dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Added support for native PKCS1.5 and OEP decryption.

Browse Source 
It is not tested, as it is not supported by pkcs11 modules. For instance, OpenSSL implements OEP in local side, calling a RAW decryption on the device.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-06-14 17:00:23 +02:00
parent efc1b4a4ae
commit d1f0f45525
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/hsm/sc_hsm.c
View File

@@ -1747,9 +1747,11 @@ static int cmd_decrypt_asym() {
return SW_FILE_FULL(); return SW_FILE_FULL();
if (key_has_purpose(ef, p2) == false) if (key_has_purpose(ef, p2) == false)
return SW_CONDITIONS_NOT_SATISFIED(); return SW_CONDITIONS_NOT_SATISFIED();
if (p2 == ALGO_RSA_DECRYPT) { if (p2 >= ALGO_RSA_DECRYPT && p2 <= ALGO_RSA_DECRYPT_OEP) {
mbedtls_rsa_context ctx; mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx); mbedtls_rsa_init(&ctx);
if (p2 == ALGO_RSA_DECRYPT_OEP)
mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE);
int r = load_private_key_rsa(&ctx, ef); int r = load_private_key_rsa(&ctx, ef);
if (r != CCID_OK) { if (r != CCID_OK) {
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
@@ -1760,12 +1762,21 @@ static int cmd_decrypt_asym() {
int key_size = file_get_size(ef); int key_size = file_get_size(ef);
if (apdu.nc < key_size) //needs padding if (apdu.nc < key_size) //needs padding
memset(apdu.data+apdu.nc, 0, key_size-apdu.nc); memset(apdu.data+apdu.nc, 0, key_size-apdu.nc);
r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.data, res_APDU); if (p2 == ALGO_RSA_DECRYPT_PKCS1 || p2 == ALGO_RSA_DECRYPT_OEP) {
size_t olen = apdu.nc;
r = mbedtls_rsa_pkcs1_decrypt(&ctx, random_gen, NULL, &olen, apdu.data, res_APDU, 512);
if (r == 0)
res_APDU_size = olen;
}
else {
r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.data, res_APDU);
if (r == 0)
res_APDU_size = key_size;
}
if (r != 0) { if (r != 0) {
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
res_APDU_size = key_size;
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
} }
else if (p2 == ALGO_EC_DH) { else if (p2 == ALGO_EC_DH) {

2
src/hsm/sc_hsm.h
View File

@@ -27,7 +27,7 @@ extern const uint8_t sc_hsm_aid[];
#define ALGO_RSA_RAW 0x20 /* RSA signature with external padding */ #define ALGO_RSA_RAW 0x20 /* RSA signature with external padding */
#define ALGO_RSA_DECRYPT 0x21 /* RSA raw decrypt */ #define ALGO_RSA_DECRYPT 0x21 /* RSA raw decrypt */
#define ALGO_RSA_DECRYPT_V15 0x22 #define ALGO_RSA_DECRYPT_PKCS1 0x22
#define ALGO_RSA_DECRYPT_OEP 0x23 #define ALGO_RSA_DECRYPT_OEP 0x23
#define ALGO_RSA_PKCS1 0x30 /* RSA signature with DigestInfo input and PKCS#1 V1.5 padding */ #define ALGO_RSA_PKCS1 0x30 /* RSA signature with DigestInfo input and PKCS#1 V1.5 padding */
#define ALGO_RSA_PKCS1_SHA1 0x31 /* RSA signature with SHA-1 hash and PKCS#1 V1.5 padding */ #define ALGO_RSA_PKCS1_SHA1 0x31 /* RSA signature with SHA-1 hash and PKCS#1 V1.5 padding */