Skip to content

Improve RSA PKCS#11 interoperability and provider support#655

Open
olszomal wants to merge 7 commits into
OpenSC:masterfrom
olszomal:digest_info
Open

Improve RSA PKCS#11 interoperability and provider support#655
olszomal wants to merge 7 commits into
OpenSC:masterfrom
olszomal:digest_info

Conversation

@olszomal
Copy link
Copy Markdown
Collaborator

@olszomal olszomal commented May 19, 2026

Pull Request Type

  • Bug fix
  • New feature
  • Code style / formatting / renaming
  • Refactoring (no functional or API changes)
  • Build / CI related changes
  • Documentation
  • Other (please describe):

Related Issue

Issue number: N/A

Scope of Changes

  • refactor RSA signing and decryption handling
  • add DigestInfo encoding for PKCS#1 v1.5 (RSA_PKCS1_PADDING) signatures
  • add digest encoding for X9.31 (RSA_X931_PADDING) signatures
  • add provider signature_verify_recover support for RSA public keys
  • restore RSA_PKCS1_PADDING private key decryption support unintentionally removed in Simplify PKCS#11 C_Sign and C_Decrypt handling #654

Testing

  • Existing tests
  • New tests added
  • Manual testing -> performed with YubiKey 5

Improve PKCS#11 interoperability coverage for:

  • RSA_NO_PADDING sign/verifyrecover
  • RSA PKCS#1 v1.5 sign/verify
  • RSA PKCS#1 v1.5 encrypt/decrypt
  • RSA OAEP encrypt/decrypt

Additional Notes

  • RSA_X931_PADDING support is implemented but currently cannot be tested with SoftHSM or YubiKey PKCS#11 modules because they do not expose CKM_RSA_X9_31 support.
  • SoftHSM RSA-OAEP interoperability currently requires SHA1/MGF1-SHA1 and does not support OAEP labels.

License Declaration

  • I hereby agree to license my contribution under the project's license.

olszomal added 7 commits May 19, 2026 12:46
@olszomal
tests: improve RSA interoperability and coverage
c5c5140 
Add PKCS#11 interoperability tests for:
- RSA PKCS#1 v1.5 signing
- RSA_NO_PADDING sign/verifyrecover
- RSA PKCS#1 v1.5 encrypt/decrypt
- RSA OAEP encrypt/decrypt
@olszomal
provider: improve RSA signing and decrypt handling
bc06606
@olszomal
provider: add DigestInfo encoding for RSA PKCS#1 v1.5 signatures
caef7e4
@olszomal
provider: add RSA verify-recover support
470b9aa
@olszomal
provider: add X9.31 digest encoding for RSA signatures
98e23c9
@olszomal
Refactor PKCS#11 RSA decrypt handling and logging
96ded1c
@olszomal
Restore RSA PKCS#1 v1.5 private key decryption support
46d2397 
This fixes a regression introduced in 4e3ba09, which
unintentionally removed RSA_PKCS1_PADDING decrypt support while
refactoring OAEP handling.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@olszomal