softhsm · noiser7 · Dec 24, 2025 · Dec 24, 2025 · Dec 24, 2025 · Dec 24, 2025
@@ -47,6 +47,7 @@
 #include "DESKey.h"
 #include "RNG.h"
 #include "RSAParameters.h"
+#include "RSAMechanismParam.h"
 #include "RSAPublicKey.h"
 #include "RSAPrivateKey.h"
 #include "DSAParameters.h"
@@ -2521,6 +2522,7 @@ CK_RV SoftHSM::AsymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMec
 	// Get the asymmetric algorithm matching the mechanism
 	AsymMech::Type mechanism;
 	bool isRSA = false;
+	MechanismParam* mechanismParam = NULL;
 	switch(pMechanism->mechanism) {
 		case CKM_RSA_PKCS:
 			if (keyType != CKK_RSA)
@@ -2571,16 +2573,35 @@ CK_RV SoftHSM::AsymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMec
 	}
 	else
 	{
-		return CKR_MECHANISM_INVALID;
-        }
+	   return CKR_MECHANISM_INVALID;
+    }
+	// set mechanism parameters
+	if (pMechanism->mechanism == CKM_RSA_PKCS_OAEP)
+	{
+		RSAOaepMechanismParam* rsaOaepMechanismParam = new RSAOaepMechanismParam;
+		rv = BuildRSAOAEPParam((CK_RSA_PKCS_OAEP_PARAMS *)pMechanism->pParameter,
+							   rsaOaepMechanismParam);
+		if (rv != CKR_OK)
+		{
+			delete rsaOaepMechanismParam;
+			asymCrypto->recyclePublicKey(publicKey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+			return rv;
+		}
+		mechanismParam = rsaOaepMechanismParam;
+	}
 
 	session->setOpType(SESSION_OP_ENCRYPT);
 	session->setAsymmetricCryptoOp(asymCrypto);
 	session->setMechanism(mechanism);
 	session->setAllowMultiPartOp(false);
 	session->setAllowSinglePartOp(true);
 	session->setPublicKey(publicKey);
-
+	if (mechanismParam != NULL)
+	{
+		session->setMechanismParam(mechanismParam);
+		delete mechanismParam;
+	}
 	return CKR_OK;
 }
 
@@ -2676,7 +2697,9 @@ static CK_RV AsymEncrypt(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen
 {
 	AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
 	AsymMech::Type mechanism = session->getMechanism();
+	MechanismParam* mechanismParam = session->getMechanismParam();
 	PublicKey* publicKey = session->getPublicKey();
+
 	if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
 	{
 		session->resetOp();
@@ -2711,7 +2734,7 @@ static CK_RV AsymEncrypt(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen
 	data += ByteString(pData, ulDataLen);
 
 	// Encrypt the data
-	if (!asymCrypto->encrypt(publicKey,data,encryptedData,mechanism))
+	if (!asymCrypto->encrypt(publicKey,data,encryptedData,mechanism, mechanismParam))
 	{
 		session->resetOp();
 		return CKR_GENERAL_ERROR;
@@ -3254,6 +3277,7 @@ CK_RV SoftHSM::AsymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMec
 
 	// Get the asymmetric algorithm matching the mechanism
 	AsymMech::Type mechanism = AsymMech::Unknown;
+	MechanismParam* mechanismParam = NULL;
 	bool isRSA = false;
 	switch(pMechanism->mechanism) {
 		case CKM_RSA_PKCS:
@@ -3313,14 +3337,32 @@ CK_RV SoftHSM::AsymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMec
 	{
 		session->setReAuthentication(true);
 	}
-
+    // set mechanism parameters
+	if (pMechanism->mechanism == CKM_RSA_PKCS_OAEP)
+	{
+		RSAOaepMechanismParam* rsaOaepMechanismParam = new RSAOaepMechanismParam;
+		rv = BuildRSAOAEPParam((CK_RSA_PKCS_OAEP_PARAMS *)pMechanism->pParameter,
+							   rsaOaepMechanismParam);
+		if (rv != CKR_OK)
+		{
+			delete rsaOaepMechanismParam;
+			asymCrypto->recyclePrivateKey(privateKey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+			return rv;
+		}
+		mechanismParam = rsaOaepMechanismParam;
+	}
 	session->setOpType(SESSION_OP_DECRYPT);
 	session->setAsymmetricCryptoOp(asymCrypto);
 	session->setMechanism(mechanism);
 	session->setAllowMultiPartOp(false);
 	session->setAllowSinglePartOp(true);
 	session->setPrivateKey(privateKey);
-
+	if (mechanismParam != NULL)
+	{
+		session->setMechanismParam(mechanismParam);
+		delete mechanismParam;
+	}
 	return CKR_OK;
 }
 
