Vault-16367: add support RSA padding scheme pkcs1v15 for encryption

builtin/logical/transit/path_datakey.go

@@ -28,6 +28,12 @@ func (b *backend) pathDatakey() *framework.Path {
 ciphertext; "wrapped" will return the ciphertext only.`,
 			},
 
+			"padding_scheme": {
+				Type: framework.TypeString,
+				Description: `The padding scheme to use for decrypt. Currently only applies to RSA key types.
+Options are 'oaep' or 'pkcs1v15'. Defaults to 'oaep'`,
+			},
+
 			"context": {
 				Type:        framework.TypeString,
 				Description: "Context for key derivation. Required for derived keys.",
@@ -131,7 +137,8 @@ func (b *backend) pathDatakeyWrite(ctx context.Context, req *logical.Request, d
 		return nil, err
 	}
 
-	ciphertext, err := p.Encrypt(ver, context, nonce, base64.StdEncoding.EncodeToString(newKey))
+	paddingScheme := d.Get("padding_scheme").(string)
+	ciphertext, err := p.Encrypt(ver, context, nonce, base64.StdEncoding.EncodeToString(newKey), paddingScheme)
 	if err != nil {
 		switch err.(type) {
 		case errutil.UserError:

builtin/logical/transit/path_decrypt.go

@@ -37,6 +37,12 @@ func (b *backend) pathDecrypt() *framework.Path {
 The ciphertext to decrypt, provided as returned by encrypt.`,
 			},
 
+			"padding_scheme": {
+				Type: framework.TypeString,
+				Description: `The padding scheme to use for decrypt. Currently only applies to RSA key types.
+Options are 'oaep' or 'pkcs1v15'. Defaults to 'oaep'`,
+			},
+
 			"context": {
 				Type: framework.TypeString,
 				Description: `
@@ -147,7 +153,8 @@ func (b *backend) pathDecryptWrite(ctx context.Context, req *logical.Request, d
 			continue
 		}
 
-		plaintext, err := p.Decrypt(item.DecodedContext, item.DecodedNonce, item.Ciphertext)
+		paddingScheme := d.Get("padding_scheme").(string)
+		plaintext, err := p.Decrypt(item.DecodedContext, item.DecodedNonce, item.Ciphertext, paddingScheme)
 		if err != nil {
 			switch err.(type) {
 			case errutil.InternalError:

builtin/logical/transit/path_encrypt.go

@@ -69,6 +69,12 @@ func (b *backend) pathEncrypt() *framework.Path {
 				Description: "Base64 encoded plaintext value to be encrypted",
 			},
 
+			"padding_scheme": {
+				Type: framework.TypeString,
+				Description: `The padding scheme to use for decrypt. Currently only applies to RSA key types.
+Options are 'oaep' or 'pkcs1v15'. Defaults to 'oaep'`,
+			},
+
 			"context": {
 				Type:        framework.TypeString,
 				Description: "Base64 encoded context for key derivation. Required if key derivation is enabled",
@@ -384,7 +390,8 @@ func (b *backend) pathEncryptWrite(ctx context.Context, req *logical.Request, d
 			warnAboutNonceUsage = true
 		}
 
-		ciphertext, err := p.Encrypt(item.KeyVersion, item.DecodedContext, item.DecodedNonce, item.Plaintext)
+		paddingScheme := d.Get("padding_scheme").(string)
+		ciphertext, err := p.Encrypt(item.KeyVersion, item.DecodedContext, item.DecodedNonce, item.Plaintext, paddingScheme)
 		if err != nil {
 			switch err.(type) {
 			case errutil.InternalError:

builtin/logical/transit/path_rewrap.go

@@ -27,6 +27,12 @@ func (b *backend) pathRewrap() *framework.Path {
 				Description: "Ciphertext value to rewrap",
 			},
 
+			"padding_scheme": {
+				Type: framework.TypeString,
+				Description: `The padding scheme to use for decrypt. Currently only applies to RSA key types.
+Options are 'oaep' or 'pkcs1v15'. Defaults to 'oaep'`,
+			},
+
 			"context": {
 				Type:        framework.TypeString,
 				Description: "Base64 encoded context for key derivation. Required for derived keys.",
@@ -135,7 +141,8 @@ func (b *backend) pathRewrapWrite(ctx context.Context, req *logical.Request, d *
 			continue
 		}
 
