METHOD(private_key_t, decrypt, bool,
private_tkm_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
return FALSE;
}
METHOD(public_key_t, encrypt_, bool,
private_tkm_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto)
+ void *params, chunk_t plain, chunk_t *crypto)
{
return FALSE;
}
METHOD(private_key_t, decrypt, bool,
private_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "private key decryption is currently not supported via JNI");
return FALSE;
* Decrypt a chunk of data.
*
* @param scheme expected encryption scheme used
+ * @param params optional parameters required by the specified scheme
* @param crypto chunk containing encrypted data
* @param plain where to allocate decrypted data
* @return TRUE if data decrypted and plaintext allocated
*/
bool (*decrypt)(private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain);
+ void *params, chunk_t crypto, chunk_t *plain);
/**
* Get the strength of the key in bits.
* Encrypt a chunk of data.
*
* @param scheme encryption scheme to use
+ * @param params optional parameters required by the specified scheme
* @param plain chunk containing plaintext data
* @param crypto where to allocate encrypted data
* @return TRUE if data successfully encrypted
*/
bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto);
+ void *params, chunk_t plain, chunk_t *crypto);
/**
* Check if two public keys are equal.
METHOD(private_key_t, decrypt, bool,
private_agent_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "private key decryption not supported by ssh-agent");
return FALSE;
METHOD(private_key_t, decrypt, bool,
private_bliss_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "encryption scheme %N not supported",
encryption_scheme_names, scheme);
METHOD(public_key_t, encrypt_, bool,
private_bliss_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto)
+ void *params, chunk_t plain, chunk_t *crypto)
{
DBG1(DBG_LIB, "encryption scheme %N not supported",
encryption_scheme_names, scheme);
ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));
/* encryption / decryption operation is not defined for BLISS */
- ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
- ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
+ ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
+ ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
/* sign with invalid signature scheme */
ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));
METHOD(private_key_t, decrypt, bool,
private_botan_ec_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC private key decryption not implemented");
return FALSE;
METHOD(public_key_t, encrypt, bool,
private_botan_ec_public_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC public key encryption not implemented");
return FALSE;
METHOD(private_key_t, decrypt, bool,
private_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EdDSA private key decryption not implemented");
return FALSE;
METHOD(public_key_t, encrypt, bool,
private_public_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EdDSA public key encryption not implemented");
return FALSE;
METHOD(private_key_t, decrypt, bool,
private_botan_rsa_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
botan_pk_op_decrypt_t decrypt_op;
const char *padding;
METHOD(public_key_t, encrypt, bool,
private_botan_rsa_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto)
+ void *params, chunk_t plain, chunk_t *crypto)
{
botan_pk_op_encrypt_t encrypt_op;
botan_rng_t rng;
METHOD(private_key_t, decrypt, bool,
private_curve25519_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
scheme);
METHOD(public_key_t, encrypt_, bool,
private_curve25519_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto)
+ void *params, chunk_t plain, chunk_t *crypto)
{
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
scheme);
METHOD(private_key_t, decrypt, bool,
private_gcrypt_rsa_private_key_t *this, encryption_scheme_t scheme,
- chunk_t encrypted, chunk_t *plain)
+ void *params, chunk_t encrypted, chunk_t *plain)
{
gcry_error_t err;
gcry_sexp_t in, out;
METHOD(public_key_t, encrypt_, bool,
private_gcrypt_rsa_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *encrypted)
+ void *params, chunk_t plain, chunk_t *encrypted)
{
gcry_sexp_t in, out;
gcry_error_t err;
METHOD(private_key_t, decrypt, bool,
private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
chunk_t em, stripped;
bool success = FALSE;
METHOD(public_key_t, encrypt_, bool,
private_gmp_rsa_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto)
+ void *params, chunk_t plain, chunk_t *crypto)
{
chunk_t em;
u_char *pos;
METHOD(private_key_t, decrypt, bool,
private_openssl_ec_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC private key decryption not implemented");
return FALSE;
METHOD(public_key_t, encrypt, bool,
private_openssl_ec_public_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC public key encryption not implemented");
