diff --git a/src/pkcs11/crypto-libcrypto.c b/src/pkcs11/crypto-libcrypto.c index 7b4e283..90eccaa 100644 --- a/src/pkcs11/crypto-libcrypto.c +++ b/src/pkcs11/crypto-libcrypto.c @@ -479,7 +479,7 @@ static CK_RV verifyECDSA(struct p11Object_t *obj, CK_MECHANISM_TYPE mech, CK_BYT -CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) +CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen, CK_RSA_PKCS_MGF_TYPE mgf1Type) { CK_RV rv; int rc; @@ -487,8 +487,16 @@ CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULO FUNC_CALLED(); #if (OPENSSL_VERSION_NUMBER >= 0x10002000) - rc = RSA_padding_check_PKCS1_OAEP_mgf1(pData, (int)*pulDataLen, raw, rawlen, rawlen, NULL, 0, EVP_sha256(), NULL); - if (rc < 0) { + switch(mgf1Type) { + case CKG_MGF1_SHA1: + rc = RSA_padding_check_PKCS1_OAEP_mgf1(pData, (int)*pulDataLen, raw, rawlen, rawlen, NULL, 0, EVP_sha1(), NULL);break; + case CKG_MGF1_SHA256: + rc = RSA_padding_check_PKCS1_OAEP_mgf1(pData, (int)*pulDataLen, raw, rawlen, rawlen, NULL, 0, EVP_sha256(), NULL);break; + default: + rc = -1; + } + + if (rc < 0) { rv = translateError(); FUNC_FAILS(rv, "RSA_padding_check_PKCS1_OAEP_mgf1() failed"); } @@ -507,7 +515,7 @@ CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULO /** * Encrypt with RSA */ -static CK_RV encryptRSA(struct p11Object_t *obj, int padding, CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len) +static CK_RV encryptRSA(struct p11Object_t *obj, int padding, CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len, CK_RSA_PKCS_MGF_TYPE mgf1Type) { struct p11Attribute_t *modulus; struct p11Attribute_t *public_exponent; @@ -553,7 +561,17 @@ static CK_RV encryptRSA(struct p11Object_t *obj, int padding, CK_BYTE_PTR in, CK if (padding == RSA_PKCS1_OAEP_PADDING) { #if (OPENSSL_VERSION_NUMBER >= 0x10002000) - rc = RSA_padding_add_PKCS1_OAEP_mgf1(raw, modulus->attrData.ulValueLen, in, in_len, NULL, 0, EVP_sha256(), NULL); + switch(mgf1Type) { + case CKG_MGF1_SHA1: + rc = RSA_padding_add_PKCS1_OAEP_mgf1(raw, modulus->attrData.ulValueLen, in, in_len, NULL, 0, EVP_sha1(), NULL); break; + case CKG_MGF1_SHA256: + rc = RSA_padding_add_PKCS1_OAEP_mgf1(raw, modulus->attrData.ulValueLen, in, in_len, NULL, 0, EVP_sha256(), NULL); break; + default: + RSA_free(rsa); + FUNC_RETURNS(CKR_FUNCTION_NOT_SUPPORTED); + + } + rc = RSA_public_encrypt(modulus->attrData.ulValueLen, raw, out, rsa, RSA_NO_PADDING); #else RSA_free(rsa); @@ -681,6 +699,7 @@ CK_RV cryptoEncryptInit(struct p11Object_t *pObject, CK_MECHANISM_PTR mech) case CKM_RSA_X_509: case CKM_RSA_PKCS: case CKM_RSA_PKCS_OAEP: + case CKM_RSA_PKCS_OAEP_SHA1: break; default: FUNC_FAILS(CKR_MECHANISM_INVALID, "Invalid mechanism for RSA"); @@ -709,13 +728,16 @@ CK_RV cryptoEncrypt(struct p11Object_t *pObject, CK_MECHANISM_TYPE mech, CK_BYTE switch(mech) { case CKM_RSA_X_509: - rv = encryptRSA(pObject, RSA_NO_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + rv = encryptRSA(pObject, RSA_NO_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, 0); break; case CKM_RSA_PKCS: - rv = encryptRSA(pObject, RSA_PKCS1_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + rv = encryptRSA(pObject, RSA_PKCS1_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, 0); break; case CKM_RSA_PKCS_OAEP: - rv = encryptRSA(pObject, RSA_PKCS1_OAEP_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + rv = encryptRSA(pObject, RSA_PKCS1_OAEP_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, CKG_MGF1_SHA256); + break; + case CKM_RSA_PKCS_OAEP_SHA1: + rv = encryptRSA(pObject, RSA_PKCS1_OAEP_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, CKG_MGF1_SHA1); break; default: FUNC_FAILS(CKR_MECHANISM_INVALID, "Invalid mechanism for RSA"); diff --git a/src/pkcs11/crypto.h b/src/pkcs11/crypto.h index 79093a5..dcd26ba 100644 --- a/src/pkcs11/crypto.h +++ b/src/pkcs11/crypto.h @@ -40,7 +40,7 @@ void cryptoInitialize(); void cryptoFinalize(); -CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); +CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen, CK_RSA_PKCS_MGF_TYPE mgf1Type); CK_RV cryptoVerifyInit(struct p11Object_t *, CK_MECHANISM_PTR); CK_RV cryptoVerify(struct p11Object_t *, CK_MECHANISM_TYPE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG); CK_RV cryptoEncryptInit(struct p11Object_t *pObject, CK_MECHANISM_PTR mech); diff --git a/src/pkcs11/object.c b/src/pkcs11/object.c index 1e6ee12..3e83ad9 100644 --- a/src/pkcs11/object.c +++ b/src/pkcs11/object.c @@ -76,6 +76,7 @@ struct id2name_t p11CKMName[] = { { CKM_RIPEMD128_RSA_PKCS , "RIPEMD128_RSA_PKCS", 0 }, { CKM_RIPEMD160_RSA_PKCS , "RIPEMD160_RSA_PKCS", 0 }, { CKM_RSA_PKCS_OAEP , "RSA_PKCS_OAEP", 0 }, +{ CKM_RSA_PKCS_OAEP_SHA1 , "RSA_PKCS_OAEP_SHA1", 0 }, { CKM_RSA_X9_31_KEY_PAIR_GEN , "RSA_X9_31_KEY_PAIR_GEN", 0 }, { CKM_RSA_X9_31 , "RSA_X9_31", 0 }, { CKM_SHA1_RSA_X9_31 , "SHA1_RSA_X9_31", 0 }, diff --git a/src/pkcs11/pkcs11t.h b/src/pkcs11/pkcs11t.h index c0614a6..a3800ee 100644 --- a/src/pkcs11/pkcs11t.h +++ b/src/pkcs11/pkcs11t.h @@ -641,10 +641,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_SHA1_RSA_PKCS 0x00000006 /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and - * CKM_RSA_PKCS_OAEP are new for v2.10 */ + * CKM_RSA_PKCS_OAEP are new for v2.10 + * CKM_RSA_PKCS_OAEP_SHA1 for compatibility OpenSSL/BearSSL */ #define CKM_RIPEMD128_RSA_PKCS 0x00000007 #define CKM_RIPEMD160_RSA_PKCS 0x00000008 #define CKM_RSA_PKCS_OAEP 0x00000009 +#define CKM_RSA_PKCS_OAEP_SHA1 0x00000013 /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ diff --git a/src/pkcs11/token-sc-hsm.c b/src/pkcs11/token-sc-hsm.c index 4fc5ccd..58d4189 100644 --- a/src/pkcs11/token-sc-hsm.c +++ b/src/pkcs11/token-sc-hsm.c @@ -80,6 +80,7 @@ static const CK_MECHANISM_TYPE p11MechanismList[] = { CKM_ECDSA_SHA1, #ifdef ENABLE_LIBCRYPTO CKM_RSA_PKCS_OAEP, + CKM_RSA_PKCS_OAEP_SHA1, CKM_SHA_1, CKM_SHA224, CKM_SHA256, @@ -375,6 +376,7 @@ static int getAlgorithmIdForDecryption(CK_MECHANISM_TYPE mech) return ALGO_RSA_DECRYPT; #ifdef