From 248b6a73392702fb9e8cd077cd808a6359b0428e Mon Sep 17 00:00:00 2001 From: Jason Parker Date: Fri, 14 Mar 2025 11:40:58 -0500 Subject: [PATCH 1/8] Modify GcmParams new function to allow for setting of ulIvBits and more graceful error handling Signed-off-by: Jason Parker --- cryptoki/src/mechanism/aead.rs | 38 ++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/cryptoki/src/mechanism/aead.rs b/cryptoki/src/mechanism/aead.rs index c3dbf08c..e0278564 100644 --- a/cryptoki/src/mechanism/aead.rs +++ b/cryptoki/src/mechanism/aead.rs @@ -32,11 +32,7 @@ impl<'a> GcmParams<'a> { /// be between 0 and 128. The tag is appended to the end of the /// ciphertext. /// - /// # Panics - /// - /// This function panics if the length of `iv` or `aad` does not - /// fit into an [Ulong]. - pub fn new(iv: &'a mut [u8], aad: &'a [u8], tag_bits: Ulong) -> Self { + pub fn new(iv: &'a mut [u8], aad: &'a [u8], tag_bits: Ulong) -> Result { // The ulIvBits parameter seems to be missing from the 2.40 spec, // although it is included in the header file. In [1], OASIS clarified // that the header file is normative. In 3.0, they added the parameter @@ -53,23 +49,35 @@ impl<'a> GcmParams<'a> { // set it to zero. // // [1]: https://www.oasis-open.org/committees/document.php?document_id=58032&wg_abbrev=pkcs11 - GcmParams { + + let iv_len = iv.len(); + // Some HSMs may require the ulIvBits field to be populated, while others don't pay attention to it. + let iv_bit_len = iv_len*8; + + Ok(GcmParams { inner: CK_GCM_PARAMS { pIv: iv.as_mut_ptr(), - ulIvLen: iv - .len() - .try_into() - .expect("iv length does not fit in CK_ULONG"), - ulIvBits: 0, + ulIvLen: match iv_len.try_into() { + Ok(len) => len, + Err(_e) => return Err("iv length does not fit in CK_ULONG"), + }, + // Since this field isn't universally used, set it to 0 if it doesn't fit in CK_ULONG. + // If the HSM doesn't require the field, it won't mind; and it it does, it would break anyways. + ulIvBits: match iv_bit_len.try_into() { + Ok(len) => len, + Err(_e) => 0, + }, pAAD: aad.as_ptr() as *mut _, - ulAADLen: aad + ulAADLen: match aad .len() - .try_into() - .expect("aad length does not fit in CK_ULONG"), + .try_into() { + Ok(len) => len, + Err(_e) => return Err("aad length does not fit in CK_ULONG"), + }, ulTagBits: tag_bits.into(), }, _marker: PhantomData, - } + }) } /// The initialization vector. From fc5638a8a10d42fda2a20a12495417ad77307b09 Mon Sep 17 00:00:00 2001 From: Jason Parker Date: Fri, 14 Mar 2025 11:50:15 -0500 Subject: [PATCH 2/8] Update tests/basic.rs to reflect GcmParams::new error handling Signed-off-by: Jason Parker --- cryptoki/tests/basic.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index be4d42b5..9387402a 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -1295,7 +1295,7 @@ fn aes_gcm_no_aad() -> TestResult { Attribute::Encrypt(true), ]; let key_handle = session.create_object(&template)?; - let mechanism = Mechanism::AesGcm(GcmParams::new(&mut iv, &aad, 96.into())); + let mechanism = Mechanism::AesGcm(GcmParams::new(&mut iv, &aad, 96.into()).unwrap()); let cipher_and_tag = session.encrypt(&mechanism, key_handle, &plain)?; assert_eq!(expected_cipher_and_tag[..], cipher_and_tag[..]); Ok(()) @@ -1326,7 +1326,7 @@ fn aes_gcm_with_aad() -> TestResult { Attribute::Encrypt(true), ]; let key_handle = session.create_object(&template)?; - let mechanism = Mechanism::AesGcm(GcmParams::new(&mut iv, &aad, 96.into())); + let mechanism = Mechanism::AesGcm(GcmParams::new(&mut iv, &aad, 96.into()).unwrap()); let cipher_and_tag = session.encrypt(&mechanism, key_handle, &plain)?; assert_eq!(expected_cipher_and_tag[..], cipher_and_tag[..]); Ok(()) From fad53230379cd4a65446817d3f049d9c6d432188 Mon Sep 17 00:00:00 2001 From: Jason Parker Date: Mon, 17 Mar 2025 14:31:28 -0500 Subject: [PATCH 3/8] Fix problems with the test Signed-off-by: Jason Parker --- cryptoki/tests/basic.rs | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 9387402a..e252901c 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -1268,6 +1268,28 @@ fn sha256_digest() -> TestResult { Ok(()) } +#[test] +#[serial] +fn gcm_param_graceful_failure() -> TestResult { + // Try to generate GcmParams with max size IV (2^32-1) + // Verify that the ulIvBits doesn't cause failover + println!("start"); + // setting this as a [u8] array causes stack overflow before operation has even begun + let mut iv = vec![0; 4294967295]; + println!("iv"); + let aad = [0; 16]; + + let _gcm_params = match GcmParams::new(&mut iv, &aad, 96.into()) { + Ok(params) => params, + Err(e) => { + println!("{e}"); + return Err(e.into()); + }, + }; + + Ok(()) +} + #[test] #[serial] // Currently empty AAD crashes SoftHSM, see: https://github.com/opendnssec/SoftHSMv2/issues/605 @@ -1326,7 +1348,14 @@ fn aes_gcm_with_aad() -> TestResult { Attribute::Encrypt(true), ]; let key_handle = session.create_object(&template)?; - let mechanism = Mechanism::AesGcm(GcmParams::new(&mut iv, &aad, 96.into()).unwrap()); + let gcm_params = match GcmParams::new(&mut iv, &aad, 96.into()) { + Ok(params) => params, + Err(e) => { + println!("{e}"); + return Err(e.into()); + }, + }; + let mechanism = Mechanism::AesGcm(gcm_params); let cipher_and_tag = session.encrypt(&mechanism, key_handle, &plain)?; assert_eq!(expected_cipher_and_tag[..], cipher_and_tag[..]); Ok(()) From a123bd9838f595f92efb0d5ba813462bca34c698 Mon Sep 17 00:00:00 2001 From: jaeparker22 <110455879+jaeparker22@users.noreply.github.com> Date: Wed, 19 Mar 2025 11:22:05 -0500 Subject: [PATCH 4/8] Apply suggestions from code review Co-authored-by: Wiktor Kwapisiewicz Signed-off-by: Jason Parker --- cryptoki/src/mechanism/aead.rs | 5 +---- cryptoki/tests/basic.rs | 18 +++--------------- 2 files changed, 4 insertions(+), 19 deletions(-) diff --git a/cryptoki/src/mechanism/aead.rs b/cryptoki/src/mechanism/aead.rs index e0278564..a1ddc45b 100644 --- a/cryptoki/src/mechanism/aead.rs +++ b/cryptoki/src/mechanism/aead.rs @@ -63,10 +63,7 @@ impl<'a> GcmParams<'a> { }, // Since this field isn't universally used, set it to 0 if it doesn't fit in CK_ULONG. // If the HSM doesn't require the field, it won't mind; and it it does, it would break anyways. - ulIvBits: match iv_bit_len.try_into() { - Ok(len) => len, - Err(_e) => 0, - }, + ulIvBits: iv_bit_len.try_into().unwrap_or_default(), pAAD: aad.as_ptr() as *mut _, ulAADLen: match aad .len() diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index e252901c..b16634dc 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -1279,13 +1279,7 @@ fn gcm_param_graceful_failure() -> TestResult { println!("iv"); let aad = [0; 16]; - let _gcm_params = match GcmParams::new(&mut iv, &aad, 96.into()) { - Ok(params) => params, - Err(e) => { - println!("{e}"); - return Err(e.into()); - }, - }; + GcmParams::new(&mut iv, &aad, 96.into())?; Ok(()) } @@ -1317,7 +1311,7 @@ fn aes_gcm_no_aad() -> TestResult { Attribute::Encrypt(true), ]; let key_handle = session.create_object(&template)?; - let mechanism = Mechanism::AesGcm(GcmParams::new(&mut iv, &aad, 96.into()).unwrap()); + let mechanism = Mechanism::AesGcm(GcmParams::new(&mut iv, &aad, 96.into())?); let cipher_and_tag = session.encrypt(&mechanism, key_handle, &plain)?; assert_eq!