@@ -3408,7 +3450,9 @@ static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG
 {
 	AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
 	AsymMech::Type mechanism = session->getMechanism();
+	MechanismParam* mechanismParam = session->getMechanismParam();
 	PrivateKey* privateKey = session->getPrivateKey();
+
 	if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
 	{
 		session->resetOp();
@@ -3442,7 +3486,7 @@ static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG
 	ByteString data;
 
 	// Decrypt the data
-	if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))
+	if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism,mechanismParam))
 	{
 		session->resetOp();
 		return CKR_ENCRYPTED_DATA_INVALID;
@@ -6668,9 +6712,12 @@ CK_RV SoftHSM::WrapKeyAsym
 	ByteString& wrapped
 )
 {
+	CK_RV rv = CKR_OK;
 	const size_t bb = 8;
 	AsymAlgo::Type algo = AsymAlgo::Unknown;
 	AsymMech::Type mech = AsymMech::Unknown;
+	MechanismParam* mechanismParam = NULL;
+	size_t hashLen = 0;
 
 	CK_ULONG modulus_length;
 	switch(pMechanism->mechanism) {
@@ -6698,10 +6745,8 @@ CK_RV SoftHSM::WrapKeyAsym
 
 		case CKM_RSA_PKCS_OAEP:
 			mech = AsymMech::RSA_PKCS_OAEP;
-			// SHA-1 is the only supported option
 			// PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
-			if (keydata.size() > modulus_length - 2 - 2 * 160 / 8)
-				return CKR_KEY_SIZE_RANGE;
+			// key length will be check later
 			break;
 
 		default:
@@ -6730,20 +6775,39 @@ CK_RV SoftHSM::WrapKeyAsym
 			break;
 
 		default:
+		    cipher->recyclePublicKey(publicKey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
 			return CKR_MECHANISM_INVALID;
 	}
-	// Wrap the key
-	if (!cipher->wrapKey(publicKey, keydata, wrapped, mech))
+	if (pMechanism->mechanism == CKM_RSA_PKCS_OAEP)
 	{
-		cipher->recyclePublicKey(publicKey);
-		CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
-		return CKR_GENERAL_ERROR;
+		RSAOaepMechanismParam* rsaOaepMechanismParam = new RSAOaepMechanismParam;
+		rv = BuildRSAOAEPParam((CK_RSA_PKCS_OAEP_PARAMS *)pMechanism->pParameter,
+			rsaOaepMechanismParam,&hashLen);
+		if (rv != CKR_OK)
+		{
+			delete rsaOaepMechanismParam;
+			cipher->recyclePublicKey(publicKey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+			return rv;
+		}	
+		if (keydata.size() > modulus_length - 2 - (2 * hashLen))
+		{
+			delete rsaOaepMechanismParam;
+			cipher->recyclePublicKey(publicKey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+			return CKR_KEY_SIZE_RANGE;
+		}
+		mechanismParam = rsaOaepMechanismParam;
 	}
-
+	// Wrap the key
+	if (!cipher->wrapKey(publicKey, keydata, wrapped, mech, mechanismParam))
+		rv = CKR_GENERAL_ERROR;
+    delete mechanismParam;
 	cipher->recyclePublicKey(publicKey);
 	CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
 
-	return CKR_OK;
+	return rv;
 }
 
 // Internal: Wrap with mechanism RSA_AES_KEY_WRAP
@@ -7269,6 +7333,8 @@ CK_RV SoftHSM::UnwrapKeyAsym
 	// Get the symmetric algorithm matching the mechanism
 	AsymAlgo::Type algo = AsymAlgo::Unknown;
 	AsymMech::Type mode = AsymMech::Unknown;
+	MechanismParam* mechanismParam = NULL;
+
 	switch(pMechanism->mechanism) {
 		case CKM_RSA_PKCS:
 			algo = AsymAlgo::RSA;
@@ -7305,12 +7371,29 @@ CK_RV SoftHSM::UnwrapKeyAsym
 			break;
 
 		default:
+			cipher->recyclePrivateKey(unwrappingkey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
 			return CKR_MECHANISM_INVALID;
 	}
-
+
+	if (pMechanism->mechanism == CKM_RSA_PKCS_OAEP)
+	{
+		RSAOaepMechanismParam* rsaOaepMechanismParam = new RSAOaepMechanismParam;
+		rv = BuildRSAOAEPParam((CK_RSA_PKCS_OAEP_PARAMS *)pMechanism->pParameter,
+			rsaOaepMechanismParam);
+		if (rv != CKR_OK)
+		{
+			delete rsaOaepMechanismParam;
+			cipher->recyclePrivateKey(unwrappingkey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+			return rv;
+		}
+		mechanismParam = rsaOaepMechanismParam;
+	}
 	// Unwrap the key
-	if (!cipher->unwrapKey(unwrappingkey, wrapped, keydata, mode))
+	if (!cipher->unwrapKey(unwrappingkey, wrapped, keydata, mode, mechanismParam ))
 		rv = CKR_GENERAL_ERROR;
+	delete mechanismParam;
 	cipher->recyclePrivateKey(unwrappingkey);
 	CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
 	return rv;
@@ -13676,31 +13759,16 @@ CK_RV SoftHSM::MechParamCheckRSAPKCSOAEP(CK_MECHANISM_PTR pMechanism)
 		ERROR_MSG("pParameter must be of type CK_RSA_PKCS_OAEP_PARAMS");
 		return CKR_ARGUMENTS_BAD;
 	}
-
 	CK_RSA_PKCS_OAEP_PARAMS_PTR params = (CK_RSA_PKCS_OAEP_PARAMS_PTR)pMechanism->pParameter;
-	if (params->hashAlg != CKM_SHA_1)
-	{
-		ERROR_MSG("hashAlg must be CKM_SHA_1");
-		return CKR_ARGUMENTS_BAD;
-	}
-	if (params->mgf != CKG_MGF1_SHA1)
-	{
-		ERROR_MSG("mgf must be CKG_MGF1_SHA1");
-		return CKR_ARGUMENTS_BAD;
-	}
+
 	if (params->source != CKZ_DATA_SPECIFIED)
 	{
 		ERROR_MSG("source must be CKZ_DATA_SPECIFIED");
 		return CKR_ARGUMENTS_BAD;
 	}
-	if (params->pSourceData != NULL)
-	{
-		ERROR_MSG("pSourceData must be NULL");
-		return CKR_ARGUMENTS_BAD;
-	}
-	if (params->ulSourceDataLen != 0)
+	if ((params-> pSourceData == NULL)&&(params->ulSourceDataLen != 0))
 	{
-		ERROR_MSG("ulSourceDataLen must be 0");
+		ERROR_MSG("pSourceData is NULL");
 		return CKR_ARGUMENTS_BAD;
 	}
 	return CKR_OK;
@@ -13732,27 +13800,93 @@ CK_RV SoftHSM::MechParamCheckRSAAESKEYWRAP(CK_MECHANISM_PTR pMechanism)
 		ERROR_MSG("pOAEPParams must be of type CK_RSA_PKCS_OAEP_PARAMS");
 		return CKR_ARGUMENTS_BAD;
 	}
-	if (params->pOAEPParams->mgf < 1UL || params->pOAEPParams->mgf > 5UL)
+	if (params->pOAEPParams->source != CKZ_DATA_SPECIFIED)
 	{
-		ERROR_MSG("mgf not supported");
+		ERROR_MSG("source must be CKZ_DATA_SPECIFIED");
 		return CKR_ARGUMENTS_BAD;
 	}
-	if (params->pOAEPParams->source != CKZ_DATA_SPECIFIED)
+	if ((params->pOAEPParams->pSourceData == NULL) && (params->pOAEPParams->ulSourceDataLen != 0))
+	{
+		ERROR_MSG("pSourceData is NULL");
+		return CKR_ARGUMENTS_BAD;
+	}
+	return CKR_OK;
+}
+
+CK_RV SoftHSM::BuildRSAOAEPParam(const CK_RSA_PKCS_OAEP_PARAMS *params,
+								 RSAOaepMechanismParam* mechanismParam,
+								 size_t* hashLen)
+{
+	if (params == NULL)
+	{
+		ERROR_MSG("parameters is NULL for RSA OAEP encryption");
+	    return CKR_ARGUMENTS_BAD;
+	}  
+	if (params->source != CKZ_DATA_SPECIFIED)
 	{
 		ERROR_MSG("source must be CKZ_DATA_SPECIFIED");
 		return CKR_ARGUMENTS_BAD;
+	}  
+	if ((params->pSourceData == NULL) && (params->ulSourceDataLen != 0))
+	{
+		ERROR_MSG("pSourceData is NULL");
+		return CKR_ARGUMENTS_BAD;
 	}
-	if (params->pOAEPParams->pSourceData != NULL)
+	switch (params->hashAlg)
 	{
-		ERROR_MSG("pSourceData must be NULL");
+	case CKM_SHA_1:
+		mechanismParam->hashAlg = HashAlgo::SHA1;
+		if (hashLen) *hashLen = 20;
+		break;
+	case CKM_SHA224:
+		mechanismParam->hashAlg = HashAlgo::SHA224;
+		if (hashLen) *hashLen = 28;
+		break;
+	case CKM_SHA256:
+		mechanismParam->hashAlg = HashAlgo::SHA256;
+		if (hashLen) *hashLen = 32;
+		break;
+	case CKM_SHA384:
+		mechanismParam->hashAlg = HashAlgo::SHA384;
+		if (hashLen) *hashLen = 48;
+		break;
+	case CKM_SHA512:
+		mechanismParam->hashAlg = HashAlgo::SHA512;
+		if (hashLen) *hashLen = 64;
+		break;
+	default:
+	    ERROR_MSG("hash algorithm not supported for OAEP");
+		return CKR_ARGUMENTS_BAD;
+	}
+	switch (params->mgf)
+	{
+	case CKG_MGF1_SHA1:
+		mechanismParam->mgfAlg = AsymRSAMGF::MGF1_SHA1;
+		break;
+	case CKG_MGF1_SHA224:
+		mechanismParam->mgfAlg = AsymRSAMGF::MGF1_SHA224;
+		break;
+	case CKG_MGF1_SHA256:
+		mechanismParam->mgfAlg = AsymRSAMGF::MGF1_SHA256;
+		break;
+	case CKG_MGF1_SHA384:
+		mechanismParam->mgfAlg = AsymRSAMGF::MGF1_SHA384;
+		break;
+	case CKG_MGF1_SHA512:
+		mechanismParam->mgfAlg = AsymRSAMGF::MGF1_SHA512;
+		break;
+	default:
+	    ERROR_MSG("mgf algorithm not supported for OAEP");
 		return CKR_ARGUMENTS_BAD;
 	}
-	if (params->pOAEPParams->ulSourceDataLen != 0)
+	if (params->ulSourceDataLen > 0xffffffff - sizeof(RSA_PKCS_OAEP_PARAMS))
 	{
-		ERROR_MSG("ulSourceDataLen must be 0");
+		ERROR_MSG("OAEP Label too large");
 		return CKR_ARGUMENTS_BAD;
 	}
-
+	// copy label data to mechanismParam
+	mechanismParam->label = ByteString(reinterpret_cast<const unsigned char*>(params->pSourceData),params->ulSourceDataLen);
+
 	return CKR_OK;
 }