RSA: add support for descryption with OAEP padding

Fixes: #89
tpm2-software · Oct 20, 2023 · 60968f0 · 60968f0
1 parent 7beedd1
commit 60968f0
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 2 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -79,7 +79,8 @@ TESTS_SHELL = test/list.sh \
               test/rsa_createak_auth.sh \
               test/rsa_createak_sign_object.sh \
               test/rsa_createak_sign_handle.sh \
-              test/rsa_create_decrypt.sh \
+              test/rsa_create_decrypt_pkcs1.sh \
+              test/rsa_create_decrypt_oaep.sh \
               test/rsa_genpkey_x509_cert.sh \
               test/rsa_genpkey_x509_cmp.sh \
               test/rsa_genpkey_x509_cms.sh \

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 
+## [1.3.0] - 2023-xx-yy
+### Added
+- Added support for RSA-OAEP decryption
+
 ## [1.2.0] - 2023-10-14
 ### Added
 - Added support for ECDH with a KDF, which is used by ECC-based CMS (S/MIME).

diff --git a/src/tpm2-provider-asymcipher-rsa.c b/src/tpm2-provider-asymcipher-rsa.c
@@ -8,8 +8,9 @@
 #include <openssl/rsa.h>
 
 #include "tpm2-provider-pkey.h"
+#include "tpm2-provider-types.h"
 
-#ifdef _MSC_VER 
+#ifdef _MSC_VER
 //not #if defined(_WIN32) || defined(_WIN64) because we have strncasecmp in mingw
 #define strncasecmp _strnicmp
 #define strcasecmp _stricmp
@@ -20,6 +21,7 @@ typedef struct tpm2_rsa_asymcipher_ctx_st TPM2_RSA_ASYMCIPHER_CTX;
 struct tpm2_rsa_asymcipher_ctx_st {
     const OSSL_CORE_HANDLE *core;
     ESYS_CONTEXT *esys_ctx;
+    TPM2_CAPABILITY capability;
     TPMT_RSA_DECRYPT decrypt;
     /* TLS padding */
     unsigned int client_version;
@@ -46,6 +48,7 @@ static void
 
     actx->core = cprov->core;
     actx->esys_ctx = cprov->esys_ctx;
+    actx->capability = cprov->capability;
     actx->decrypt.scheme = TPM2_ALG_RSAES;
     return actx;
 }
@@ -139,6 +142,8 @@ rsa_asymcipher_set_ctx_params(void *ctx, const OSSL_PARAM params[])
             if (pad_mode == RSA_PKCS1_PADDING
                     || pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
                 actx->decrypt.scheme = TPM2_ALG_RSAES;
+            else if (pad_mode == RSA_PKCS1_OAEP_PADDING)
+                actx->decrypt.scheme = TPM2_ALG_OAEP;
             else if (pad_mode == RSA_NO_PADDING)
                 actx->decrypt.scheme = TPM2_ALG_NULL;
             else
@@ -147,6 +152,8 @@ rsa_asymcipher_set_ctx_params(void *ctx, const OSSL_PARAM params[])
         case OSSL_PARAM_UTF8_STRING:
             if (!strcasecmp(p->data, OSSL_PKEY_RSA_PAD_MODE_PKCSV15))
                 actx->decrypt.scheme = TPM2_ALG_RSAES;
+            else if (!strcasecmp(p->data, OSSL_PKEY_RSA_PAD_MODE_OAEP))
+                actx->decrypt.scheme = TPM2_ALG_OAEP;
             else if (!strcasecmp(p->data, OSSL_PKEY_RSA_PAD_MODE_NONE))
                 actx->decrypt.scheme = TPM2_ALG_NULL;
             else
@@ -157,6 +164,16 @@ rsa_asymcipher_set_ctx_params(void *ctx, const OSSL_PARAM params[])
         }
     }
 
+    p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST);
+    if (p != NULL) {
+        if (p->data_type != OSSL_PARAM_UTF8_STRING ||
+                ((actx->decrypt.details.oaep.hashAlg =
+                    tpm2_hash_name_to_alg(actx->capability.algorithms, p->data)) == TPM2_ALG_ERROR)) {
+            TPM2_ERROR_raise(actx->core, TPM2_ERR_UNKNOWN_ALGORITHM);
+            return 0;
+        }
+    }
+
     p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
     if (p != NULL) {
         unsigned int client_version;
@@ -183,6 +200,7 @@ rsa_asymcipher_settable_ctx_params(void *ctx, void *provctx)
 {
     static const OSSL_PARAM known_settable_ctx_params[] = {
         OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0),
         OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
         OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
         OSSL_PARAM_END

diff --git a/test/rsa_create_decrypt_oaep.sh b/test/rsa_create_decrypt_oaep.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: BSD-3-Clause
+set -eufx
+
+echo -n "abcde12345abcde12345" > testdata
+
+# create primary key
+tpm2_createprimary -c primary.ctx
+
+# create a default key
+tpm2_create -C primary.ctx -u key.pub -r key.priv
+
+# load the key
+tpm2_load -C primary.ctx -u key.pub -r key.priv -c testkey.ctx
+
+# make the key persistent
+HANDLE=$(tpm2_evictcontrol -c testkey.ctx | cut -d ' ' -f 2 | head -n 1)
+
+# export public key
+openssl pkey -provider tpm2 -propquery '?provider=tpm2' -in handle:${HANDLE} -pubout -out testkey.pub
+
+# encrypt data, no padding
+openssl pkeyutl -encrypt -pubin -inkey testkey.pub -pkeyopt rsa_padding_mode:oaep \
+    -pkeyopt rsa_oaep_md:sha256 -in testdata -out testdata.crypt
+
+# decrypt data
+openssl pkeyutl -provider tpm2 -propquery '?provider=tpm2' -inkey handle:${HANDLE} \
+    -decrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -in testdata.crypt -out testdata2
+
+# check the decryption
+cmp testdata testdata2
+
+# release the persistent key
+tpm2_evictcontrol -c ${HANDLE}
+
+rm primary.ctx key.pub key.priv testkey.ctx testkey.pub testdata testdata.crypt \
+    testdata2
diff --git a/test/rsa_create_decrypt.sh → test/rsa_create_decrypt_pkcs1.sh b/test/rsa_create_decrypt.sh → test/rsa_create_decrypt_pkcs1.sh