return FALSE;
METHOD(private_key_t, decrypt, bool,
private_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EdDSA private key decryption not implemented");
return FALSE;
METHOD(public_key_t, encrypt, bool,
private_public_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
scheme);
{
/* get encryptedKey from internal structure; TODO fixup */
chunk = openssl_asn1_str2chunk(ri->ktri->encryptedKey);
- if (private->decrypt(private, ENCRYPT_RSA_PKCS1,
+ if (private->decrypt(private, ENCRYPT_RSA_PKCS1, NULL,
chunk, &key))
{
private->destroy(private);
METHOD(private_key_t, decrypt, bool,
private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
int padding, len;
char *decrypted;
METHOD(public_key_t, encrypt, bool,
private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto)
+ void *params, chunk_t plain, chunk_t *crypto)
{
int padding, len;
char *encrypted;
METHOD(private_key_t, decrypt_not_allowed, bool,
private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "decryption failed - signature only key");
return FALSE;
METHOD(private_key_t, decrypt, bool,
private_pkcs11_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypt, chunk_t *plain)
+ void *params, chunk_t crypt, chunk_t *plain)
{
CK_MECHANISM_PTR mechanism;
CK_SESSION_HANDLE session;
METHOD(public_key_t, encrypt, bool,
private_pkcs11_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypt)
+ void *params, chunk_t plain, chunk_t *crypt)
{
CK_MECHANISM_PTR mechanism;
CK_SESSION_HANDLE session;
DBG1(DBG_LIB, "unsupported content encryption algorithm");
return FALSE;
}
- if (!private->decrypt(private, ENCRYPT_RSA_PKCS1, key, &plain_key))
+ if (!private->decrypt(private, ENCRYPT_RSA_PKCS1, NULL, key, &plain_key))
{
DBG1(DBG_LIB, "symmetric key could not be decrypted with rsa");
return FALSE;
{
return FALSE;
}
- if (!key->encrypt(key, ENCRYPT_RSA_PKCS1, in, out))
+ if (!key->encrypt(key, ENCRYPT_RSA_PKCS1, NULL, in, out))
{
key->destroy(key);
return FALSE;
METHOD(private_key_t, decrypt, bool,
private_wolfssl_ec_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC private key decryption not implemented");
return FALSE;
METHOD(public_key_t, encrypt, bool,
private_wolfssl_ec_public_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC public key encryption not implemented");
return FALSE;
METHOD(private_key_t, decrypt, bool,
private_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EdDSA private key decryption not implemented");
return FALSE;
METHOD(public_key_t, encrypt, bool,
private_public_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
scheme);
METHOD(private_key_t, decrypt, bool,
private_wolfssl_rsa_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+ void *params, chunk_t crypto, chunk_t *plain)
{
int padding, mgf, len;
enum wc_HashType hash;
METHOD(public_key_t, encrypt, bool,
private_wolfssl_rsa_public_key_t *this, encryption_scheme_t scheme,
- chunk_t plain, chunk_t *crypto)
+ void *params, chunk_t plain, chunk_t *crypto)
{
int padding, mgf, len;
enum wc_HashType hash;
key2->destroy(key2);
/* decryption not supported */
- ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL));
+ ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, NULL, msg, NULL));
/* wrong signature scheme */
ck_assert(!key->sign(key, SIGN_ED448, NULL, msg, &sig));
pubkey2->destroy(pubkey2);
/* encryption not supported */
- ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL));
+ ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, msg, NULL));
/* verify with wrong signature scheme */
ck_assert(!pubkey->verify(pubkey, SIGN_ED448, NULL, msg, sig));
key2->destroy(key2);
/* decryption not supported */
- ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL));
+ ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, NULL, msg, NULL));
/* wrong signature scheme */
ck_assert(!key->sign(key, SIGN_ED25519, NULL, msg, &sig));
pubkey2->destroy(pubkey2);
/* encryption not supported */
- ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL));
+ ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, msg, NULL));
/* verify with wrong signature scheme */
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
this->alert->add(this->alert, TLS_FATAL, TLS_CERTIFICATE_UNKNOWN);
return NEED_MORE;
}
- if (!public->encrypt(public, ENCRYPT_RSA_PKCS1,
+ if (!public->encrypt(public, ENCRYPT_RSA_PKCS1, NULL,
chunk_from_thing(premaster), &encrypted))
{
public->destroy(public);
rng->destroy(rng);
if (this->private &&
- this->private->decrypt(this->private,
- ENCRYPT_RSA_PKCS1, encrypted, &decrypted))
+ this->private->decrypt(this->private, ENCRYPT_RSA_PKCS1, NULL,
+ encrypted, &decrypted))
{
if (decrypted.len == sizeof(premaster) &&
untoh16(decrypted.ptr) == this->client_version)
METHOD(private_key_t, decrypt, bool,
private_tpm_private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypt, chunk_t *plain)
+ void *params, chunk_t crypt, chunk_t *plain)
{
return FALSE;
}