Replace CKR_GENERAL_ERROR with CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE upon decryption failure

hansonchar · hansonchar · commit a254964f4694 · 2022-12-02T22:44:58.000-08:00
#689
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
@@ -3296,15 +3296,15 @@ static CK_RV SymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG u
 	if (!cipher->decryptUpdate(encryptedData,data))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 
 	// Finalize decryption
 	ByteString dataFinal;
 	if (!cipher->decryptFinal(dataFinal))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 	data += dataFinal;
 	if (data.size() > ulEncryptedDataLen)
@@ -3365,15 +3365,15 @@ static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG
 	if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 
 	// Check size
 	if (data.size() > size)
 	{
 		ERROR_MSG("The size of the decrypted data exceeds the size of the mechanism");
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_LEN_RANGE;
 	}
 	if (data.size() != 0)
 	{
@@ -3458,22 +3458,22 @@ static CK_RV SymDecryptUpdate(Session* session, CK_BYTE_PTR pEncryptedData, CK_U
 	ByteString data(pEncryptedData, ulEncryptedDataLen);
 	ByteString decryptedData;
 
-	// Encrypt the data
+	// Decrypt the data
 	if (!cipher->decryptUpdate(data, decryptedData))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 	DEBUG_MSG("ulEncryptedDataLen: %#5x  output buffer size: %#5x  blockSize: %#3x  remainingSize: %#4x  maxSize: %#5x  decryptedData.size(): %#5x",
 		  ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize, decryptedData.size());
 
-	// Check output size from crypto. Unrecoverable error if to large.
+	// Check output size from crypto. Unrecoverable error if too large.
 	if (*pDataLen < decryptedData.size())
 	{
 		session->resetOp();
 		ERROR_MSG("DecryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the decrypt.",
 				*pDataLen, decryptedData.size());
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_LEN_RANGE;
 	}
 
 	if (decryptedData.size() > 0)
@@ -3557,7 +3557,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL
 	if (!cipher->decryptFinal(decryptedFinal))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 	DEBUG_MSG("output buffer size: %#2x  size: %#2x  decryptedFinal.size(): %#2x",
 		  *pulDecryptedDataLen, size, decryptedFinal.size());
@@ -3568,7 +3568,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL
 		session->resetOp();
 		ERROR_MSG("DecryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
 			  *pulDecryptedDataLen, decryptedFinal.size());
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_LEN_RANGE;
 	}
 
 	if (decryptedFinal.size() > 0)

Original file line number	Diff line number	Diff line change
`@@ -3296,15 +3296,15 @@ static CK_RV SymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG u`
`3296`	`3296`	`if (!cipher->decryptUpdate(encryptedData,data))`
`3297`	`3297`	`{`
`3298`	`3298`	`session->resetOp();`
`3299`		`- return CKR_GENERAL_ERROR;`
	`3299`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3300`	`3300`	`}`
`3301`	`3301`
`3302`	`3302`	`// Finalize decryption`
`3303`	`3303`	`ByteString dataFinal;`
`3304`	`3304`	`if (!cipher->decryptFinal(dataFinal))`
`3305`	`3305`	`{`
`3306`	`3306`	`session->resetOp();`
`3307`		`- return CKR_GENERAL_ERROR;`
	`3307`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3308`	`3308`	`}`
`3309`	`3309`	`data += dataFinal;`
`3310`	`3310`	`if (data.size() > ulEncryptedDataLen)`
`@@ -3365,15 +3365,15 @@ static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG`
`3365`	`3365`	`if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))`
`3366`	`3366`	`{`
`3367`	`3367`	`session->resetOp();`
`3368`		`- return CKR_GENERAL_ERROR;`
	`3368`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3369`	`3369`	`}`
`3370`	`3370`
`3371`	`3371`	`// Check size`
`3372`	`3372`	`if (data.size() > size)`
`3373`	`3373`	`{`
`3374`	`3374`	`ERROR_MSG("The size of the decrypted data exceeds the size of the mechanism");`
`3375`	`3375`	`session->resetOp();`
`3376`		`- return CKR_GENERAL_ERROR;`
	`3376`	`+ return CKR_ENCRYPTED_DATA_LEN_RANGE;`
`3377`	`3377`	`}`
`3378`	`3378`	`if (data.size() != 0)`
`3379`	`3379`	`{`
`@@ -3458,22 +3458,22 @@ static CK_RV SymDecryptUpdate(Session* session, CK_BYTE_PTR pEncryptedData, CK_U`
`3458`	`3458`	`ByteString data(pEncryptedData, ulEncryptedDataLen);`
`3459`	`3459`	`ByteString decryptedData;`
`3460`	`3460`
`3461`		`- // Encrypt the data`
	`3461`	`+ // Decrypt the data`
`3462`	`3462`	`if (!cipher->decryptUpdate(data, decryptedData))`
`3463`	`3463`	`{`
`3464`	`3464`	`session->resetOp();`
`3465`		`- return CKR_GENERAL_ERROR;`
	`3465`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3466`	`3466`	`}`
`3467`	`3467`	`DEBUG_MSG("ulEncryptedDataLen: %#5x output buffer size: %#5x blockSize: %#3x remainingSize: %#4x maxSize: %#5x decryptedData.size(): %#5x",`
`3468`	`3468`	`ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize, decryptedData.size());`
`3469`	`3469`
`3470`		`- // Check output size from crypto. Unrecoverable error if to large.`
	`3470`	`+ // Check output size from crypto. Unrecoverable error if too large.`
`3471`	`3471`	`if (*pDataLen < decryptedData.size())`
`3472`	`3472`	`{`
`3473`	`3473`	`session->resetOp();`
`3474`	`3474`	`ERROR_MSG("DecryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the decrypt.",`
`3475`	`3475`	`*pDataLen, decryptedData.size());`
`3476`		`- return CKR_GENERAL_ERROR;`
	`3476`	`+ return CKR_ENCRYPTED_DATA_LEN_RANGE;`
`3477`	`3477`	`}`
`3478`	`3478`
`3479`	`3479`	`if (decryptedData.size() > 0)`
`@@ -3557,7 +3557,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL`
`3557`	`3557`	`if (!cipher->decryptFinal(decryptedFinal))`
`3558`	`3558`	`{`
`3559`	`3559`	`session->resetOp();`
`3560`		`- return CKR_GENERAL_ERROR;`
	`3560`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3561`	`3561`	`}`
`3562`	`3562`	`DEBUG_MSG("output buffer size: %#2x size: %#2x decryptedFinal.size(): %#2x",`
`3563`	`3563`	`*pulDecryptedDataLen, size, decryptedFinal.size());`
`@@ -3568,7 +3568,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL`
`3568`	`3568`	`session->resetOp();`
`3569`	`3569`	`ERROR_MSG("DecryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",`
`3570`	`3570`	`*pulDecryptedDataLen, decryptedFinal.size());`
`3571`		`- return CKR_GENERAL_ERROR;`
	`3571`	`+ return CKR_ENCRYPTED_DATA_LEN_RANGE;`
`3572`	`3572`	`}`
`3573`	`3573`
`3574`	`3574`	`if (decryptedFinal.size() > 0)`