ta: pkcs11: Correct return value for decryption with invalid ciphertext

When invalid input data is provided for TEE_AsymmetricDecrypt() it will fail with TEE_ERROR_BAD_PARAMETERS. PCSK#11 operation for C_Decrypt()/C_DecryptFinal() should return in this case CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE. As it is hard to determine which case it is return matching error similar to encryption case. Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.9 Decryption functions C_Decrypt/C_DecryptFinal Signed-off-by: Vesa Jääskeläinen <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
OP-TEE · Aug 9, 2021 · f27310a · f27310a
1 parent 6a6299f
commit f27310a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/ta/pkcs11/src/processing_asymm.c b/ta/pkcs11/src/processing_asymm.c
@@ -679,6 +679,8 @@ enum pkcs11_rc step_asymm_operation(struct pkcs11_session *session,
 						    out_buf, &out_size);
 			output_data = true;
 			rc = tee2pkcs_error(res);
+			if (rc == PKCS11_CKR_ARGUMENTS_BAD)
+				rc = PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE;
 			break;
 
 		case PKCS11_FUNCTION_SIGN: