botan
botan copied to clipboard
PKCS#11 RSA allows choosing software EME
When enabling set_use_software_padding(bool)
the PKCS#11 module won't perform the unpadding. Instead, we let it decrypt a blinded ciphertext in Raw-mode and strip the EME in software afterwards.
Hence, the PKCS#11 module (and all middleware on the way) won't gain knowledge of the decrypted secret value. Note that this might require some refactoring.
@weberph2, does that roughly address your issue? (See #3008)
Codecov Report
Merging #3034 (ba35a90) into master (7ba63f9) will increase coverage by
0.00%
. The diff coverage is90.47%
.
@@ Coverage Diff @@
## master #3034 +/- ##
=======================================
Coverage 92.59% 92.59%
=======================================
Files 596 596
Lines 69791 69805 +14
Branches 6616 6617 +1
=======================================
+ Hits 64623 64638 +15
+ Misses 5135 5134 -1
Partials 33 33
Impacted Files | Coverage Δ | |
---|---|---|
src/lib/prov/pkcs11/p11_rsa.cpp | 91.66% <85.71%> (-0.70%) |
:arrow_down: |
src/tests/test_pkcs11_high_level.cpp | 98.30% <100.00%> (+<0.01%) |
:arrow_up: |
src/lib/utils/thread_utils/semaphore.cpp | 69.23% <0.00%> (-30.77%) |
:arrow_down: |
src/lib/pubkey/mce/mceliece_key.cpp | 84.29% <0.00%> (+1.04%) |
:arrow_up: |
src/lib/misc/cryptobox/cryptobox.cpp | 95.89% <0.00%> (+1.36%) |
:arrow_up: |
src/lib/asn1/der_enc.cpp | 86.33% <0.00%> (+2.48%) |
:arrow_up: |
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
@reneme Yes, thank you. This would resolve the issue described in #3008.
Is this pull request still WIP or ready for review? :)
:+1: