diff options
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c')
-rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | 123 |
1 files changed, 68 insertions, 55 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 6ac61a65c..422e31521 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -114,19 +114,15 @@ error: return valid; } -/** - * Implementation of public_key_t.get_type. - */ -static key_type_t get_type(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, get_type, key_type_t, + private_openssl_rsa_public_key_t *this) { return KEY_RSA; } -/** - * Implementation of public_key_t.verify. - */ -static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) +METHOD(public_key_t, verify, bool, + private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) { switch (scheme) { @@ -151,22 +147,43 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc } } -/** - * Implementation of public_key_t.get_keysize. - */ -static bool encrypt_(private_openssl_rsa_public_key_t *this, - chunk_t crypto, chunk_t *plain) +METHOD(public_key_t, encrypt, bool, + private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) { - DBG1(DBG_LIB, "RSA public key encryption not implemented"); - return FALSE; + int padding, len; + char *encrypted; + + switch (scheme) + { + case ENCRYPT_RSA_PKCS1: + padding = RSA_PKCS1_PADDING; + break; + case ENCRYPT_RSA_OAEP_SHA1: + padding = RSA_PKCS1_OAEP_PADDING; + break; + default: + DBG1(DBG_LIB, "decryption scheme %N not supported via openssl", + encryption_scheme_names, scheme); + return FALSE; + } + encrypted = malloc(RSA_size(this->rsa)); + len = RSA_public_encrypt(plain.len, plain.ptr, encrypted, + this->rsa, padding); + if (len < 0) + { + DBG1(DBG_LIB, "RSA decryption failed"); + free(encrypted); + return FALSE; + } + *crypto = chunk_create(encrypted, len); + return TRUE; } -/** - * Implementation of public_key_t.get_keysize. - */ -static size_t get_keysize(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, get_keysize, int, + private_openssl_rsa_public_key_t *this) { - return RSA_size(this->rsa); + return RSA_size(this->rsa) * 8; } /** @@ -211,20 +228,16 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp) return TRUE; } -/** - * Implementation of public_key_t.get_fingerprint. - */ -static bool get_fingerprint(private_openssl_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *fingerprint) +METHOD(public_key_t, get_fingerprint, bool, + private_openssl_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) { return openssl_rsa_fingerprint(this->rsa, type, fingerprint); } -/* - * Implementation of public_key_t.get_encoding. - */ -static bool get_encoding(private_openssl_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(public_key_t, get_encoding, bool, + private_openssl_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { u_char *p; @@ -262,19 +275,15 @@ static bool get_encoding(private_openssl_rsa_public_key_t *this, } } -/** - * Implementation of public_key_t.get_ref. - */ -static public_key_t* get_ref(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, get_ref, public_key_t*, + private_openssl_rsa_public_key_t *this) { ref_get(&this->ref); - return &this->public.interface; + return &this->public.key; } -/** - * Implementation of openssl_rsa_public_key.destroy. - */ -static void destroy(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, destroy, void, + private_openssl_rsa_public_key_t *this) { if (ref_put(&this->ref)) { @@ -292,21 +301,25 @@ static void destroy(private_openssl_rsa_public_key_t *this) */ static private_openssl_rsa_public_key_t *create_empty() { - private_openssl_rsa_public_key_t *this = malloc_thing(private_openssl_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; - this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; - this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = public_key_equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->rsa = NULL; - this->ref = 1; + private_openssl_rsa_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } |