README
¶
About
This implements RSAES-OAEP-PKCS1-v2_1 (aka RSAES-OAEP; aka RSA-OAEP; aka OAEP) in SmartCard-HSM 4K based PKCS#11 HSMs.
These cards only implement the deprecated RSAES-PKCS1-v1_5:
This was based on the Go crypto/rsa package source code.
See an example application at https://github.com/rgl/go-pkcs11-rsa-oaep-example.
Test
Execute the following instructions in a Ubuntu 20.04 terminal.
Install dependencies:
sudo apt-get install -y opensc softhsm2
SoftHSM2
Then run the tests:
./test.sh
SmartCard-HSM-4K-Mini-SIM
Set the needed environment variables:
export TEST_PKCS11_LIBRARY_PATH='/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so'
export TEST_PKCS11_SO_PIN=3537363231383830
export TEST_PKCS11_USER_PIN=648219
export TEST_PKCS11_TOKEN_LABEL=test-token
export TEST_PKCS11_KEY_LABEL=test-rsa-2048
Inititialize the HSM device:
pkcs11-tool \
--module opensc-pkcs11.so \
--init-token \
--init-pin \
--so-pin $TEST_PKCS11_SO_PIN \
--pin $TEST_PKCS11_USER_PIN \
--label $TEST_PKCS11_TOKEN_LABEL
The output should be:
Using slot 0 with a present token (0x0)
Token successfully initialized
User PIN successfully initialized
Create the test-key-2048 RSA key:
pkcs11-tool \
--module opensc-pkcs11.so \
--login \
--keypairgen \
--key-type rsa:2048 \
--id 10 \
--label $TEST_PKCS11_KEY_LABEL \
--pin $TEST_PKCS11_USER_PIN
The output should be:
Using slot 0 with a present token (0x0)
Key pair generated:
Private Key Object; RSA
label: test-rsa-2048
ID: 10
Usage: decrypt, sign, unwrap
Access: none
Public Key Object; RSA 2048 bits
label: test-rsa-2048
ID: 10
Usage: encrypt, verify, wrap
Access: none
List the objects:
pkcs11-tool --module opensc-pkcs11.so --list-slots --list-objects
The output should be:
Available slots:
Slot 0 (0x0): Alcor Micro AU9560 00 00
token label : test-token (UserPIN)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : login required, rng, token initialized, PIN initialized
hardware version : 24.13
firmware version : 3.1
serial num : DECC0800102
pin min/max : 6/15
Using slot 0 with a present token (0x0)
Public Key Object; RSA 2048 bits
label: test-rsa-2048
ID: 10
Usage: encrypt, verify, wrap
Access: none
NB For some odd reason the token label always has the (UserPIN)
suffix... so we must account for that when executing the tests.
Then run the tests:
TEST_PKCS11_TOKEN_LABEL="$TEST_PKCS11_TOKEN_LABEL (UserPIN)" \
go test -v
Documentation
¶
Index ¶
- func Decrypt(hash hash.Hash, random io.Reader, k int, priv *p11.PrivateKey, ...) ([]byte, error)
- func Encrypt(hash hash.Hash, random io.Reader, pub *rsa.PublicKey, plaintext []byte, ...) ([]byte, error)
- func GetKey(session p11.Session, keyLabel string) (pub *rsa.PublicKey, priv *p11.PrivateKey, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
func Decrypt(hash hash.Hash, random io.Reader, k int, priv *p11.PrivateKey, ciphertext []byte, label []byte) ([]byte, error)
Decrypt decrypts ciphertext using RSA-OAEP.
OAEP is parameterised by a hash function that is used as a random oracle. Encryption and decryption of a given message must use the same hash function and sha256.New() is a reasonable choice.
The label parameter must match the value given when encrypting. See Encrypt for details.
func Encrypt ¶
func Encrypt(hash hash.Hash, random io.Reader, pub *rsa.PublicKey, plaintext []byte, label []byte) ([]byte, error)
Encrypt encrypts the given message with RSA-OAEP.
OAEP is parameterised by a hash function that is used as a random oracle. Encryption and decryption of a given message must use the same hash function and sha256.New() is a reasonable choice.
The random parameter is used as a source of entropy to ensure that encrypting the same message twice doesn't result in the same ciphertext.
The label parameter may contain arbitrary data that will not be encrypted, but which gives important context to the message. For example, if a given public key is used to decrypt two types of messages then distinct label values could be used to ensure that a ciphertext for one purpose cannot be used for another by an attacker. If not required it can be empty.
The message must be no longer than the length of the public modulus minus twice the hash length, minus a further 2.
NB this is compatible with Go 1.15 rsa.EncryptOAEP (which you can use).
but its here to maintain the symmetry of the operations.
Types ¶
This section is empty.
Source Files