mechanism CKM_RSA_PKCS_OAEP_SHA1

src/pkcs11/crypto-libcrypto.c

@@ -479,16 +479,24 @@ static CK_RV verifyECDSA(struct p11Object_t *obj, CK_MECHANISM_TYPE mech, CK_BYT
 
 
 
-CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen, CK_RSA_PKCS_MGF_TYPE mgf1Type)
 {
 	CK_RV rv;
 	int rc;
 
 	FUNC_CALLED();
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10002000)
-	rc = RSA_padding_check_PKCS1_OAEP_mgf1(pData, (int)*pulDataLen, raw, rawlen, rawlen, NULL, 0, EVP_sha256(), NULL);
-	if (rc < 0) {
+	switch(mgf1Type) {
+            case CKG_MGF1_SHA1:
+                rc = RSA_padding_check_PKCS1_OAEP_mgf1(pData, (int)*pulDataLen, raw, rawlen, rawlen, NULL, 0, EVP_sha1(), NULL);break;
+            case CKG_MGF1_SHA256:
+                rc = RSA_padding_check_PKCS1_OAEP_mgf1(pData, (int)*pulDataLen, raw, rawlen, rawlen, NULL, 0, EVP_sha256(), NULL);break;
+            default:
+                rc = -1;
+        }
+
+        if (rc < 0) {
 		rv = translateError();
 		FUNC_FAILS(rv, "RSA_padding_check_PKCS1_OAEP_mgf1() failed");
 	}
@@ -507,7 +515,7 @@ CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULO
 /**
  * Encrypt with RSA
  */
-static CK_RV encryptRSA(struct p11Object_t *obj, int padding, CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len)
+static CK_RV encryptRSA(struct p11Object_t *obj, int padding, CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len, CK_RSA_PKCS_MGF_TYPE mgf1Type)
 {
 	struct p11Attribute_t *modulus;
 	struct p11Attribute_t *public_exponent;
@@ -553,7 +561,17 @@ static CK_RV encryptRSA(struct p11Object_t *obj, int padding, CK_BYTE_PTR in, CK
 
 	if (padding == RSA_PKCS1_OAEP_PADDING) {
 #if (OPENSSL_VERSION_NUMBER >= 0x10002000)
-		rc = RSA_padding_add_PKCS1_OAEP_mgf1(raw, modulus->attrData.ulValueLen, in, in_len, NULL, 0, EVP_sha256(), NULL);
+            switch(mgf1Type) {
+                case CKG_MGF1_SHA1:
+                    rc = RSA_padding_add_PKCS1_OAEP_mgf1(raw, modulus->attrData.ulValueLen, in, in_len, NULL, 0, EVP_sha1(), NULL); break;
+                case CKG_MGF1_SHA256:
+                    rc = RSA_padding_add_PKCS1_OAEP_mgf1(raw, modulus->attrData.ulValueLen, in, in_len, NULL, 0, EVP_sha256(), NULL); break;
+                default:
+                    RSA_free(rsa);
+                    FUNC_RETURNS(CKR_FUNCTION_NOT_SUPPORTED);
+
+            }
+
 		rc = RSA_public_encrypt(modulus->attrData.ulValueLen, raw, out, rsa, RSA_NO_PADDING);
 #else
 		RSA_free(rsa);
@@ -681,6 +699,7 @@ CK_RV cryptoEncryptInit(struct p11Object_t *pObject, CK_MECHANISM_PTR mech)
 	case CKM_RSA_X_509:
 	case CKM_RSA_PKCS:
 	case CKM_RSA_PKCS_OAEP:
+        case CKM_RSA_PKCS_OAEP_SHA1:
 		break;
 	default:
 		FUNC_FAILS(CKR_MECHANISM_INVALID, "Invalid mechanism for RSA");
@@ -709,13 +728,16 @@ CK_RV cryptoEncrypt(struct p11Object_t *pObject, CK_MECHANISM_TYPE mech, CK_BYTE
 
