Implement RSA PSS for GoID / SmartCard-HSM
This commit is contained in:
parent
99fa4f4a57
commit
e2f0e367b1
|
@ -984,6 +984,8 @@ static int sc_hsm_set_security_env(sc_card_t *card,
|
|||
} else {
|
||||
priv->algorithm = ALGO_RSA_PKCS1;
|
||||
}
|
||||
} else if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PSS) {
|
||||
priv->algorithm = ALGO_RSA_PSS;
|
||||
} else {
|
||||
if (env->operation == SC_SEC_OPERATION_DECIPHER) {
|
||||
priv->algorithm = ALGO_RSA_DECRYPT;
|
||||
|
@ -1607,7 +1609,7 @@ static int sc_hsm_init(struct sc_card *card)
|
|||
card->drv_data = priv;
|
||||
}
|
||||
|
||||
flags = SC_ALGORITHM_RSA_RAW|SC_ALGORITHM_ONBOARD_KEY_GEN;
|
||||
flags = SC_ALGORITHM_RSA_RAW|SC_ALGORITHM_RSA_PAD_PSS|SC_ALGORITHM_ONBOARD_KEY_GEN;
|
||||
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 1536, flags, 0);
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
#define ALGO_RSA_PKCS1_SHA1 0x31 /* RSA signature with SHA-1 hash and PKCS#1 V1.5 padding */
|
||||
#define ALGO_RSA_PKCS1_SHA256 0x33 /* RSA signature with SHA-256 hash and PKCS#1 V1.5 padding */
|
||||
|
||||
#define ALGO_RSA_PSS 0x40 /* RSA signature with external hash and PKCS#1 PSS padding*/
|
||||
#define ALGO_RSA_PSS_SHA1 0x41 /* RSA signature with SHA-1 hash and PKCS#1 PSS padding */
|
||||
#define ALGO_RSA_PSS_SHA256 0x43 /* RSA signature with SHA-256 hash and PKCS#1 PSS padding */
|
||||
|
||||
|
|
|
@ -91,34 +91,35 @@ extern "C" {
|
|||
#define SC_ALGORITHM_ONBOARD_KEY_GEN 0x80000000
|
||||
/* need usage = either sign or decrypt. keys with both? decrypt, emulate sign */
|
||||
#define SC_ALGORITHM_NEED_USAGE 0x40000000
|
||||
#define SC_ALGORITHM_SPECIFIC_FLAGS 0x0001FFFF
|
||||
#define SC_ALGORITHM_SPECIFIC_FLAGS 0x001FFFFF
|
||||
|
||||
#define SC_ALGORITHM_RSA_RAW 0x00000001
|
||||
/* If the card is willing to produce a cryptogram padded with the following
|
||||
* methods, set these flags accordingly. */
|
||||
#define SC_ALGORITHM_RSA_PADS 0x0000000E
|
||||
#define SC_ALGORITHM_RSA_PADS 0x0000001E
|
||||
#define SC_ALGORITHM_RSA_PAD_NONE 0x00000000
|
||||
#define SC_ALGORITHM_RSA_PAD_PKCS1 0x00000002
|
||||
#define SC_ALGORITHM_RSA_PAD_ANSI 0x00000004
|
||||
#define SC_ALGORITHM_RSA_PAD_ISO9796 0x00000008
|
||||
#define SC_ALGORITHM_RSA_PAD_PSS 0x00000010
|
||||
|
||||
/* If the card is willing to produce a cryptogram with the following
|
||||
* hash values, set these flags accordingly. */
|
||||
#define SC_ALGORITHM_RSA_HASH_NONE 0x00000010
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA1 0x00000020
|
||||
#define SC_ALGORITHM_RSA_HASH_MD5 0x00000040
|
||||
#define SC_ALGORITHM_RSA_HASH_MD5_SHA1 0x00000080
|
||||
#define SC_ALGORITHM_RSA_HASH_RIPEMD160 0x00000100
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA256 0x00000200
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA384 0x00000400
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA512 0x00000800
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA224 0x00001000
|
||||
#define SC_ALGORITHM_RSA_HASHES 0x00001FE0
|
||||
#define SC_ALGORITHM_RSA_HASH_NONE 0x00000100
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA1 0x00000200
|
||||
#define SC_ALGORITHM_RSA_HASH_MD5 0x00000400
|
||||
#define SC_ALGORITHM_RSA_HASH_MD5_SHA1 0x00000800
|
||||
#define SC_ALGORITHM_RSA_HASH_RIPEMD160 0x00001000
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA256 0x00002000
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA384 0x00004000
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA512 0x00008000
|
||||
#define SC_ALGORITHM_RSA_HASH_SHA224 0x00010000
|
||||
#define SC_ALGORITHM_RSA_HASHES 0x0001FE00
|
||||
|
||||
#define SC_ALGORITHM_GOSTR3410_RAW 0x00002000
|
||||
#define SC_ALGORITHM_GOSTR3410_HASH_NONE 0x00004000
|
||||
#define SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411 0x00008000
|
||||
#define SC_ALGORITHM_GOSTR3410_HASHES 0x00008000
|
||||
#define SC_ALGORITHM_GOSTR3410_RAW 0x00020000
|
||||
#define SC_ALGORITHM_GOSTR3410_HASH_NONE 0x00040000
|
||||
#define SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411 0x00080000
|
||||
#define SC_ALGORITHM_GOSTR3410_HASHES 0x00080000
