Support different OAEP modes

README.md

@@ -37,7 +37,7 @@ SoftHSM depends on a cryptographic library, Botan or OpenSSL.
 Minimum required versions:
 
 - Botan 2.0.0
-- OpenSSL 1.0.0
+- OpenSSL 1.0.2
 
 If you are using Botan, use at least version 2.6.0. This will improve
 the performance when doing public key operations.

m4/acx_crypto_backend.m4

@@ -75,9 +75,11 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 		AC_MSG_RESULT(OpenSSL)
 
 		if test "x${enable_fips}" = "xyes"; then
-			ACX_OPENSSL(1,0,1)
+			# needed for FIPS compliance, so change only when FIPS requirements change
+			ACX_OPENSSL(1,0,2)
 		else
-			ACX_OPENSSL(1,0,0)
+			# increase this as features from newer versions needed
+			ACX_OPENSSL(1,0,2)
 		fi
 
 		CRYPTO_INCLUDES=$OPENSSL_INCLUDES

src/lib/SoftHSM.cpp

@@ -2478,7 +2478,27 @@ CK_RV SoftHSM::AsymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMec
 			if (rv != CKR_OK)
 				return rv;
 
-			mechanism = AsymMech::RSA_PKCS_OAEP;
+			switch(CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
+				case CKM_SHA_1:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA1;
+					break;
+				case CKM_SHA224:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA224;
+					break;
+				case CKM_SHA256:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA256;
+					break;
+				case CKM_SHA384:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA384;
+					break;
+				case CKM_SHA512:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA512;
+					break;
+				default:
+					DEBUG_MSG("hashAlg must be one of: CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512");
+					return CKR_ARGUMENTS_BAD;
+			}
+
 			isRSA = true;
 			break;
 		default:
@@ -3214,18 +3234,38 @@ CK_RV SoftHSM::AsymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMec
 				DEBUG_MSG("pParameter must be of type CK_RSA_PKCS_OAEP_PARAMS");
 				return CKR_ARGUMENTS_BAD;
 			}
-			if (CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA_1)
-			{
-				DEBUG_MSG("hashAlg must be CKM_SHA_1");
-				return CKR_ARGUMENTS_BAD;
+
+			switch(CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
+				case CKM_SHA_1:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA1;
+					break;
+				case CKM_SHA224:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA224;
+					break;
+				case CKM_SHA256:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA256;
+					break;
+				case CKM_SHA384:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA384;
+					break;
+				case CKM_SHA512:
+					mechanism = AsymMech::RSA_PKCS_OAEP_SHA512;
+					break;
+				default:
+					DEBUG_MSG("hashAlg must be one of: CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512");
+					return CKR_ARGUMENTS_BAD;
 			}
-			if (CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1)
+
+			if (CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1 &&
+			    CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA224 &&
+			    CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA256 &&
+			    CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA384 &&
+			    CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA512)
 			{
-				DEBUG_MSG("mgf must be CKG_MGF1_SHA1");
+				DEBUG_MSG("mgf must be one of: CKG_MGF1_SHA1, CKG_MGF1_SHA224, CKG_MGF1_SHA256, CKG_MGF1_SHA384, CKG_MGF1_SHA512");
 				return CKR_ARGUMENTS_BAD;
 			}
 
-			mechanism = AsymMech::RSA_PKCS_OAEP;
 			isRSA = true;
 			break;
 		default:
@@ -6474,11 +6514,40 @@ CK_RV SoftHSM::WrapKeyAsym
 			break;
 
 		case CKM_RSA_PKCS_OAEP:
-			mech = AsymMech::RSA_PKCS_OAEP;
-			// SHA-1 is the only supported option
-			// PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
-			if (keydata.size() > modulus_length - 2 - 2 * 160 / 8)
-				return CKR_KEY_SIZE_RANGE;
+			switch(CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
+				case CKM_SHA_1:
+					mech = AsymMech::RSA_PKCS_OAEP_SHA1;
+					// PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
+					if (keydata.size() > modulus_length - 2 - 2 * 160 / 8)
+						return CKR_KEY_SIZE_RANGE;
+					break;
+				case CKM_SHA224:
+					mech = AsymMech::RSA_PKCS_OAEP_SHA224;
+					// PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
+					if (keydata.size() > modulus_length - 2 - 2 * 224 / 8)
+						return CKR_KEY_SIZE_RANGE;
+					break;
+				case CKM_SHA256:
+					mech = AsymMech::RSA_PKCS_OAEP_SHA256;
+					// PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
+					if (keydata.size() > modulus_length - 2 - 2 * 256 / 8)
+						return CKR_KEY_SIZE_RANGE;
+					break;
+				case CKM_SHA384:
+					mech = AsymMech::RSA_PKCS_OAEP_SHA384;
+					// PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
+					if (keydata.size() > modulus_length - 2 - 2 * 384 / 8)
+						return CKR_KEY_SIZE_RANGE;
+					break;
+				case CKM_SHA512:
+					mech = AsymMech::RSA_PKCS_OAEP_SHA512;
+					// PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
+					if (keydata.size() > modulus_length - 2 - 2 * 512 / 8)
+						return CKR_KEY_SIZE_RANGE;
+					break;
+				default:
+					return CKR_MECHANISM_INVALID;
+			}
 			break;
 