 	switch(mech) {
 	case CKM_RSA_X_509:
-		rv = encryptRSA(pObject, RSA_NO_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+		rv = encryptRSA(pObject, RSA_NO_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, 0);
 		break;
 	case CKM_RSA_PKCS:
-		rv = encryptRSA(pObject, RSA_PKCS1_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+		rv = encryptRSA(pObject, RSA_PKCS1_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, 0);
 		break;
 	case CKM_RSA_PKCS_OAEP:
-		rv = encryptRSA(pObject, RSA_PKCS1_OAEP_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+                rv = encryptRSA(pObject, RSA_PKCS1_OAEP_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, CKG_MGF1_SHA256);
+		break;
+        case CKM_RSA_PKCS_OAEP_SHA1:
+		rv = encryptRSA(pObject, RSA_PKCS1_OAEP_PADDING, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen, CKG_MGF1_SHA1);
 		break;
 	default:
 		FUNC_FAILS(CKR_MECHANISM_INVALID, "Invalid mechanism for RSA");

src/pkcs11/crypto.h

@@ -40,7 +40,7 @@
 
 void cryptoInitialize();
 void cryptoFinalize();
-CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
+CK_RV stripOAEPPadding(unsigned char *raw, int rawlen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen, CK_RSA_PKCS_MGF_TYPE mgf1Type);
 CK_RV cryptoVerifyInit(struct p11Object_t *, CK_MECHANISM_PTR);
 CK_RV cryptoVerify(struct p11Object_t *, CK_MECHANISM_TYPE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG);
 CK_RV cryptoEncryptInit(struct p11Object_t *pObject, CK_MECHANISM_PTR mech);

src/pkcs11/object.c

@@ -76,6 +76,7 @@ struct id2name_t p11CKMName[] = {
 { CKM_RIPEMD128_RSA_PKCS        , "RIPEMD128_RSA_PKCS", 0 },
 { CKM_RIPEMD160_RSA_PKCS        , "RIPEMD160_RSA_PKCS", 0 },
 { CKM_RSA_PKCS_OAEP             , "RSA_PKCS_OAEP", 0 },
+{ CKM_RSA_PKCS_OAEP_SHA1        , "RSA_PKCS_OAEP_SHA1", 0 },
 { CKM_RSA_X9_31_KEY_PAIR_GEN    , "RSA_X9_31_KEY_PAIR_GEN", 0 },
 { CKM_RSA_X9_31                 , "RSA_X9_31", 0 },
 { CKM_SHA1_RSA_X9_31            , "SHA1_RSA_X9_31", 0 },

src/pkcs11/pkcs11t.h

@@ -641,10 +641,12 @@ typedef CK_ULONG          CK_MECHANISM_TYPE;
 #define CKM_SHA1_RSA_PKCS              0x00000006
 
 /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
- * CKM_RSA_PKCS_OAEP are new for v2.10 */
+ * CKM_RSA_PKCS_OAEP are new for v2.10 
+ * CKM_RSA_PKCS_OAEP_SHA1 for compatibility OpenSSL/BearSSL */
 #define CKM_RIPEMD128_RSA_PKCS         0x00000007
 #define CKM_RIPEMD160_RSA_PKCS         0x00000008
 #define CKM_RSA_PKCS_OAEP              0x00000009
+#define CKM_RSA_PKCS_OAEP_SHA1         0x00000013
 
 /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
  * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */

src/pkcs11/token-sc-hsm.c

@@ -80,6 +80,7 @@ static const CK_MECHANISM_TYPE p11MechanismList[] = {
 		CKM_ECDSA_SHA1,
 #ifdef ENABLE_LIBCRYPTO
 		CKM_RSA_PKCS_OAEP,
+                CKM_RSA_PKCS_OAEP_SHA1,
 		CKM_SHA_1,
 		CKM_SHA224,
 		CKM_SHA256,
@@ -375,6 +376,7 @@ static int getAlgorithmIdForDecryption(CK_MECHANISM_TYPE mech)
 		return ALGO_RSA_DECRYPT;
 #ifdef ENABLE_LIBCRYPTO
 	case CKM_RSA_PKCS_OAEP:
+        case CKM_RSA_PKCS_OAEP_SHA1:
 		return ALGO_RSA_DECRYPT;
 #endif
 	case CKM_AES_CBC:
@@ -776,7 +778,11 @@ static int sc_hsm_C_Decrypt(struct p11Object_t *pObject, CK_MECHANISM_TYPE mech,
 		}
 	} else {
 #ifdef ENABLE_LIBCRYPTO
-		rc = stripOAEPPadding(scr, rc, pData, pulDataLen);
+		if (mech == CKM_RSA_PKCS_OAEP_SHA1)
+                    rc = stripOAEPPadding(scr, rc, pData, pulDataLen, CKG_MGF1_SHA1);
+                else
+                    rc = stripOAEPPadding(scr, rc, pData, pulDataLen, CKG_MGF1_SHA256);
+
 		if (rc != CKR_OK) {
 			FUNC_FAILS(rc, "Invalid OAEP padding");
 		}
@@ -2744,6 +2750,7 @@ static int sc_hsm_C_GetMechanismInfo(CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_P
 	case CKM_SC_HSM_PSS_SHA256:
 #ifdef ENABLE_LIBCRYPTO
 	case CKM_RSA_PKCS_OAEP:
+        case CKM_RSA_PKCS_OAEP_SHA1:
 #endif
 
 		pInfo->ulMinKeySize = 1024;
@@ -2794,6 +2801,7 @@ static int sc_hsm_C_GetMechanismInfo(CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_P
 		break;
 #ifdef ENABLE_LIBCRYPTO
 	case CKM_RSA_PKCS_OAEP:
+        case CKM_RSA_PKCS_OAEP_SHA1:
 		pInfo->flags = CKF_HW|CKF_DECRYPT|CKF_ENCRYPT;
 		break;
 #endif

src/pkcs11/token-starcos.c

@@ -69,6 +69,7 @@ static unsigned char algo_ECDSA[] =            { 0x89, 0x02, 0x13, 0x35 };
 static const CK_MECHANISM_TYPE p11MechanismList[] = {
 		CKM_RSA_PKCS,
 		CKM_RSA_PKCS_OAEP,
+                CKM_RSA_PKCS_OAEP_SHA1,
 		CKM_SHA1_RSA_PKCS,
 		CKM_SHA224_RSA_PKCS,
 		CKM_SHA256_RSA_PKCS,
@@ -580,6 +581,7 @@ static int getAlgorithmIdForDecryption(struct p11Token_t *token, CK_MECHANISM_TY
 			*algotlv = algo_PKCS15_DECRYPT;
 			break;
 		case CKM_RSA_PKCS_OAEP:
+                case CKM_RSA_PKCS_OAEP_SHA1:
 			*algotlv = algo_OAEP_DECRYPT;
 			break;
 		default:
@@ -1540,6 +1542,7 @@ static int starcos_C_GetMechanismInfo(CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_
 #endif
 		break;
 	case CKM_RSA_PKCS_OAEP:
+        case CKM_RSA_PKCS_OAEP_SHA1:
 #ifdef ENABLE_LIBCRYPTO
 		pInfo->flags = CKF_HW|CKF_DECRYPT|CKF_ENCRYPT;
 #else

src/tests/sc-hsm-pkcs11-test.c

@@ -1066,6 +1066,8 @@ SignThread(void *arg) {
 			rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_PKCS);
 		if ((rc == CKR_OK) && (testsfailed == 0))
 			rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_PKCS_OAEP);
+                if ((rc == CKR_OK) && (testsfailed == 0))
+			rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_PKCS_OAEP_SHA1);
 		if ((rc == CKR_OK) && (testsfailed == 0))
 			rc = testRSADecryption(d->p11, d->slotid, d->thread_id, CKM_RSA_X_509);
 
@@ -2748,6 +2750,7 @@ int main(int argc, char *argv[])
 #ifdef ENABLE_LIBCRYPTO
 				testRSADecryption(p11, slotid, 0, CKM_RSA_PKCS);
 				testRSADecryption(p11, slotid, 0, CKM_RSA_PKCS_OAEP);
+                                testRSADecryption(p11, slotid, 0, CKM_RSA_PKCS_OAEP_SHA1);
 
 				if (strncmp("STARCOS", (char *)tokeninfo.label, 7)) {
 					testRSADecryption(p11, slotid, 0, CKM_RSA_X_509);