ENABLE_LIBCRYPTO case CKM_RSA_PKCS_OAEP: + case CKM_RSA_PKCS_OAEP_SHA1: return ALGO_RSA_DECRYPT; #endif case CKM_AES_CBC: @@ -776,7 +778,11 @@ static int sc_hsm_C_Decrypt(struct p11Object_t *pObject, CK_MECHANISM_TYPE mech, } } else { #ifdef ENABLE_LIBCRYPTO - rc = stripOAEPPadding(scr, rc, pData, pulDataLen); + if (mech == CKM_RSA_PKCS_OAEP_SHA1) + rc = stripOAEPPadding(scr, rc, pData, pulDataLen, CKG_MGF1_SHA1); + else + rc = stripOAEPPadding(scr, rc, pData, pulDataLen, CKG_MGF1_SHA256); + if (rc != CKR_OK) { FUNC_FAILS(rc, "Invalid OAEP padding"); } @@ -2744,6 +2750,7 @@ static int sc_hsm_C_GetMechanismInfo(CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_P case CKM_SC_HSM_PSS_SHA256: #ifdef ENABLE_LIBCRYPTO case CKM_RSA_PKCS_OAEP: + case CKM_RSA_PKCS_OAEP_SHA1: #endif pInfo->ulMinKeySize = 1024; @@ -2794,6 +2801,7 @@ static int sc_hsm_C_GetMechanismInfo(CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_P break; #ifdef ENABLE_LIBCRYPTO case CKM_RSA_PKCS_OAEP: + case CKM_RSA_PKCS_OAEP_SHA1: pInfo->flags = CKF_HW|CKF_DECRYPT|CKF_ENCRYPT; break; #endif diff --git a/src/pkcs11/token-starcos.c b/src/pkcs11/token-starcos.c index 7309792..5ef9a56 100644 --- a/src/pkcs11/token-starcos.c +++ b/src/pkcs11/token-starcos.c @@ -69,6 +69,7 @@ static unsigned char algo_ECDSA[] = { 0x89, 0x02, 0x13, 0x35 }; static const CK_MECHANISM_TYPE p11MechanismList[] = { CKM_RSA_PKCS, CKM_RSA_PKCS_OAEP, + CKM_RSA_PKCS_OAEP_SHA1, CKM_SHA1_RSA_PKCS, CKM_SHA224_RSA_PKCS, CKM_SHA256_RSA_PKCS, @@ -580,6 +581,7 @@ static int getAlgorithmIdForDecryption(struct p11Token_t *token, CK_MECHANISM_TY *algotlv = algo_PKCS15_DECRYPT; break; case CKM_RSA_PKCS_OAEP: + case CKM_RSA_PKCS_OAEP_SHA1: *algotlv = algo_OAEP_DECRYPT; break; default: @@ -1540,6 +1542,7 @@ static int starcos_C_GetMechanismInfo(CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_ #endif break; case CKM_RSA_PKCS_OAEP: + case CKM_RSA_PKCS_OAEP_SHA1: #ifdef ENABLE_LIBCRYPTO pInfo->flags = CKF_HW|CKF_DECRYPT|CKF_ENCRYPT; #else diff --git a/src/tests/sc-hsm-pkcs11-test.c b/src/tests/sc-hsm-pkcs11-test.c index db7128d..eb7ad1e 100644 --- a/src/tests/sc-hsm-pkcs11-test.c +++ b/src/tests/sc-hsm-pkcs11-test.c @@ -1066,6 +1066,8 @@ SignThread(void *arg) { rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_PKCS); if ((rc == CKR_OK) && (testsfailed == 0)) rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_PKCS_OAEP); + if ((rc == CKR_OK) && (testsfailed == 0)) + rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_PKCS_OAEP_SHA1); if ((rc == CKR_OK) && (testsfailed == 0)) rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_X_509); @@ -2748,6 +2750,7 @@ int main(int argc, char *argv[]) #ifdef ENABLE_LIBCRYPTO testRSADecryption(p11, slotid, 0, CKM_RSA_PKCS); testRSADecryption(p11, slotid, 0, CKM_RSA_PKCS_OAEP); + testRSADecryption(p11, slotid, 0, CKM_RSA_PKCS_OAEP_SHA1); if (strncmp("STARCOS", (char *)tokeninfo.label, 7)) { testRSADecryption(p11, slotid, 0, CKM_RSA_X_509);