OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pkcs11-comment] C_Decrypt / C_DecryptFinal behavior

Wouter, Jason,


Jason emphasized the important part of the Base Specification: if pBuf != NULL and the buffer is too small, then the _exact_ buffer length required for the output must be returned. In contrast, if pBuf == NULL you can return a size which is a little bit larger.

The latter you can perfectly estimate from the mechanism and from the ciphertext size. The former is really only known after decryption.


Thus, yes: you need to rollback to the state before the C_Decrypt operation. For some mechanisms, itâs even required to store internal state on success. For example, for CKM_AES_GCM the Current Mechanisms Specification says: âNote: since CKM_AES_GCM is an  AEAD cipher, no data should be returned until C_Decrypt() or C_DecryptFinal().â

Fortunately, the User Guide says in section 2.6.7: âIn general, a single session can perform only one operation at a timeâ. Thus, you donât have to support multiple en/decryption operations at the same time and store all their internal states since there can be only one.






From: pkcs11-comment@lists.oasis-open.org <pkcs11-comment@lists.oasis-open.org> On Behalf Of Wouter Verhelst
Sent: Freitag, 14. Juni 2019 13:34
To: pkcs11-comment@lists.oasis-open.org
Subject: Re: [pkcs11-comment] C_Decrypt / C_DecryptFinal behavior


Jason King schreef op do 13-06-2019 om 22:17 [-0700]:

Itâs not for any application Iâm writing â I have a PKCS#11 provider and have to deal with applications that are using the provider, but are perhaps doing things in a less than sane manner, but arguably compliant with the spec.


The PKCS11-base section 5.2 explains the expected behavior for output buffers:

  if pBuf == NULL, *pulBufLen is set to a value big enough to hold the output (but possible a bit larger) and CKR_OK is returned, and the operation can be retried.

  If pBuf != NULL, if *pulBufLen is too small, *pulBufLen is set to the _exact_ value required for the output and CKR_BUFFER_TOO_SMALL is returned (emphasis in the spec).


In PKCS11-base section 5.8 for C_Decrypt, it says âa call to C_Decrypt always terminates the active decryption operation _unless_ it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e. one which returns CKR_OK) to determine the length of the buffer needed to hold the plaintext' (emphasis mine).  That means in my example, C_Decrypt is supposed to return CKR_BUFFER_TOO_SMALL, and the decrypt operation is not terminated.  What does it mean if the active decryption operation is not terminated?  My understanding is that it means C_Decrypt can be called again until the operation is terminated (i.e. pData != NULL or returns an error other than CKR_BUFFER_TOO_SMALL).  Iâm not sure what else it could mean.


It also doesn't say that you need to have performed a (partial) decrypt operation, nor that you can't return CKR_BUFFER_TOO_SMALL even when after the decrypt operation it turns out that things could have fit after all.


So what you want to do is:


- If the buffer is less than the maximum expected possible size of the decrypted data: return CKR_BUFFER_TOO_SMALL immediately, don't decrypt anything.

- If the buffer is not less than that value: decrypt, store things in the buffer, return CKR_OK (unless the decrypt operation failed for other reasons, of course).


Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen â Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]