oaep

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2020 License: BSD-3-Clause Imports: 8 Imported by: 0

README

Build status

About

This implements RSAES-OAEP-PKCS1-v2_1 (aka RSAES-OAEP; aka RSA-OAEP; aka OAEP) in SmartCard-HSM 4K based PKCS#11 HSMs.

These cards only implement the deprecated RSAES-PKCS1-v1_5:

This was based on the Go crypto/rsa package source code.

See an example application at https://github.com/rgl/go-pkcs11-rsa-oaep-example.

Test

Execute the following instructions in a Ubuntu 20.04 terminal.

Install dependencies:

sudo apt-get install -y opensc softhsm2

SoftHSM2

Then run the tests:

./test.sh

SmartCard-HSM-4K-Mini-SIM

Set the needed environment variables:

export TEST_PKCS11_LIBRARY_PATH='/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so'
export TEST_PKCS11_SO_PIN=3537363231383830
export TEST_PKCS11_USER_PIN=648219
export TEST_PKCS11_TOKEN_LABEL=test-token
export TEST_PKCS11_KEY_LABEL=test-rsa-2048

Inititialize the HSM device:

pkcs11-tool \
    --module opensc-pkcs11.so \
    --init-token \
    --init-pin \
    --so-pin $TEST_PKCS11_SO_PIN \
    --pin $TEST_PKCS11_USER_PIN \
    --label $TEST_PKCS11_TOKEN_LABEL

The output should be:

Using slot 0 with a present token (0x0)
Token successfully initialized
User PIN successfully initialized

Create the test-key-2048 RSA key:

pkcs11-tool \
    --module opensc-pkcs11.so \
    --login \
    --keypairgen \
    --key-type rsa:2048 \
    --id 10 \
    --label $TEST_PKCS11_KEY_LABEL \
    --pin $TEST_PKCS11_USER_PIN

The output should be:

Using slot 0 with a present token (0x0)
Key pair generated:
Private Key Object; RSA
  label:      test-rsa-2048
  ID:         10
  Usage:      decrypt, sign, unwrap
  Access:     none
Public Key Object; RSA 2048 bits
  label:      test-rsa-2048
  ID:         10
  Usage:      encrypt, verify, wrap
  Access:     none

List the objects:

pkcs11-tool --module opensc-pkcs11.so --list-slots --list-objects

The output should be:

Available slots:
Slot 0 (0x0): Alcor Micro AU9560 00 00
  token label        : test-token (UserPIN)
  token manufacturer : www.CardContact.de
  token model        : PKCS#15 emulated
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 24.13
  firmware version   : 3.1
  serial num         : DECC0800102
  pin min/max        : 6/15
Using slot 0 with a present token (0x0)
Public Key Object; RSA 2048 bits
  label:      test-rsa-2048
  ID:         10
  Usage:      encrypt, verify, wrap
  Access:     none

NB For some odd reason the token label always has the (UserPIN) suffix... so we must account for that when executing the tests.

Then run the tests:

TEST_PKCS11_TOKEN_LABEL="$TEST_PKCS11_TOKEN_LABEL (UserPIN)" \
    go test -v

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(hash hash.Hash, random io.Reader, k int, priv *p11.PrivateKey, ciphertext []byte, label []byte) ([]byte, error)

Decrypt decrypts ciphertext using RSA-OAEP.

OAEP is parameterised by a hash function that is used as a random oracle. Encryption and decryption of a given message must use the same hash function and sha256.New() is a reasonable choice.

The label parameter must match the value given when encrypting. See Encrypt for details.

func Encrypt 

func Encrypt(hash hash.Hash, random io.Reader, pub *rsa.PublicKey, plaintext []byte, label []byte) ([]byte, error)

Encrypt encrypts the given message with RSA-OAEP.

OAEP is parameterised by a hash function that is used as a random oracle. Encryption and decryption of a given message must use the same hash function and sha256.New() is a reasonable choice.

The random parameter is used as a source of entropy to ensure that encrypting the same message twice doesn't result in the same ciphertext.

The label parameter may contain arbitrary data that will not be encrypted, but which gives important context to the message. For example, if a given public key is used to decrypt two types of messages then distinct label values could be used to ensure that a ciphertext for one purpose cannot be used for another by an attacker. If not required it can be empty.

The message must be no longer than the length of the public modulus minus twice the hash length, minus a further 2.

NB this is compatible with Go 1.15 rsa.EncryptOAEP (which you can use). 

but its here to maintain the symmetry of the operations.

func GetKey 

func GetKey(session p11.Session, keyLabel string) (pub *rsa.PublicKey, priv *p11.PrivateKey, err error)

GetKey return the RSA key with the given label. see https://github.com/ThalesIgnite/crypto11/blob/3d83a0a5d480dbbc8a65be3a111e194b5275e58b/rsa.go#L52-L81

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.