-
Bug
-
Resolution: Duplicate
-
P4
-
13
-
x86_64
-
linux
A DESCRIPTION OF THE PROBLEM :
Tested OpenJDK 13 EA with SoftHSM2 v2.5.1 (current development version). Calling PKCS11.C_EncryptInit ends always with the error CKR_ARGUMENTS_BAD. The following code block in SoftHSM.cpp is responsible for this error:
case CKM_AES_GCM:
algo = SymAlgo::AES;
mode = SymMode::GCM;
if (pMechanism->pParameter == NULL_PTR ||
pMechanism->ulParameterLen != sizeof(CK_GCM_PARAMS))
{
DEBUG_MSG("GCM mode requires parameters");
return CKR_ARGUMENTS_BAD;
}
It seems that PKCS11.C_EncryptInit() does not forward the CK_GCM_PARAMS correctly to the underlying Cryptoki library.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No error.
ACTUAL -
Got error sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD
---------- BEGIN SOURCE ----------
public static void main(String[] args) {
try {
final String pkcs11ModuleName = "/usr/local/lib/softhsm/libsofthsm2.so";
final String functionList = "C_GetFunctionList";
final boolean omitInitialize = false;
PKCS11 pkcs11Module = PKCS11.getInstance(pkcs11ModuleName, functionList,
null, omitInitialize);
long slotId = pkcs11Module.C_GetSlotList(true)[0];
//final long CKF_RW_SESSION = 0x00000002L;
//final long CKF_SERIAL_SESSION = 0x00000004L;
long flags = PKCS11Constants.CKF_SERIAL_SESSION | PKCS11Constants.CKF_RW_SESSION;
long hSession = pkcs11Module.C_OpenSession(slotId, flags, null, null);
char[] pin = "123456".toCharArray();
pkcs11Module.C_Login(hSession, PKCS11Constants.CKU_USER, pin);
// generate an AES key
CK_MECHANISM pMechanism = new CK_MECHANISM(PKCS11Constants.CKM_AES_KEY_GEN);
List<CK_ATTRIBUTE> attrs = new LinkedList<>();
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_CLASS, PKCS11Constants.CKO_SECRET_KEY));
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_KEY_TYPE, PKCS11Constants.CKK_AES));
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_VALUE_LEN, 16));
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_SENSITIVE, true));
long hKey = pkcs11Module.C_GenerateKey(
hSession, pMechanism, attrs.toArray(new CK_ATTRIBUTE[0]));
byte[] iv = new byte[12];
new SecureRandom().nextBytes(iv);
byte[] aad = "hello".getBytes();
CK_GCM_PARAMS params = new CK_GCM_PARAMS(128, iv, aad);
pMechanism = new CK_MECHANISM(PKCS11Constants.CKM_AES_GCM, params);
pkcs11Module.C_EncryptInit(hSession, pMechanism, hKey);
} catch (Exception ex) {
ex.printStackTrace();
}
}
---------- END SOURCE ----------
FREQUENCY : always
Tested OpenJDK 13 EA with SoftHSM2 v2.5.1 (current development version). Calling PKCS11.C_EncryptInit ends always with the error CKR_ARGUMENTS_BAD. The following code block in SoftHSM.cpp is responsible for this error:
case CKM_AES_GCM:
algo = SymAlgo::AES;
mode = SymMode::GCM;
if (pMechanism->pParameter == NULL_PTR ||
pMechanism->ulParameterLen != sizeof(CK_GCM_PARAMS))
{
DEBUG_MSG("GCM mode requires parameters");
return CKR_ARGUMENTS_BAD;
}
It seems that PKCS11.C_EncryptInit() does not forward the CK_GCM_PARAMS correctly to the underlying Cryptoki library.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No error.
ACTUAL -
Got error sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD
---------- BEGIN SOURCE ----------
public static void main(String[] args) {
try {
final String pkcs11ModuleName = "/usr/local/lib/softhsm/libsofthsm2.so";
final String functionList = "C_GetFunctionList";
final boolean omitInitialize = false;
PKCS11 pkcs11Module = PKCS11.getInstance(pkcs11ModuleName, functionList,
null, omitInitialize);
long slotId = pkcs11Module.C_GetSlotList(true)[0];
//final long CKF_RW_SESSION = 0x00000002L;
//final long CKF_SERIAL_SESSION = 0x00000004L;
long flags = PKCS11Constants.CKF_SERIAL_SESSION | PKCS11Constants.CKF_RW_SESSION;
long hSession = pkcs11Module.C_OpenSession(slotId, flags, null, null);
char[] pin = "123456".toCharArray();
pkcs11Module.C_Login(hSession, PKCS11Constants.CKU_USER, pin);
// generate an AES key
CK_MECHANISM pMechanism = new CK_MECHANISM(PKCS11Constants.CKM_AES_KEY_GEN);
List<CK_ATTRIBUTE> attrs = new LinkedList<>();
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_CLASS, PKCS11Constants.CKO_SECRET_KEY));
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_KEY_TYPE, PKCS11Constants.CKK_AES));
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_VALUE_LEN, 16));
attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_SENSITIVE, true));
long hKey = pkcs11Module.C_GenerateKey(
hSession, pMechanism, attrs.toArray(new CK_ATTRIBUTE[0]));
byte[] iv = new byte[12];
new SecureRandom().nextBytes(iv);
byte[] aad = "hello".getBytes();
CK_GCM_PARAMS params = new CK_GCM_PARAMS(128, iv, aad);
pMechanism = new CK_MECHANISM(PKCS11Constants.CKM_AES_GCM, params);
pkcs11Module.C_EncryptInit(hSession, pMechanism, hKey);
} catch (Exception ex) {
ex.printStackTrace();
}
}
---------- END SOURCE ----------
FREQUENCY : always
- duplicates
-
-
- Closed
-
- links to