Modify GcmParams new function to allow for setting of ulIvBits and more graceful error handling

jaeparker22 · jaeparker22 · commit 248b6a733927 · 2025-03-17T14:42:26.000-05:00
Signed-off-by: Jason Parker &lt;parkerje@protonmail.com&gt;
diff --git a/cryptoki/src/mechanism/aead.rs b/cryptoki/src/mechanism/aead.rs
@@ -32,11 +32,7 @@ impl<'a> GcmParams<'a> {
     /// be between 0 and 128.  The tag is appended to the end of the
     /// ciphertext.
     ///
-    /// # Panics
-    ///
-    /// This function panics if the length of `iv` or `aad` does not
-    /// fit into an [Ulong].
-    pub fn new(iv: &'a mut [u8], aad: &'a [u8], tag_bits: Ulong) -> Self {
+    pub fn new(iv: &'a mut [u8], aad: &'a [u8], tag_bits: Ulong) -> Result<Self, &'a str> {
         // The ulIvBits parameter seems to be missing from the 2.40 spec,
         // although it is included in the header file.  In [1], OASIS clarified
         // that the header file is normative.  In 3.0, they added the parameter
@@ -53,23 +49,35 @@ impl<'a> GcmParams<'a> {
         // set it to zero.
         //
         // [1]: https://www.oasis-open.org/committees/document.php?document_id=58032&wg_abbrev=pkcs11
-        GcmParams {
+
+        let iv_len = iv.len();
+        // Some HSMs may require the ulIvBits field to be populated, while others don't pay attention to it.
+        let iv_bit_len = iv_len*8;
+
+        Ok(GcmParams {
             inner: CK_GCM_PARAMS {
                 pIv: iv.as_mut_ptr(),
-                ulIvLen: iv
-                    .len()
-                    .try_into()
-                    .expect("iv length does not fit in CK_ULONG"),
-                ulIvBits: 0,
+                ulIvLen: match iv_len.try_into() {
+                    Ok(len) => len,
+                    Err(_e) => return Err("iv length does not fit in CK_ULONG"),
+                },
+                // Since this field isn't universally used, set it to 0 if it doesn't fit in CK_ULONG.
+                // If the HSM doesn't require the field, it won't mind; and it it does, it would break anyways.
+                ulIvBits: match iv_bit_len.try_into() {
+                    Ok(len) => len,
+                    Err(_e) => 0,
+                },
                 pAAD: aad.as_ptr() as *mut _,
-                ulAADLen: aad
+                ulAADLen: match aad
                     .len()
-                    .try_into()
-                    .expect("aad length does not fit in CK_ULONG"),
+                    .try_into() {
+                        Ok(len) => len,
+                        Err(_e) => return Err("aad length does not fit in CK_ULONG"),
+                    },
                 ulTagBits: tag_bits.into(),
             },
             _marker: PhantomData,
-        }
+        })
     }
 
     /// The initialization vector.
