Added support for native PKCS1.5 and OEP decryption.

It is not tested, as it is not supported by pkcs11 modules. For instance, OpenSSL implements OEP in local side, calling a RAW decryption on the device. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-01-17 09:28:05 +00:00 · 2022-06-14 17:00:23 +02:00 · 2022-06-14 17:00:23 +02:00 · d1f0f45525
commit d1f0f45525
parent efc1b4a4ae
2 changed files with 15 additions and 4 deletions
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@ -1747,9 +1747,11 @@ static int cmd_decrypt_asym() {
        return SW_FILE_FULL();
    if (key_has_purpose(ef, p2) == false)
        return SW_CONDITIONS_NOT_SATISFIED();
-    if (p2 == ALGO_RSA_DECRYPT) {
+    if (p2 >= ALGO_RSA_DECRYPT && p2 <= ALGO_RSA_DECRYPT_OEP) {
        mbedtls_rsa_context ctx;
        mbedtls_rsa_init(&ctx);
+        if (p2 == ALGO_RSA_DECRYPT_OEP)
+            mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE);
        int r = load_private_key_rsa(&ctx, ef);
        if (r != CCID_OK) {
            mbedtls_rsa_free(&ctx);
@ -1760,12 +1762,21 @@ static int cmd_decrypt_asym() {
        int key_size = file_get_size(ef);
        if (apdu.nc < key_size) //needs padding
            memset(apdu.data+apdu.nc, 0, key_size-apdu.nc);
-        r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.data, res_APDU);
+        if (p2 == ALGO_RSA_DECRYPT_PKCS1 || p2 == ALGO_RSA_DECRYPT_OEP) {
+            size_t olen = apdu.nc;
+            r = mbedtls_rsa_pkcs1_decrypt(&ctx, random_gen, NULL, &olen, apdu.data, res_APDU, 512);
+            if (r == 0)
+                res_APDU_size = olen;
+        }
+        else {
+            r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.data, res_APDU);
+            if (r == 0)
+                res_APDU_size = key_size;
+        }
        if (r != 0) {
            mbedtls_rsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
-        res_APDU_size = key_size;
        mbedtls_rsa_free(&ctx);
    }
    else if (p2 == ALGO_EC_DH) {
--- a/src/hsm/sc_hsm.h
+++ b/src/hsm/sc_hsm.h
@ -27,7 +27,7 @@ extern const uint8_t sc_hsm_aid[];

 #define ALGO_RSA_RAW			0x20		/* RSA signature with external padding */
 #define ALGO_RSA_DECRYPT		0x21		/* RSA raw decrypt */
-#define ALGO_RSA_DECRYPT_V15    0x22
+#define ALGO_RSA_DECRYPT_PKCS1  0x22
 #define ALGO_RSA_DECRYPT_OEP    0x23
 #define ALGO_RSA_PKCS1			0x30		/* RSA signature with DigestInfo input and PKCS#1 V1.5 padding */
 #define ALGO_RSA_PKCS1_SHA1		0x31		/* RSA signature with SHA-1 hash and PKCS#1 V1.5 padding */