 		default:
@@ -7044,7 +7113,25 @@ CK_RV SoftHSM::UnwrapKeyAsym
 
 		case CKM_RSA_PKCS_OAEP:
 			algo = AsymAlgo::RSA;
-			mode = AsymMech::RSA_PKCS_OAEP;
+			switch(CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
+				case CKM_SHA_1:
+					mode = AsymMech::RSA_PKCS_OAEP_SHA1;
+					break;
+				case CKM_SHA224:
+					mode = AsymMech::RSA_PKCS_OAEP_SHA224;
+					break;
+				case CKM_SHA256:
+					mode = AsymMech::RSA_PKCS_OAEP_SHA256;
+					break;
+				case CKM_SHA384:
+					mode = AsymMech::RSA_PKCS_OAEP_SHA384;
+					break;
+				case CKM_SHA512:
+					mode = AsymMech::RSA_PKCS_OAEP_SHA512;
+					break;
+				default:
+					return CKR_MECHANISM_INVALID;
+			}
 			break;
 
 		default:
@@ -13175,14 +13262,22 @@ CK_RV SoftHSM::MechParamCheckRSAPKCSOAEP(CK_MECHANISM_PTR pMechanism)
 	}
 
 	CK_RSA_PKCS_OAEP_PARAMS_PTR params = (CK_RSA_PKCS_OAEP_PARAMS_PTR)pMechanism->pParameter;
-	if (params->hashAlg != CKM_SHA_1)
+	if (params->hashAlg != CKM_SHA_1 &&
+	    params->hashAlg != CKM_SHA224 &&
+	    params->hashAlg != CKM_SHA256 &&
+	    params->hashAlg != CKM_SHA384 &&
+	    params->hashAlg != CKM_SHA512)
 	{
-		ERROR_MSG("hashAlg must be CKM_SHA_1");
+		ERROR_MSG("hashAlg must be one of: CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512");
 		return CKR_ARGUMENTS_BAD;
 	}
-	if (params->mgf != CKG_MGF1_SHA1)
+	if (params->mgf != CKG_MGF1_SHA1 &&
+	    params->mgf != CKG_MGF1_SHA224 &&
+	    params->mgf != CKG_MGF1_SHA256 &&
+	    params->mgf != CKG_MGF1_SHA384 &&
+	    params->mgf != CKG_MGF1_SHA512)
 	{
-		ERROR_MSG("mgf must be CKG_MGF1_SHA1");
+		ERROR_MSG("mgf must be one of: CKG_MGF1_SHA1, CKG_MGF1_SHA224, CKG_MGF1_SHA256, CKG_MGF1_SHA384, CKG_MGF1_SHA512");
 		return CKR_ARGUMENTS_BAD;
 	}
 	if (params->source != CKZ_DATA_SPECIFIED)

src/lib/crypto/AsymmetricAlgorithm.cpp

@@ -147,7 +147,11 @@ bool AsymmetricAlgorithm::isWrappingMech(AsymMech::Type padding)
 	{
 		case AsymMech::RSA:
 		case AsymMech::RSA_PKCS:
-		case AsymMech::RSA_PKCS_OAEP:
+		case AsymMech::RSA_PKCS_OAEP_SHA1:
+		case AsymMech::RSA_PKCS_OAEP_SHA224:
+		case AsymMech::RSA_PKCS_OAEP_SHA256:
+		case AsymMech::RSA_PKCS_OAEP_SHA384:
+		case AsymMech::RSA_PKCS_OAEP_SHA512:
 			return true;
 
 		default:

src/lib/crypto/AsymmetricAlgorithm.h

@@ -65,7 +65,11 @@ struct AsymMech
 		RSA,
 		RSA_MD5_PKCS,
 		RSA_PKCS,
-		RSA_PKCS_OAEP,
+		RSA_PKCS_OAEP_SHA1,
+		RSA_PKCS_OAEP_SHA224,
+		RSA_PKCS_OAEP_SHA256,
+		RSA_PKCS_OAEP_SHA384,
+		RSA_PKCS_OAEP_SHA512,
 		RSA_SHA1_PKCS,
 		RSA_SHA224_PKCS,
 		RSA_SHA256_PKCS,

src/lib/crypto/BotanRSA.cpp

@@ -761,8 +761,20 @@ bool BotanRSA::encrypt(PublicKey* publicKey, const ByteString& data,
 		case AsymMech::RSA_PKCS:
 			eme = "PKCS1v15";
 			break;
-		case AsymMech::RSA_PKCS_OAEP:
-			eme = "EME1(SHA-160)";
+		case AsymMech::RSA_PKCS_OAEP_SHA1:
+			eme = "OAEP(SHA-160)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA224:
+			eme = "OAEP(SHA-224)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA256:
+			eme = "OAEP(SHA-256)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA384:
+			eme = "OAEP(SHA-384)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA512:
+			eme = "OAEP(SHA-512)";
 			break;
 		case AsymMech::RSA:
 			eme = "Raw";
@@ -840,8 +852,20 @@ bool BotanRSA::decrypt(PrivateKey* privateKey, const ByteString& encryptedData,
 		case AsymMech::RSA_PKCS:
 			eme = "PKCS1v15";
 			break;
-		case AsymMech::RSA_PKCS_OAEP:
-			eme = "EME1(SHA-160)";
+		case AsymMech::RSA_PKCS_OAEP_SHA1:
+			eme = "OAEP(SHA-160)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA224:
+			eme = "OAEP(SHA-224)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA256:
+			eme = "OAEP(SHA-256)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA384:
+			eme = "OAEP(SHA-384)";
+			break;
+		case AsymMech::RSA_PKCS_OAEP_SHA512:
+			eme = "OAEP(SHA-512)";
 			break;
 		case AsymMech::RSA:
 			eme = "Raw";