-		plaintext, err := p.Decrypt(item.DecodedContext, item.DecodedNonce, item.Ciphertext)
+		paddingScheme := d.Get("padding_scheme").(string)
+		plaintext, err := p.Decrypt(item.DecodedContext, item.DecodedNonce, item.Ciphertext, paddingScheme)
 		if err != nil {
 			switch err.(type) {
 			case errutil.UserError:
@@ -151,7 +158,7 @@ func (b *backend) pathRewrapWrite(ctx context.Context, req *logical.Request, d *
 			warnAboutNonceUsage = true
 		}
 
-		ciphertext, err := p.Encrypt(item.KeyVersion, item.DecodedContext, item.DecodedNonce, plaintext)
+		ciphertext, err := p.Encrypt(item.KeyVersion, item.DecodedContext, item.DecodedNonce, plaintext, paddingScheme)
 		if err != nil {
 			switch err.(type) {
 			case errutil.UserError:

changelog/16368.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+secrets/transit: Add support for RSA padding scheme pkcs1v15 for encryption
+```

sdk/helper/keysutil/encrypted_key_storage.go

@@ -183,7 +183,7 @@ func (s *encryptedKeyStorage) List(ctx context.Context, prefix string) ([]string
 		}
 
 		// Decrypt the data with the object's key policy.
-		encodedPlaintext, err := s.policy.Decrypt(context, nil, string(decoded[:]))
+		encodedPlaintext, err := s.policy.Decrypt(context, nil, string(decoded[:]), "")
 		if err != nil {
 			return nil, err
 		}
@@ -268,7 +268,7 @@ func (s *encryptedKeyStorage) encryptPath(path string) (string, error) {
 	context := strings.TrimSuffix(s.prefix, "/")
 	for _, p := range parts {
 		encoded := base64.StdEncoding.EncodeToString([]byte(p))
-		ciphertext, err := s.policy.Encrypt(0, []byte(context), nil, encoded)
+		ciphertext, err := s.policy.Encrypt(0, []byte(context), nil, encoded, "")
 		if err != nil {
 			return "", err
 		}

sdk/helper/keysutil/policy.go

@@ -818,7 +818,7 @@ func (p *Policy) convergentVersion(ver int) int {
 	return convergentVersion
 }
 
-func (p *Policy) Encrypt(ver int, context, nonce []byte, value string) (string, error) {
+func (p *Policy) Encrypt(ver int, context, nonce []byte, value string, paddingScheme string) (string, error) {
 	if !p.Type.EncryptionSupported() {
 		return "", errutil.UserError{Err: fmt.Sprintf("message encryption not supported for key type %v", p.Type)}
 	}
@@ -894,8 +894,19 @@ func (p *Policy) Encrypt(ver int, context, nonce []byte, value string) (string,
 		if err != nil {
 			return "", err
 		}
+		if paddingScheme == "" {
+			paddingScheme = "oaep"
+		}
 		key := keyEntry.RSAKey
-		ciphertext, err = rsa.EncryptOAEP(sha256.New(), rand.Reader, &key.PublicKey, plaintext, nil)
+		switch paddingScheme {
+		case "pkcs1v15":
+			ciphertext, err = rsa.EncryptPKCS1v15(rand.Reader, &key.PublicKey, plaintext)
+		case "oaep":
+			ciphertext, err = rsa.EncryptOAEP(sha256.New(), rand.Reader, &key.PublicKey, plaintext, nil)
+		default:
+			return "", errutil.InternalError{Err: fmt.Sprintf("unsupported RSA padding scheme %s", paddingScheme)}
+		}
+
 		if err != nil {
 			return "", errutil.InternalError{Err: fmt.Sprintf("failed to RSA encrypt the plaintext: %v", err)}
 		}
@@ -913,7 +924,7 @@ func (p *Policy) Encrypt(ver int, context, nonce []byte, value string) (string,
 	return encoded, nil
 }
 
