Implemented RSA en-/decryption in openssl plugin
authorMartin Willi <martin@revosec.ch>
Wed, 11 Aug 2010 07:53:45 +0000 (09:53 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 11 Aug 2010 07:53:45 +0000 (09:53 +0200)
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c

index dbf990e..e780906 100644 (file)
@@ -169,8 +169,33 @@ METHOD(private_key_t, decrypt, bool,
        private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme,
        chunk_t crypto, chunk_t *plain)
 {
-       DBG1(DBG_LIB, "RSA private key decryption not implemented");
-       return FALSE;
+       int padding, len;
+       char *decrypted;
+
+       switch (scheme)
+       {
+               case ENCRYPT_RSA_PKCS1:
+                       padding = RSA_PKCS1_PADDING;
+                       break;
+               case ENCRYPT_RSA_OAEP_SHA1:
+                       padding = RSA_PKCS1_OAEP_PADDING;
+                       break;
+               default:
+                       DBG1(DBG_LIB, "encryption scheme %N not supported via openssl",
+                                encryption_scheme_names, scheme);
+                       return FALSE;
+       }
+       decrypted = malloc(RSA_size(this->rsa));
+       len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted,
+                                                         this->rsa, padding);
+       if (len < 0)
+       {
+               DBG1(DBG_LIB, "RSA decryption failed");
+               free(decrypted);
+               return FALSE;
+       }
+       *plain = chunk_create(decrypted, len);
+       return TRUE;
 }
 
 METHOD(private_key_t, get_keysize, int,
index 80a5710..667ddad 100644 (file)
@@ -149,10 +149,35 @@ METHOD(public_key_t, verify, bool,
 
 METHOD(public_key_t, encrypt, bool,
        private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme,
-       chunk_t crypto, chunk_t *plain)
+       chunk_t plain, chunk_t *crypto)
 {
-       DBG1(DBG_LIB, "RSA public key encryption not implemented");
-       return FALSE;
+       int padding, len;
+       char *encrypted;
+
+       switch (scheme)
+       {
+               case ENCRYPT_RSA_PKCS1:
+                       padding = RSA_PKCS1_PADDING;
+                       break;
+               case ENCRYPT_RSA_OAEP_SHA1:
+                       padding = RSA_PKCS1_OAEP_PADDING;
+                       break;
+               default:
+                       DBG1(DBG_LIB, "decryption scheme %N not supported via openssl",
+                                encryption_scheme_names, scheme);
+                       return FALSE;
+       }
+       encrypted = malloc(RSA_size(this->rsa));
+       len = RSA_public_encrypt(plain.len, plain.ptr, encrypted,
+                                                        this->rsa, padding);
+       if (len < 0)
+       {
+               DBG1(DBG_LIB, "RSA decryption failed");
+               free(encrypted);
+               return FALSE;
+       }
+       *crypto = chunk_create(encrypted, len);
+       return TRUE;
 }
 
 METHOD(public_key_t, get_keysize, int,