Skip to content

Oaep label #2484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Jakuje merged 2 commits into from
Feb 7, 2022
Merged

Oaep label #2484

Jakuje merged 2 commits into from
Feb 7, 2022

Conversation

@popovec
Copy link
Member

@popovec popovec commented Jan 12, 2022

  • PKCS#11 module is tested
    (pkcs11-tool -l -t, MyEID card)

@popovec popovec mentioned this pull request Jan 12, 2022
Merged
1 task
Jakuje
Jakuje reviewed Jan 16, 2022
View reviewed changes
src/tools/pkcs11-tool.c Outdated
return 0;
}
if (param_len != 0 && param != NULL) {
/* label is ownership of openssl, do not free this ptr! */
Copy link
Member

@Jakuje Jakuje Jan 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/* label is ownership of openssl, do not free this ptr! */
/* label is in ownership of openssl, do not free this ptr! */

src/tools/pkcs11-tool.c Outdated
p11_mgf_to_name(oaep_params.mgf));

if (param != NULL && param_len > 0) {
oaep_params.source = 1UL;
Copy link
Member

@Jakuje Jakuje Jan 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should use in this case the pkcs11 constant CKZ_DATA_SPECIFIED instead of the magic number 1. Similarly as with the other places where the source is used.

@Jakuje
Copy link
Member

Jakuje commented Jan 16, 2022

Do you know if this is used in some real-world application/protocol outside of the tests right now? Is there some other pkcs11 module implementing this?

The implementation looks quite simple and straight-forward.

@popovec
OAEP decrypt: support for optional "label"
4c6218b 
For OAEP encryption, RFC8017 allow us to use an optional "label" to be
associated with the message.  This "label" is represented in PKCS#11 as
optional encoding parameter in CK_RSA_PKCS_OAEP_PARAMS.  This patch
introduces the ability to use this optional "label".

Fixes OpenSC#2363
@popovec
pkcs11-tool: test for oaep decrypt using optional "label"
0df9f87 
"pkcs11-tool -l -t" now attempts to use optional "label" in OAEP
decipher.
@popovec
Copy link
Member Author

popovec commented Jan 17, 2022

I don't know any other pkcs#11 module with OAEP support which also includes support for "label".

I tested the use of "label" in OAEP encryption using openssl (from debian, 1.1.1k-1 + deb11u1), where an undocumented switch is available that allows you to specify a "label" using a hexadecimal string, for example: -pkeyopt rsa_oaep_label: 314F

I tested oaep encryption, including "label" with openssl and decryption with OpenSC's pkcs#11 module (using this PR).

I plan to add code to "pkcs11-tool" so that "label" can be entered on the command line.

This PR is already fixed as you suggested and is rebased to current master.

@Jakuje
Copy link
Member

Jakuje commented Jan 28, 2022

I plan to add code to "pkcs11-tool" so that "label" can be entered on the command line.

Thanks. Looks good. Do you plan to add this API to this PR or a next one after we will merge this one?

@popovec
Copy link
Member Author

popovec commented Jan 28, 2022

I think this PR should be merged. I will prepare the changes in pkcs11-tool as a separate PR.

@Jakuje Jakuje merged commit 870f21a into OpenSC:master Feb 7, 2022
Jakuje added a commit to Jakuje/OpenSCToken that referenced this pull request Feb 7, 2022
@Jakuje
TokenSession: Fix prototype for sc_pkcs15_decipher
3f0d078 
after merging OpenSC/OpenSC#2484 added the mechanism argument the build on OSX failed.
@Jakuje Jakuje mentioned this pull request Feb 7, 2022
Merged
@xhanulik xhanulik mentioned this pull request Jul 12, 2022
Closed
@popovec popovec mentioned this pull request Feb 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jakuje Jakuje Jakuje approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@popovec @Jakuje