Implement RSA PSS for GoID / SmartCard-HSM

2018-06-05 16:30:05 +02:00 · 2018-06-05 16:30:05 +02:00 · e2f0e367b1
parent 99fa4f4a57
commit e2f0e367b1
7 changed files with 64 additions and 23 deletions
--- a/src/libopensc/card-sc-hsm.c
+++ b/src/libopensc/card-sc-hsm.c
@ -984,6 +984,8 @@ static int sc_hsm_set_security_env(sc_card_t *card,
 			} else {
 				priv->algorithm = ALGO_RSA_PKCS1;
 			}
 		} else if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PSS) {
 			priv->algorithm = ALGO_RSA_PSS;
 		} else {
 			if (env->operation == SC_SEC_OPERATION_DECIPHER) {
 				priv->algorithm = ALGO_RSA_DECRYPT;
@ -1607,7 +1609,7 @@ static int sc_hsm_init(struct sc_card *card)
 		card->drv_data = priv;
 	}
-	flags = SC_ALGORITHM_RSA_RAW|SC_ALGORITHM_ONBOARD_KEY_GEN;
+	flags = SC_ALGORITHM_RSA_RAW|SC_ALGORITHM_RSA_PAD_PSS|SC_ALGORITHM_ONBOARD_KEY_GEN;
 	_sc_card_add_rsa_alg(card, 1024, flags, 0);
 	_sc_card_add_rsa_alg(card, 1536, flags, 0);
--- a/src/libopensc/card-sc-hsm.h
+++ b/src/libopensc/card-sc-hsm.h
@ -38,6 +38,7 @@
 #define ALGO_RSA_PKCS1_SHA1		0x31		/* RSA signature with SHA-1 hash and PKCS#1 V1.5 padding */
 #define ALGO_RSA_PKCS1_SHA256	0x33		/* RSA signature with SHA-256 hash and PKCS#1 V1.5 padding */
 #define ALGO_RSA_PSS			0x40		/* RSA signature with external hash and PKCS#1 PSS padding*/
 #define ALGO_RSA_PSS_SHA1		0x41		/* RSA signature with SHA-1 hash and PKCS#1 PSS padding */
 #define ALGO_RSA_PSS_SHA256		0x43		/* RSA signature with SHA-256 hash and PKCS#1 PSS padding */
--- a/src/libopensc/opensc.h
+++ b/src/libopensc/opensc.h
@ -91,34 +91,35 @@ extern "C" {
 #define SC_ALGORITHM_ONBOARD_KEY_GEN	0x80000000
 /* need usage = either sign or decrypt. keys with both? decrypt, emulate sign */
 #define SC_ALGORITHM_NEED_USAGE		0x40000000
-#define SC_ALGORITHM_SPECIFIC_FLAGS	0x0001FFFF
+#define SC_ALGORITHM_SPECIFIC_FLAGS	0x001FFFFF
 #define SC_ALGORITHM_RSA_RAW		0x00000001
 /* If the card is willing to produce a cryptogram padded with the following
 * methods, set these flags accordingly. */
-#define SC_ALGORITHM_RSA_PADS		0x0000000E
+#define SC_ALGORITHM_RSA_PADS		0x0000001E
 #define SC_ALGORITHM_RSA_PAD_NONE	0x00000000
 #define SC_ALGORITHM_RSA_PAD_PKCS1	0x00000002
 #define SC_ALGORITHM_RSA_PAD_ANSI	0x00000004
 #define SC_ALGORITHM_RSA_PAD_ISO9796	0x00000008
 #define SC_ALGORITHM_RSA_PAD_PSS	0x00000010
 /* If the card is willing to produce a cryptogram with the following
 * hash values, set these flags accordingly. */
-#define SC_ALGORITHM_RSA_HASH_NONE	0x00000010
+#define SC_ALGORITHM_RSA_HASH_NONE	0x00000100
-#define SC_ALGORITHM_RSA_HASH_SHA1	0x00000020
+#define SC_ALGORITHM_RSA_HASH_SHA1	0x00000200
-#define SC_ALGORITHM_RSA_HASH_MD5	0x00000040
+#define SC_ALGORITHM_RSA_HASH_MD5	0x00000400
-#define SC_ALGORITHM_RSA_HASH_MD5_SHA1	0x00000080
+#define SC_ALGORITHM_RSA_HASH_MD5_SHA1	0x00000800
-#define SC_ALGORITHM_RSA_HASH_RIPEMD160	0x00000100
+#define SC_ALGORITHM_RSA_HASH_RIPEMD160	0x00001000
-#define SC_ALGORITHM_RSA_HASH_SHA256	0x00000200
+#define SC_ALGORITHM_RSA_HASH_SHA256	0x00002000
-#define SC_ALGORITHM_RSA_HASH_SHA384	0x00000400
+#define SC_ALGORITHM_RSA_HASH_SHA384	0x00004000
-#define SC_ALGORITHM_RSA_HASH_SHA512	0x00000800
+#define SC_ALGORITHM_RSA_HASH_SHA512	0x00008000
-#define SC_ALGORITHM_RSA_HASH_SHA224	0x00001000
+#define SC_ALGORITHM_RSA_HASH_SHA224	0x00010000
-#define SC_ALGORITHM_RSA_HASHES		0x00001FE0
+#define SC_ALGORITHM_RSA_HASHES		0x0001FE00
-#define SC_ALGORITHM_GOSTR3410_RAW		0x00002000
+#define SC_ALGORITHM_GOSTR3410_RAW		0x00020000
-#define SC_ALGORITHM_GOSTR3410_HASH_NONE	0x00004000
+#define SC_ALGORITHM_GOSTR3410_HASH_NONE	0x00040000
-#define SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411	0x00008000
+#define SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411	0x00080000
-#define SC_ALGORITHM_GOSTR3410_HASHES		0x00008000
+#define SC_ALGORITHM_GOSTR3410_HASHES		0x00080000
 /*TODO: -DEE Should the above be 0x0000E000 */
