FlyGoat
commented
3 years ago For record, it is a PKCS11 provider bug and got fixed in tpm2-pkcs11 1.5.0.
https://github.com/tpm2-software/tpm2-pkcs11/commit/382ba1d80df318bb979a451f3505778955264e60
Closed chripell closed 3 years ago
FlyGoat
commented
3 years ago For record, it is a PKCS11 provider bug and got fixed in tpm2-pkcs11 1.5.0.
https://github.com/tpm2-software/tpm2-pkcs11/commit/382ba1d80df318bb979a451f3505778955264e60
This patch fixes a problem that I had while using gnupg-pkcs11-scd with the TPM2 provider: https://github.com/tpm2-software/tpm2-pkcs11 . After generating a keypair and importing it into gpg I was able to sign but not to decrypt. The error was "gpg: cipher algorithm 0 is unknown or disabled". After looking into gnupg code I realized that the padding was interpreted as the symmetric key itself.
I did a bit of research and it looks like, see https://crypto.stackexchange.com/questions/9593/ckm-rsa-pkcs-vs-ckm-rsa-x-509-mechanisms-in-pkcs11 but also the PKCS #11 V2.20 standard, that the output from CKM_RSA_PKCS should always be padded. I am puzzled why PADDING defaults to 0, but I am scared to blindly flip it to 1 and break some other use cases. For this reason I preffered to add an option.
Let me know if this patch needs rework. For example, I evaluated to have the has_padding option per-provider. However, I couldn't understand how the provider is selected when answering to a gpg-agent command. I guess I need to look into pkcs11-helper for that, any pointer would be appreciated.
Thanks!