You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Minidriver function CardRSADecrypt returns incorrect length when unpadding SC_ALGORITHM_RSA_RAW data as CARD_PADDING_PKCS1 using the function sc_pkcs1_strip_02_padding_constant_time(). The function sc_pkcs1_strip_02_padding_constant_time() sets the last output parameter to modulus_length / 8 - SC_PKCS1_PADDING_MIN_SIZE, not the actual length of the unpadded data, on the other hand, the function returns the correct length.
This isssue can be reproduced only after #3084 and #3085 has been fixed. It can be reproduced with a windows application calling API CryptDecrypt() with a card using raw RSA (like nqApplet).
The following commit contains all 3 fixes: 723209f
Logs
The expected length of the decrypted data after unpadding was 128, but got 373:
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] sec.c:50:sc_decipher: returning with: 384
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] card.c:523:sc_unlock: called
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] pkcs15-sec.c:169:use_key: returning with: 384
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] sc_pkcs15_decipher: DECRYPT-INFO dwVersion=2
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] sc_pkcs15_decipher: stripping PKCS1 padding
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] padding.c:159:sc_pkcs1_strip_02_padding_constant_time: called
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] decrypted data(373):
The text was updated successfully, but these errors were encountered:
Problem Description
Minidriver function CardRSADecrypt returns incorrect length when unpadding SC_ALGORITHM_RSA_RAW data as CARD_PADDING_PKCS1 using the function sc_pkcs1_strip_02_padding_constant_time(). The function sc_pkcs1_strip_02_padding_constant_time() sets the last output parameter to modulus_length / 8 - SC_PKCS1_PADDING_MIN_SIZE, not the actual length of the unpadded data, on the other hand, the function returns the correct length.
Proposed Resolution
Steps to reproduce
This isssue can be reproduced only after #3084 and #3085 has been fixed. It can be reproduced with a windows application calling API CryptDecrypt() with a card using raw RSA (like nqApplet).
The following commit contains all 3 fixes: 723209f
Logs
The expected length of the decrypted data after unpadding was 128, but got 373:
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] sec.c:50:sc_decipher: returning with: 384
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] card.c:523:sc_unlock: called
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] pkcs15-sec.c:169:use_key: returning with: 384
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] sc_pkcs15_decipher: DECRYPT-INFO dwVersion=2
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] sc_pkcs15_decipher: stripping PKCS1 padding
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] padding.c:159:sc_pkcs1_strip_02_padding_constant_time: called
P:20068; T:21236 2024-03-22 08:30:24.185 [cardmod] decrypted data(373):
The text was updated successfully, but these errors were encountered: