mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed a bug with RSA-PKCS-PSS. Surprisingly, PKCS_V21 signature takes in place (input buffer = output buffer) and, for a strange reason, it does not work for res_APDU.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-03-16 00:26:54 +01:00
parent dcae71a4e8
commit 73bc2ede6b
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/hsm/sc_hsm.c
View file

@ -1308,6 +1308,8 @@ static int cmd_signature() {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
if (p2 == ALGO_RSA_PSS || p2 == ALGO_RSA_PSS_SHA1 || p2 == ALGO_RSA_PSS_SHA256) {
if (p2 == ALGO_RSA_PSS && apdu.cmd_apdu_data_len == 20) //default is sha1
md = MBEDTLS_MD_SHA1;
mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, md);
}
else if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached
@ -1330,13 +1332,17 @@ static int cmd_signature() {
r = load_private_key_rsa(&ctx, fkey);
if (r != HSM_OK)
return r;
//sc_asn1_print_tags(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len);
if (md == MBEDTLS_MD_NONE) {
if (apdu.cmd_apdu_data_len < key_size) //needs padding
memset(apdu.cmd_apdu_data+apdu.cmd_apdu_data_len, 0, key_size-apdu.cmd_apdu_data_len);
r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.cmd_apdu_data, res_APDU);
}
else {
r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, apdu.cmd_apdu_data_len, apdu.cmd_apdu_data, res_APDU);
uint8_t *signature = (uint8_t *)calloc(key_size, sizeof(uint8_t));
r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, apdu.cmd_apdu_data_len, apdu.cmd_apdu_data, signature);
memcpy(res_APDU, signature, key_size);
free(signature);
}
if (r != 0) {
mbedtls_rsa_free(&ctx);