 /* Or should the HASH_NONE be 0x00000010  and HASHES be 0x00008010 */
@ -126,8 +127,8 @@ extern "C" {
 /* TODO: -DEE Will overload RSA_HASHES with EC_HASHES */
 /* Not clear if these need their own bits or not */
 /* The PIV card does not support and hashes */
-#define SC_ALGORITHM_ECDSA_RAW		0x00010000
+#define SC_ALGORITHM_ECDSA_RAW		0x00100000
-#define SC_ALGORITHM_ECDH_CDH_RAW	0x00020000
+#define SC_ALGORITHM_ECDH_CDH_RAW	0x00200000
 #define SC_ALGORITHM_ECDSA_HASH_NONE		SC_ALGORITHM_RSA_HASH_NONE
 #define SC_ALGORITHM_ECDSA_HASH_SHA1		SC_ALGORITHM_RSA_HASH_SHA1
 #define SC_ALGORITHM_ECDSA_HASH_SHA224		SC_ALGORITHM_RSA_HASH_SHA224
--- a/src/libopensc/padding.c
+++ b/src/libopensc/padding.c
@ -310,6 +310,11 @@ int sc_get_encoding_flags(sc_context_t *ctx,
 		*sflags |= (caps & SC_ALGORITHM_RAW_MASK); /* adds in the one raw type */
 		*pflags = 0;
 	} else if (iflags & SC_ALGORITHM_RSA_PAD_PSS) {
 		if (caps & SC_ALGORITHM_RSA_PAD_PSS)
 			*sflags |= SC_ALGORITHM_RSA_PAD_PSS;
 		else
 			*pflags |= SC_ALGORITHM_RSA_PAD_PSS;
 	} else {
 		LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "unsupported algorithm");
 	}
--- a/src/libopensc/pkcs15-sec.c
+++ b/src/libopensc/pkcs15-sec.c
@ -420,12 +420,16 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
 	/* add the padding bytes (if necessary) */
 	if (pad_flags != 0) {
-		size_t tmplen = sizeof(buf);
+		if (flags & SC_ALGORITHM_RSA_PAD_PSS) {
 			// TODO PSS padding
 		} else {
 			size_t tmplen = sizeof(buf);
-		r = sc_pkcs1_encode(ctx, pad_flags, tmp, inlen, tmp, &tmplen, modlen);
+			r = sc_pkcs1_encode(ctx, pad_flags, tmp, inlen, tmp, &tmplen, modlen);
-		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to add padding");
+			SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to add padding");
-		inlen = tmplen;
+			inlen = tmplen;
 		}
 	}
 	else if ( senv.algorithm == SC_ALGORITHM_RSA &&
 			(flags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) {
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@ -3728,6 +3728,15 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
 	case CKM_SHA512_RSA_PKCS:
 		flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA512;
 		break;
 	case CKM_RSA_PKCS_PSS:
 		flags = SC_ALGORITHM_RSA_PAD_PSS | SC_ALGORITHM_RSA_HASH_NONE;
 		break;
 	case CKM_SHA1_RSA_PKCS_PSS:
 		flags = SC_ALGORITHM_RSA_PAD_PSS | SC_ALGORITHM_RSA_HASH_SHA1;
 		break;
 	case CKM_SHA256_RSA_PKCS_PSS:
 		flags = SC_ALGORITHM_RSA_PAD_PSS | SC_ALGORITHM_RSA_HASH_SHA256;
 		break;
 	case CKM_RIPEMD160_RSA_PKCS:
 		flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_RIPEMD160;
 		break;
@ -4995,6 +5004,24 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
 	/* TODO support other padding mechanisms */
 	if (rsa_flags & SC_ALGORITHM_RSA_PAD_PSS) {
 		mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_PSS, &mech_info, CKK_RSA, NULL, NULL);
 		rc = sc_pkcs11_register_mechanism(p11card, mt);
 		if (rc != CKR_OK)
 			return rc;
 		if (rsa_flags & SC_ALGORITHM_RSA_HASH_SHA1) {
 			rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA1_RSA_PKCS_PSS, CKM_SHA_1, mt);
 			if (rc != CKR_OK)
 				return rc;
 		}
 		if (rsa_flags & SC_ALGORITHM_RSA_HASH_SHA256) {
 			rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA256, mt);
 			if (rc != CKR_OK)
 				return rc;
 		}
 	}
 	if (rsa_flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
 		mech_info.flags = CKF_GENERATE_KEY_PAIR;
 		mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, &mech_info, CKK_RSA, NULL, NULL);
--- a/src/tools/opensc-tool.c
+++ b/src/tools/opensc-tool.c
@ -591,6 +591,7 @@ static int list_algorithms(void)
 	const id2str_t rsa_flag_names[] = {
 		{ SC_ALGORITHM_RSA_PAD_PKCS1,      "pkcs1"     },
 		{ SC_ALGORITHM_RSA_PAD_ANSI,       "ansi"      },
 		{ SC_ALGORITHM_RSA_PAD_PSS,        "pss"       },
 		{ SC_ALGORITHM_RSA_PAD_ISO9796,    "iso9796"   },
 		{ SC_ALGORITHM_RSA_HASH_SHA1,      "sha1"      },
 		{ SC_ALGORITHM_RSA_HASH_MD5,       "MD5"       },