Add support for RSA PSS with SmartCard-HSM #1404
Conversation
| case CKM_SHA256: | ||
| if (hlen != 32) | ||
| return CKR_MECHANISM_PARAM_INVALID; | ||
| break; |
There was a problem hiding this comment.
Would it make sense to cover also the other SHA2 variants for future, even if they might not be supported now by your cards?
There was a problem hiding this comment.
I'd rather add the code when it can be tested properly. Should be easy to adapt when cards with more algorithms arrive.
| } | ||
|
|
||
| // SmartCards typically only support MGFs based on the same hash as the | ||
| // message digest |
There was a problem hiding this comment.
This limitation is not on PKCS#11 level so the errors might be confusing. Even though, this might be a good idea to implement now opensc-wise (since the sc-hsm is the only supporting PSS), future drivers might struggle with it so I would propose to do this limitation in the sc-hsm code, if you know your cards do not support these cases.
There was a problem hiding this comment.
Unfortunately this would require substantial changes in the lower layer to pass PSS parameter down into the card driver. It is something we could do in the long run, however I don't expect cards to support arbitrary salt length and MGF anytime soon. PKCS#11 allows the flexibility, but most implementation use saltlen = hashlen and MGF hash = message hash as all other cases would need to be explicitly agreed between sender and receiver.
There was a problem hiding this comment.
Thank you for clarification. Yes, it makes sense to support at least something for now.
| return CKR_MECHANISM_PARAM_INVALID; | ||
| } | ||
|
|
||
| // SmartCards typically support only a salt length equal to the hash length |
There was a problem hiding this comment.
The same for this condition -- PKCS#11 happily allows wider range of combinations.
There was a problem hiding this comment.
And some cards/tokens (like YubiHSM2) do support other SHA2 family members.
There was a problem hiding this comment.
But the yubihsm driver is not part of opensc. Anyway completeness of PKCS#11 mechanisms is implemented in #1435.
| @@ -420,12 +420,16 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card, | |||
|
|
|||
| /* add the padding bytes (if necessary) */ | |||
| if (pad_flags != 0) { | |||
| size_t tmplen = sizeof(buf); | |||
| if (flags & SC_ALGORITHM_RSA_PAD_PSS) { | |||
| // TODO PSS padding | |||
There was a problem hiding this comment.
This will be needed to implement the PSS off the card. Do you plan to have a look into that, or should I have a look into the possibilities here?
There was a problem hiding this comment.
We could maybe use this: NWilson@42f3199
A card driver may declare support for computing the padding on the card, or else the padding will be applied locally in padding.c. All five PKCS11 PSS mechanisms are supported, for signature and verification. There are a few limits on what we choose to support, in particular I don't see a need for arbitrary combinations of MGF hash, data hash, and salt length, so I've restricted it (for the user's benefit) to the only cases that really matter, where salt_len = hash_len and the same hash is used for the MGF and data hashing.
|
@CardContact the code looks good, thanks! I think, I'll have time to test this next week. Could you please also check which the necessary bits are to get this functionality into the minidriver? |
|
currently PSS is also announced for decryption. You need to apply this patch: diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 3040df63..e8611591 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -5072,6 +5072,9 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
/* TODO support other padding mechanisms */
if (rsa_flags & SC_ALGORITHM_RSA_PAD_PSS) {
+ CK_FLAGS old_flags = mech_info.flags;
+ mech_info.flags &= ~CKF_DECRYPT;
+
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_PSS, &mech_info, CKK_RSA, NULL, NULL);
rc = sc_pkcs11_register_mechanism(p11card, mt);
if (rc != CKR_OK)
@@ -5087,6 +5090,8 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
if (rc != CKR_OK)
return rc;
}
+
+ mech_info.flags = old_flags;
}
if (rsa_flags & SC_ALGORITHM_ONBOARD_KEY_GEN) { |
|
thanks! @CardContact please also have a look into the minidriver @Jakuje looking forward for your port of NWilson@42f3199 |
Tested with SmartCard-HSM
Checklist