diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index b6873ea..4aa14d3 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -1747,9 +1747,11 @@ static int cmd_decrypt_asym() { return SW_FILE_FULL(); if (key_has_purpose(ef, p2) == false) return SW_CONDITIONS_NOT_SATISFIED(); - if (p2 == ALGO_RSA_DECRYPT) { + if (p2 >= ALGO_RSA_DECRYPT && p2 <= ALGO_RSA_DECRYPT_OEP) { mbedtls_rsa_context ctx; mbedtls_rsa_init(&ctx); + if (p2 == ALGO_RSA_DECRYPT_OEP) + mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); int r = load_private_key_rsa(&ctx, ef); if (r != CCID_OK) { mbedtls_rsa_free(&ctx); @@ -1760,12 +1762,21 @@ static int cmd_decrypt_asym() { int key_size = file_get_size(ef); if (apdu.nc < key_size) //needs padding memset(apdu.data+apdu.nc, 0, key_size-apdu.nc); - r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.data, res_APDU); + if (p2 == ALGO_RSA_DECRYPT_PKCS1 || p2 == ALGO_RSA_DECRYPT_OEP) { + size_t olen = apdu.nc; + r = mbedtls_rsa_pkcs1_decrypt(&ctx, random_gen, NULL, &olen, apdu.data, res_APDU, 512); + if (r == 0) + res_APDU_size = olen; + } + else { + r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.data, res_APDU); + if (r == 0) + res_APDU_size = key_size; + } if (r != 0) { mbedtls_rsa_free(&ctx); return SW_EXEC_ERROR(); } - res_APDU_size = key_size; mbedtls_rsa_free(&ctx); } else if (p2 == ALGO_EC_DH) { diff --git a/src/hsm/sc_hsm.h b/src/hsm/sc_hsm.h index 153b792..9d01f31 100644 --- a/src/hsm/sc_hsm.h +++ b/src/hsm/sc_hsm.h @@ -27,7 +27,7 @@ extern const uint8_t sc_hsm_aid[]; #define ALGO_RSA_RAW 0x20 /* RSA signature with external padding */ #define ALGO_RSA_DECRYPT 0x21 /* RSA raw decrypt */ -#define ALGO_RSA_DECRYPT_V15 0x22 +#define ALGO_RSA_DECRYPT_PKCS1 0x22 #define ALGO_RSA_DECRYPT_OEP 0x23 #define ALGO_RSA_PKCS1 0x30 /* RSA signature with DigestInfo input and PKCS#1 V1.5 padding */ #define ALGO_RSA_PKCS1_SHA1 0x31 /* RSA signature with SHA-1 hash and PKCS#1 V1.5 padding */