(expected_cipher_and_tag[..], cipher_and_tag[..]); Ok(()) @@ -1348,13 +1342,7 @@ fn aes_gcm_with_aad() -> TestResult { Attribute::Encrypt(true), ]; let key_handle = session.create_object(&template)?; - let gcm_params = match GcmParams::new(&mut iv, &aad, 96.into()) { - Ok(params) => params, - Err(e) => { - println!("{e}"); - return Err(e.into()); - }, - }; + let gcm_params = match GcmParams::new(&mut iv, &aad, 96.into())?; let mechanism = Mechanism::AesGcm(gcm_params); let cipher_and_tag = session.encrypt(&mechanism, key_handle, &plain)?; assert_eq!(expected_cipher_and_tag[..], cipher_and_tag[..]); From bd41a6ba8806621b95a1adb08f165b2d8b02ff2e Mon Sep 17 00:00:00 2001 From: Jason Parker Date: Wed, 19 Mar 2025 12:24:51 -0500 Subject: [PATCH 5/8] Minor edits to basic.rs Signed-off-by: Jason Parker --- cryptoki/tests/basic.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index b16634dc..bcce4000 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -1273,10 +1273,9 @@ fn sha256_digest() -> TestResult { fn gcm_param_graceful_failure() -> TestResult { // Try to generate GcmParams with max size IV (2^32-1) // Verify that the ulIvBits doesn't cause failover - println!("start"); // setting this as a [u8] array causes stack overflow before operation has even begun let mut iv = vec![0; 4294967295]; - println!("iv"); + let aad = [0; 16]; GcmParams::new(&mut iv, &aad, 96.into())?; @@ -1342,7 +1341,7 @@ fn aes_gcm_with_aad() -> TestResult { Attribute::Encrypt(true), ]; let key_handle = session.create_object(&template)?; - let gcm_params = match GcmParams::new(&mut iv, &aad, 96.into())?; + let gcm_params = GcmParams::new(&mut iv, &aad, 96.into())?; let mechanism = Mechanism::AesGcm(gcm_params); let cipher_and_tag = session.encrypt(&mechanism, key_handle, &plain)?; assert_eq!(expected_cipher_and_tag[..], cipher_and_tag[..]); From 0bb0353981b981328efd5f817c6642f77a3f09c1 Mon Sep 17 00:00:00 2001 From: Jason Parker Date: Wed, 19 Mar 2025 12:38:57 -0500 Subject: [PATCH 6/8] Updating some formatting problems from the pipeline. Signed-off-by: Jason Parker --- cryptoki/src/mechanism/aead.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cryptoki/src/mechanism/aead.rs b/cryptoki/src/mechanism/aead.rs index a1ddc45b..958f43ea 100644 --- a/cryptoki/src/mechanism/aead.rs +++ b/cryptoki/src/mechanism/aead.rs @@ -31,7 +31,9 @@ impl<'a> GcmParams<'a> { /// `tag_bits` - The length, in **bits**, of the authentication tag. Must /// be between 0 and 128. The tag is appended to the end of the /// ciphertext. - /// + /// # Errors + /// This function returns an error if the length of `iv` or `aad` does not + /// fit into an [Ulong]. pub fn new(iv: &'a mut [u8], aad: &'a [u8], tag_bits: Ulong) -> Result { // The ulIvBits parameter seems to be missing from the 2.40 spec, // although it is included in the header file. In [1], OASIS clarified @@ -52,7 +54,7 @@ impl<'a> GcmParams<'a> { let iv_len = iv.len(); // Some HSMs may require the ulIvBits field to be populated, while others don't pay attention to it. - let iv_bit_len = iv_len*8; + let iv_bit_len = iv_len * 8; Ok(GcmParams { inner: CK_GCM_PARAMS { @@ -65,9 +67,7 @@ impl<'a> GcmParams<'a> { // If the HSM doesn't require the field, it won't mind; and it it does, it would break anyways. ulIvBits: iv_bit_len.try_into().unwrap_or_default(), pAAD: aad.as_ptr() as *mut _, - ulAADLen: match aad - .len() - .try_into() { + ulAADLen: match aad.len().try_into() { Ok(len) => len, Err(_e) => return Err("aad length does not fit in CK_ULONG"), }, From bf1e6821fbbac0c828cfa6246c4921a27f08b1be Mon Sep 17 00:00:00 2001 From: Jason Parker Date: Wed, 19 Mar 2025 16:33:09 -0500 Subject: [PATCH 7/8] More cargo format fixes Signed-off-by: Jason Parker --- cryptoki/src/mechanism/aead.rs | 6 +++--- cryptoki/tests/basic.rs | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/cryptoki/src/mechanism/aead.rs b/cryptoki/src/mechanism/aead.rs index 958f43ea..fca92d45 100644 --- a/cryptoki/src/mechanism/aead.rs +++ b/cryptoki/src/mechanism/aead.rs @@ -68,9 +68,9 @@ impl<'a> GcmParams<'a> { ulIvBits: iv_bit_len.try_into().unwrap_or_default(), pAAD: aad.as_ptr() as *mut _, ulAADLen: match aad.len().try_into() { - Ok(len) => len, - Err(_e) => return Err("aad length does not fit in CK_ULONG"), - }, + Ok(len) => len, + Err(_e) => return Err("aad length does not fit in CK_ULONG"), + }, ulTagBits: tag_bits.into(), }, _marker: PhantomData, diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index bcce4000..c32b14c7 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -1275,9 +1275,7 @@ fn gcm_param_graceful_failure() -> TestResult { // Verify that the ulIvBits doesn't cause failover // setting this as a [u8] array causes stack overflow before operation has even begun let mut iv = vec![0; 4294967295]; - let aad = [0; 16]; - GcmParams::new(&mut iv, &aad, 96.into())?; Ok(()) From a3a791f93172654ef5f588a49f784747a821553b Mon Sep 17 00:00:00 2001 From: Jason Parker Date: Thu, 20 Mar 2025 12:15:52 -0500 Subject: [PATCH 8/8] Changed GcmParams::new to use cryptoki::error::Error rather than a string. Signed-off-by: Jason Parker --- cryptoki/src/mechanism/aead.rs | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/cryptoki/src/mechanism/aead.rs b/cryptoki/src/mechanism/aead.rs index fca92d45..ff9ee6df 100644 --- a/cryptoki/src/mechanism/aead.rs +++ b/cryptoki/src/mechanism/aead.rs @@ -2,6 +2,7 @@ // SPDX-License-Identifier: Apache-2.0 //! AEAD block cipher mechanism types +use crate::error::Error; use crate::types::Ulong; use cryptoki_sys::*; use std::convert::TryInto; @@ -34,7 +35,7 @@ impl<'a> GcmParams<'a> { /// # Errors /// This function returns an error if the length of `iv` or `aad` does not /// fit into an [Ulong]. - pub fn new(iv: &'a mut [u8], aad: &'a [u8], tag_bits: Ulong) -> Result { + pub fn new(iv: &'a mut [u8], aad: &'a [u8], tag_bits: Ulong) -> Result { // The ulIvBits parameter seems to be missing from the 2.40 spec, // although it is included in the header file. In [1], OASIS clarified // that the header file is normative. In 3.0, they added the parameter @@ -59,18 +60,12 @@ impl<'a> GcmParams<'a> { Ok(GcmParams { inner: CK_GCM_PARAMS { pIv: iv.as_mut_ptr(), - ulIvLen: match iv_len.try_into() { - Ok(len) => len, - Err(_e) => return Err("iv length does not fit in CK_ULONG"), - }, + ulIvLen: iv_len.try_into()?, // Since this field isn't universally used, set it to 0 if it doesn't fit in CK_ULONG. // If the HSM doesn't require the field, it won't mind; and it it does, it would break anyways. ulIvBits: iv_bit_len.try_into().unwrap_or_default(), pAAD: aad.as_ptr() as *mut _, - ulAADLen: match aad.len().try_into() { - Ok(len) => len, - Err(_e) => return Err("aad length does not fit in CK_ULONG"), - }, + ulAADLen: aad.len().try_into()?, ulTagBits: tag_bits.into(), }, _marker: PhantomData,