|
||||
/*TODO: -DEE Should the above be 0x0000E000 */
|
||||
/* Or should the HASH_NONE be 0x00000010 and HASHES be 0x00008010 */
|
||||
|
||||
|
@ -126,8 +127,8 @@ extern "C" {
|
|||
/* TODO: -DEE Will overload RSA_HASHES with EC_HASHES */
|
||||
/* Not clear if these need their own bits or not */
|
||||
/* The PIV card does not support and hashes */
|
||||
#define SC_ALGORITHM_ECDSA_RAW 0x00010000
|
||||
#define SC_ALGORITHM_ECDH_CDH_RAW 0x00020000
|
||||
#define SC_ALGORITHM_ECDSA_RAW 0x00100000
|
||||
#define SC_ALGORITHM_ECDH_CDH_RAW 0x00200000
|
||||
#define SC_ALGORITHM_ECDSA_HASH_NONE SC_ALGORITHM_RSA_HASH_NONE
|
||||
#define SC_ALGORITHM_ECDSA_HASH_SHA1 SC_ALGORITHM_RSA_HASH_SHA1
|
||||
#define SC_ALGORITHM_ECDSA_HASH_SHA224 SC_ALGORITHM_RSA_HASH_SHA224
|
||||
|
|
|
@ -310,6 +310,11 @@ int sc_get_encoding_flags(sc_context_t *ctx,
|
|||
|
||||
*sflags |= (caps & SC_ALGORITHM_RAW_MASK); /* adds in the one raw type */
|
||||
*pflags = 0;
|
||||
} else if (iflags & SC_ALGORITHM_RSA_PAD_PSS) {
|
||||
if (caps & SC_ALGORITHM_RSA_PAD_PSS)
|
||||
*sflags |= SC_ALGORITHM_RSA_PAD_PSS;
|
||||
else
|
||||
*pflags |= SC_ALGORITHM_RSA_PAD_PSS;
|
||||
} else {
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "unsupported algorithm");
|
||||
}
|
||||
|
|
|
@ -420,6 +420,9 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
|
|||
|
||||
/* add the padding bytes (if necessary) */
|
||||
if (pad_flags != 0) {
|
||||
if (flags & SC_ALGORITHM_RSA_PAD_PSS) {
|
||||
// TODO PSS padding
|
||||
} else {
|
||||
size_t tmplen = sizeof(buf);
|
||||
|
||||
r = sc_pkcs1_encode(ctx, pad_flags, tmp, inlen, tmp, &tmplen, modlen);
|
||||
|
@ -427,6 +430,7 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
|
|||
|
||||
inlen = tmplen;
|
||||
}
|
||||
}
|
||||
else if ( senv.algorithm == SC_ALGORITHM_RSA &&
|
||||
(flags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) {
|
||||
/* Add zero-padding if input is shorter than the modulus */
|
||||
|
|
|
@ -3728,6 +3728,15 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
|
|||
case CKM_SHA512_RSA_PKCS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA512;
|
||||
break;
|
||||
case CKM_RSA_PKCS_PSS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PSS | SC_ALGORITHM_RSA_HASH_NONE;
|
||||
break;
|
||||
case CKM_SHA1_RSA_PKCS_PSS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PSS | SC_ALGORITHM_RSA_HASH_SHA1;
|
||||
break;
|
||||
case CKM_SHA256_RSA_PKCS_PSS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PSS | SC_ALGORITHM_RSA_HASH_SHA256;
|
||||
break;
|
||||
case CKM_RIPEMD160_RSA_PKCS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_RIPEMD160;
|
||||
break;
|
||||
|
@ -4995,6 +5004,24 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
|||
|
||||
/* TODO support other padding mechanisms */
|
||||
|
||||
if (rsa_flags & SC_ALGORITHM_RSA_PAD_PSS) {
|
||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_PSS, &mech_info, CKK_RSA, NULL, NULL);
|
||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||
if (rc != CKR_OK)
|
||||
return rc;
|
||||
|
||||
if (rsa_flags & SC_ALGORITHM_RSA_HASH_SHA1) {
|
||||
rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA1_RSA_PKCS_PSS, CKM_SHA_1, mt);
|
||||
if (rc != CKR_OK)
|
||||
return rc;
|
||||
}
|
||||
if (rsa_flags & SC_ALGORITHM_RSA_HASH_SHA256) {
|
||||
rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA256, mt);
|
||||
if (rc != CKR_OK)
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
if (rsa_flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
||||
mech_info.flags = CKF_GENERATE_KEY_PAIR;
|
||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, &mech_info, CKK_RSA, NULL, NULL);
|
||||
|
|
|
@ -591,6 +591,7 @@ static int list_algorithms(void)
|
|||
const id2str_t rsa_flag_names[] = {
|
||||
{ SC_ALGORITHM_RSA_PAD_PKCS1, "pkcs1" },
|
||||
{ SC_ALGORITHM_RSA_PAD_ANSI, "ansi" },
|
||||
{ SC_ALGORITHM_RSA_PAD_PSS, "pss" },
|
||||
{ SC_ALGORITHM_RSA_PAD_ISO9796, "iso9796" },
|
||||
{ SC_ALGORITHM_RSA_HASH_SHA1, "sha1" },
|
||||
{ SC_ALGORITHM_RSA_HASH_MD5, "MD5" },
|
||||
|
|
Loading…
Reference in New Issue