alonbl / gnupg-pkcs11-scd

PKCS#11 GnuPG SCD
http://gnupg-pkcs11.sourceforge.net/
Other
69 stars 18 forks source link

Add an option to flag decrypted data as being padded. #23

Closed chripell closed 3 years ago

chripell commented 4 years ago

This patch fixes a problem that I had while using gnupg-pkcs11-scd with the TPM2 provider: https://github.com/tpm2-software/tpm2-pkcs11 . After generating a keypair and importing it into gpg I was able to sign but not to decrypt. The error was "gpg: cipher algorithm 0 is unknown or disabled". After looking into gnupg code I realized that the padding was interpreted as the symmetric key itself.

I did a bit of research and it looks like, see https://crypto.stackexchange.com/questions/9593/ckm-rsa-pkcs-vs-ckm-rsa-x-509-mechanisms-in-pkcs11 but also the PKCS #11 V2.20 standard, that the output from CKM_RSA_PKCS should always be padded. I am puzzled why PADDING defaults to 0, but I am scared to blindly flip it to 1 and break some other use cases. For this reason I preffered to add an option.

Let me know if this patch needs rework. For example, I evaluated to have the has_padding option per-provider. However, I couldn't understand how the provider is selected when answering to a gpg-agent command. I guess I need to look into pkcs11-helper for that, any pointer would be appreciated.

Thanks!

FlyGoat commented 3 years ago

For record, it is a PKCS11 provider bug and got fixed in tpm2-pkcs11 1.5.0.

https://github.com/tpm2-software/tpm2-pkcs11/commit/382ba1d80df318bb979a451f3505778955264e60