-func (p *Policy) Decrypt(context, nonce []byte, value string) (string, error) {
+func (p *Policy) Decrypt(context, nonce []byte, value string, paddingScheme string) (string, error) {
 	if !p.Type.DecryptionSupported() {
 		return "", errutil.UserError{Err: fmt.Sprintf("message decryption not supported for key type %v", p.Type)}
 	}
@@ -994,8 +1005,18 @@ func (p *Policy) Decrypt(context, nonce []byte, value string) (string, error) {
 		if err != nil {
 			return "", err
 		}
+		if paddingScheme == "" {
+			paddingScheme = "oaep"
+		}
 		key := keyEntry.RSAKey
-		plain, err = rsa.DecryptOAEP(sha256.New(), rand.Reader, key, decoded, nil)
+		switch paddingScheme {
+		case "pkcs1v15":
+			plain, err = rsa.DecryptPKCS1v15(rand.Reader, key, decoded)
+		case "oaep":
+			plain, err = rsa.DecryptOAEP(sha256.New(), rand.Reader, key, decoded, nil)
+		default:
+			return "", errutil.InternalError{Err: fmt.Sprintf("unsupported RSA padding scheme %s", paddingScheme)}
+		}
 		if err != nil {
 			return "", errutil.InternalError{Err: fmt.Sprintf("failed to RSA decrypt the ciphertext: %v", err)}
 		}

ui/app/components/transit-key-actions.js

@@ -10,6 +10,7 @@ const TRANSIT_PARAMS = {
   hash_algorithm: 'sha2-256',
   algorithm: 'sha2-256',
   signature_algorithm: 'pss',
+  padding_scheme: 'oaep',
   bits: 256,
   bytes: 32,
   ciphertext: null,
@@ -39,9 +40,9 @@ const PARAMS_FOR_ACTION = {
   sign: ['input', 'hash_algorithm', 'key_version', 'prehashed', 'signature_algorithm'],
   verify: ['input', 'hmac', 'signature', 'hash_algorithm', 'prehashed'],
   hmac: ['input', 'algorithm', 'key_version'],
-  encrypt: ['plaintext', 'context', 'nonce', 'key_version'],
-  decrypt: ['ciphertext', 'context', 'nonce'],
-  rewrap: ['ciphertext', 'context', 'nonce', 'key_version'],
+  encrypt: ['plaintext', 'context', 'padding_scheme', 'nonce', 'key_version'],
+  decrypt: ['ciphertext', 'context', 'padding_scheme', 'nonce'],
+  rewrap: ['ciphertext', 'context', 'padding_scheme', 'nonce', 'key_version'],
 };
 const SUCCESS_MESSAGE_FOR_ACTION = {
   sign: 'Signed your data',

ui/app/templates/components/transit-key-action/datakey.hbs

@@ -1,4 +1,6 @@
-<form onsubmit={{action @doSubmit (hash param=@param context=@context nonce=@nonce bits=@bits)}}>
+<form
+  onsubmit={{action @doSubmit (hash param=@param padding_scheme=@padding_scheme context=@context nonce=@nonce bits=@bits)}}
+>
   <div class="box is-sideless is-fullwidth is-marginless">
     <NamespaceReminder @mode="perform" @noun="datakey creation" />
     <div class="content">
@@ -60,6 +62,27 @@
         </div>
       </div>
     </div>
+    {{#if (includes @key.type (array "rsa-2048" "rsa-3072" "rsa-4096"))}}
+      <div class="field">
+        <label for="padding_scheme" class="is-label">Padding Scheme</label>
+        <div class="control is-expanded">
+          <div class="select is-fullwidth">
+            <select
+              name="padding_scheme"
+              id="padding_scheme"
+              data-test-padding-scheme-select
+              onchange={{action (mut @padding_scheme) value="target.value"}}
+            >
+              {{#each (array "oaep" "pkcs1v15") as |scheme|}}
+                <option selected={{eq @padding_scheme scheme}} value={{scheme}}>
+                  {{scheme}}
+                </option>
+              {{/each}}
+            </select>
+          </div>
+        </div>
+      </div>
+    {{/if}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
     <div class="control">

ui/app/templates/components/transit-key-action/decrypt.hbs

@@ -1,4 +1,6 @@
-<form onsubmit={{action @doSubmit (hash ciphertext=@ciphertext context=@context nonce=@nonce)}}>
+<form
+  onsubmit={{action @doSubmit (hash ciphertext=@ciphertext padding_scheme=@padding_scheme context=@context nonce=@nonce)}}
+>
   <div class="box is-sideless is-fullwidth is-marginless">
     <div class="content">
       <p>You can decrypt ciphertext using <code>{{@key.name}}</code> as the encryption key.</p>
@@ -28,6 +30,27 @@
         </div>
       </div>
     {{/if}}
+    {{#if (or (eq @key.type "rsa-2048") (eq @key.type "rsa-3072") (eq @key.type "rsa-4096"))}}
+      <div class="field">
+        <label for="padding_scheme" class="is-label">Padding Scheme</label>
+        <div class="control is-expanded">
+          <div class="select is-fullwidth">
+            <select
+              name="padding_scheme"
+              id="padding_scheme"
+              data-test-padding-scheme="true"
+              onchange={{action (mut @padding_scheme) value="target.value"}}
+            >
+              {{#each (array "oaep" "pkcs1v15") as |scheme|}}
+                <option selected={{if @padding_scheme (eq @padding_scheme scheme) (eq scheme "oaep")}} value={{scheme}}>
+                  {{scheme}}
+                </option>
+              {{/each}}
+            </select>
+          </div>
+        </div>
+      </div>
+    {{/if}}
     {{#if (eq @key.convergentEncryptionVersion 1)}}
       <div class="field">
         <label for="nonce" class="is-label">Nonce</label>

