryptoki::mechanism::Mechanism;
+use cryptoki::mechanism::rsa::{PkcsMgfType, PkcsOaepParams, PkcsOaepSource};
+use cryptoki::mechanism::{Mechanism, MechanismType};
 use cryptoki::object::{Attribute, AttributeInfo, AttributeType, KeyType, ObjectClass};
 use cryptoki::session::{SessionState, UserType};
 use cryptoki::types::AuthPin;
@@ -953,7 +954,7 @@ fn sha256_digest() -> TestResult {
     // data to digest
     let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
 
-    let want = vec![
+    let want = [
         0x17, 0x22, 0x6b, 0x1f, 0x68, 0xae, 0xba, 0xcd, 0xef, 0x07, 0x46, 0x45, 0x0f, 0x64, 0x28,
         0x74, 0x63, 0x8b, 0x29, 0x57, 0x07, 0xef, 0x73, 0xfb, 0x2c, 0x6b, 0xb7, 0xf8, 0x8e, 0x89,
         0x92, 0x9f,
@@ -1028,6 +1029,57 @@ fn aes_gcm_with_aad() -> TestResult {
     Ok(())
 }
 
+#[test]
+#[serial]
+fn rsa_pkcs_oaep_empty() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let pub_key_template = [Attribute::ModulusBits(2048.into())];
+    let (pubkey, privkey) =
+        session.generate_key_pair(&Mechanism::RsaPkcsKeyPairGen, &pub_key_template, &[])?;
+    let oaep = PkcsOaepParams::new(
+        MechanismType::SHA1,
+        PkcsMgfType::MGF1_SHA1,
+        PkcsOaepSource::empty(),
+    );
+    let encrypt_mechanism: Mechanism = Mechanism::RsaPkcsOaep(oaep);
+    let encrypted_data = session.encrypt(&encrypt_mechanism, pubkey, b"Hello")?;
+
+    let decrypted_data = session.decrypt(&encrypt_mechanism, privkey, &encrypted_data)?;
+    let decrypted = String::from_utf8(decrypted_data)?;
+    assert_eq!("Hello", decrypted);
+
+    Ok(())
+}
+
+#[test]
+#[serial]
+#[ignore] // it's not clear why the test with data specified fails
+fn rsa_pkcs_oaep_with_data() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let pub_key_template = [Attribute::ModulusBits(2048.into())];
+    let (pubkey, privkey) =
+        session.generate_key_pair(&Mechanism::RsaPkcsKeyPairGen, &pub_key_template, &[])?;
+    let oaep = PkcsOaepParams::new(
+        MechanismType::SHA1,
+        PkcsMgfType::MGF1_SHA1,
+        PkcsOaepSource::data_specified(&[1, 2, 3, 4, 5, 6, 7, 8]),
+    );
+    let encrypt_mechanism: Mechanism = Mechanism::RsaPkcsOaep(oaep);
+    let encrypted_data = session.encrypt(&encrypt_mechanism, pubkey, b"Hello")?;
+
+    let decrypted_data = session.decrypt(&encrypt_mechanism, privkey, &encrypted_data)?;
+    let decrypted = String::from_utf8(decrypted_data)?;
+    assert_eq!("Hello", decrypted);
+
+    Ok(())
+}
+
 #[test]
 #[serial]
 fn get_slot_event() -> TestResult {