ui/app/templates/components/transit-key-action/encrypt.hbs

@@ -1,7 +1,14 @@
 <form
   onsubmit={{action
     @doSubmit
-    (hash plaintext=@plaintext context=@context nonce=@nonce key_version=@key_version encodedBase64=@encodedBase64)
+    (hash
+      plaintext=@plaintext
+      padding_scheme=@padding_scheme
+      context=@context
+      nonce=@nonce
+      key_version=@key_version
+      encodedBase64=@encodedBase64
+    )
   }}
 >
   <div class="box is-sideless is-fullwidth is-marginless">
@@ -40,6 +47,27 @@
         </div>
       </div>
     {{/if}}
+    {{#if (or (eq @key.type "rsa-2048") (eq @key.type "rsa-3072") (eq @key.type "rsa-4096"))}}
+      <div class="field">
+        <label for="padding_scheme" class="is-label">Padding Scheme</label>
+        <div class="control is-expanded">
+          <div class="select is-fullwidth">
+            <select
+              name="padding_scheme"
+              id="padding_scheme"
+              data-test-padding-scheme="true"
+              onchange={{action (mut @padding_scheme) value="target.value"}}
+            >
+              {{#each (array "oaep" "pkcs1v15") as |scheme|}}
+                <option selected={{if @padding_scheme (eq @padding_scheme scheme) (eq scheme "oaep")}} value={{scheme}}>
+                  {{scheme}}
+                </option>
+              {{/each}}
+            </select>
+          </div>
+        </div>
+      </div>
+    {{/if}}
     {{#if (eq @key.convergentEncryptionVersion 1)}}
       <div class="field">
         <div class="level">

ui/app/templates/components/transit-key-action/rewrap.hbs

@@ -1,4 +1,9 @@
-<form onsubmit={{action @doSubmit (hash ciphertext=@ciphertext context=@context nonce=@nonce key_version=@key_version)}}>
+<form
+  onsubmit={{action
+    @doSubmit
+    (hash ciphertext=@ciphertext padding_scheme=@padding_scheme context=@context nonce=@nonce key_version=@key_version)
+  }}
+>
   <div class="box is-sideless is-fullwidth is-marginless">
     <NamespaceReminder @mode="perform" @noun="rewrap" />
     <div class="content">
@@ -29,6 +34,27 @@
         </div>
       </div>
     {{/if}}
+    {{#if (or (eq @key.type "rsa-2048") (eq @key.type "rsa-3072") (eq @key.type "rsa-4096"))}}
+      <div class="field">
+        <label for="padding_scheme" class="is-label">Padding Scheme</label>
+        <div class="control is-expanded">
+          <div class="select is-fullwidth">
+            <select
+              name="padding_scheme"
+              id="padding_scheme"
+              data-test-padding-scheme="true"
+              onchange={{action (mut @padding_scheme) value="target.value"}}
+            >
+              {{#each (array "oaep" "pkcs1v15") as |scheme|}}
+                <option selected={{if @padding_scheme (eq @padding_scheme scheme) (eq scheme "oaep")}} value={{scheme}}>
+                  {{scheme}}
+                </option>
+              {{/each}}
+            </select>
+          </div>
+        </div>
+      </div>
+    {{/if}}
     {{#if (eq @key.convergentEncryptionVersion 1)}}
       <div class="field">
         <label for="nonce" class="is-label">Nonce</label>

ui/app/templates/components/transit-key-actions.hbs

@@ -36,6 +36,7 @@
         signature=this.signature
         signature_algorithm=this.signature_algorithm
         hash_algorithm=this.hash_algorithm
+        padding_scheme=this.padding_scheme
         prehashed=this.prehashed
         wrappedToken=this.wrappedToken
         exportKeyType=this.exportKeyType