From: Andreas Steffen Date: Mon, 8 Nov 2021 18:26:25 +0000 (+0100) Subject: credentials: Added void *params to public_key encrypt() and private_key decrypt(... X-Git-Tag: 5.9.5dr2~5^2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4abb29f639d07133b5731a6c63ee98514fc779ec;p=thirdparty%2Fstrongswan.git credentials: Added void *params to public_key encrypt() and private_key decrypt() methods --- diff --git a/src/charon-tkm/src/tkm/tkm_private_key.c b/src/charon-tkm/src/tkm/tkm_private_key.c index 0ef3a103c3..13e0256b09 100644 --- a/src/charon-tkm/src/tkm/tkm_private_key.c +++ b/src/charon-tkm/src/tkm/tkm_private_key.c @@ -90,7 +90,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_tkm_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { return FALSE; } diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c index 5a49b4511d..2f8d1a033c 100644 --- a/src/charon-tkm/src/tkm/tkm_public_key.c +++ b/src/charon-tkm/src/tkm/tkm_public_key.c @@ -62,7 +62,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt_, bool, private_tkm_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto) + void *params, chunk_t plain, chunk_t *crypto) { return FALSE; } diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c index e1059a8f41..fbc10a09e9 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c @@ -388,7 +388,7 @@ METHOD(private_key_t, get_type, key_type_t, METHOD(private_key_t, decrypt, bool, private_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "private key decryption is currently not supported via JNI"); return FALSE; diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index 079c779fb7..13bd40119d 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -67,12 +67,13 @@ struct private_key_t { * Decrypt a chunk of data. * * @param scheme expected encryption scheme used + * @param params optional parameters required by the specified scheme * @param crypto chunk containing encrypted data * @param plain where to allocate decrypted data * @return TRUE if data decrypted and plaintext allocated */ bool (*decrypt)(private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain); + void *params, chunk_t crypto, chunk_t *plain); /** * Get the strength of the key in bits. diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 756d9ba054..1dfa9eca37 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -182,12 +182,13 @@ struct public_key_t { * Encrypt a chunk of data. * * @param scheme encryption scheme to use + * @param params optional parameters required by the specified scheme * @param plain chunk containing plaintext data * @param crypto where to allocate encrypted data * @return TRUE if data successfully encrypted */ bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto); + void *params, chunk_t plain, chunk_t *crypto); /** * Check if two public keys are equal. diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index 8f6ea375e0..469d373deb 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -391,7 +391,7 @@ METHOD(private_key_t, get_type, key_type_t, METHOD(private_key_t, decrypt, bool, private_agent_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "private key decryption not supported by ssh-agent"); return FALSE; diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index b9e926dec6..59c6be95c3 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -538,7 +538,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_bliss_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c index 945840cdce..96ce4bbe8c 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c @@ -220,7 +220,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt_, bool, private_bliss_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto) + void *params, chunk_t plain, chunk_t *crypto) { DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c index 908ea910d7..f7fa230a65 100644 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c +++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c @@ -168,8 +168,8 @@ START_TEST(test_bliss_sign_fail) ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp)); /* encryption / decryption operation is not defined for BLISS */ - ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, chunk_empty, NULL)); - ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, chunk_empty, NULL)); + ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL)); + ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL)); /* sign with invalid signature scheme */ ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature)); diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.c b/src/libstrongswan/plugins/botan/botan_ec_private_key.c index b6940907f8..0063881462 100644 --- a/src/libstrongswan/plugins/botan/botan_ec_private_key.c +++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.c @@ -141,7 +141,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_botan_ec_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC private key decryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c index 095ae3f20b..95def4fa75 100644 --- a/src/libstrongswan/plugins/botan/botan_ec_public_key.c +++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c @@ -190,7 +190,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_botan_ec_public_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC public key encryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/botan/botan_ed_private_key.c b/src/libstrongswan/plugins/botan/botan_ed_private_key.c index 5d901ac743..3a43fda8dc 100644 --- a/src/libstrongswan/plugins/botan/botan_ed_private_key.c +++ b/src/libstrongswan/plugins/botan/botan_ed_private_key.c @@ -74,7 +74,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EdDSA private key decryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/botan/botan_ed_public_key.c b/src/libstrongswan/plugins/botan/botan_ed_public_key.c index 41d2baae82..24a04009de 100644 --- a/src/libstrongswan/plugins/botan/botan_ed_public_key.c +++ b/src/libstrongswan/plugins/botan/botan_ed_public_key.c @@ -82,7 +82,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_public_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EdDSA public key encryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.c b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c index 03ce257cce..1aa3df8593 100644 --- a/src/libstrongswan/plugins/botan/botan_rsa_private_key.c +++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c @@ -159,7 +159,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_botan_rsa_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { botan_pk_op_decrypt_t decrypt_op; const char *padding; diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c index 06560c393a..684727da70 100644 --- a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c +++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c @@ -139,7 +139,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_botan_rsa_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto) + void *params, chunk_t plain, chunk_t *crypto) { botan_pk_op_encrypt_t encrypt_op; botan_rng_t rng; diff --git a/src/libstrongswan/plugins/curve25519/curve25519_private_key.c b/src/libstrongswan/plugins/curve25519/curve25519_private_key.c index 878be4ca58..4bfb1f13c8 100644 --- a/src/libstrongswan/plugins/curve25519/curve25519_private_key.c +++ b/src/libstrongswan/plugins/curve25519/curve25519_private_key.c @@ -113,7 +113,7 @@ end: METHOD(private_key_t, decrypt, bool, private_curve25519_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/curve25519/curve25519_public_key.c b/src/libstrongswan/plugins/curve25519/curve25519_public_key.c index dfc1df4d0b..30959c6258 100644 --- a/src/libstrongswan/plugins/curve25519/curve25519_public_key.c +++ b/src/libstrongswan/plugins/curve25519/curve25519_public_key.c @@ -139,7 +139,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt_, bool, private_curve25519_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto) + void *params, chunk_t plain, chunk_t *crypto) { DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 394b87c271..5bc0a72ec5 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -278,7 +278,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_gcrypt_rsa_private_key_t *this, encryption_scheme_t scheme, - chunk_t encrypted, chunk_t *plain) + void *params, chunk_t encrypted, chunk_t *plain) { gcry_error_t err; gcry_sexp_t in, out; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index bbfa5e2980..694a969f80 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -237,7 +237,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt_, bool, private_gcrypt_rsa_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *encrypted) + void *params, chunk_t plain, chunk_t *encrypted) { gcry_sexp_t in, out; gcry_error_t err; diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 3c5c31be5a..bd5e4bf772 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -494,7 +494,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { chunk_t em, stripped; bool success = FALSE; diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 3a77509088..5b96bbfad8 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -313,7 +313,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt_, bool, private_gmp_rsa_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto) + void *params, chunk_t plain, chunk_t *crypto) { chunk_t em; u_char *pos; diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index 364190758c..0c208be7e4 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -183,7 +183,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_openssl_ec_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC private key decryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index ba41c508f5..79ab82db54 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -183,7 +183,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_openssl_ec_public_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC public key encryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c index 44844fcf7e..76e6cdbb62 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c @@ -108,7 +108,7 @@ error: METHOD(private_key_t, decrypt, bool, private_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EdDSA private key decryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/openssl/openssl_ed_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ed_public_key.c index 2daddc57ea..4e3bd191fc 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ed_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ed_public_key.c @@ -118,7 +118,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_public_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c index 0bd85456bf..4f94aaf9d6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c @@ -644,7 +644,7 @@ static bool decrypt(private_openssl_pkcs7_t *this, { /* get encryptedKey from internal structure; TODO fixup */ chunk = openssl_asn1_str2chunk(ri->ktri->encryptedKey); - if (private->decrypt(private, ENCRYPT_RSA_PKCS1, + if (private->decrypt(private, ENCRYPT_RSA_PKCS1, NULL, chunk, &key)) { private->destroy(private); diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 6cf20e247a..b4a122b5ad 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -306,7 +306,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { int padding, len; char *decrypted; diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 4cdb883cc0..41793484ef 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -307,7 +307,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto) + void *params, chunk_t plain, chunk_t *crypto) { int padding, len; char *encrypted; diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index 64e1a4c964..43a9046a12 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -126,7 +126,7 @@ METHOD(private_key_t, sign_not_allowed, bool, METHOD(private_key_t, decrypt_not_allowed, bool, private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "decryption failed - signature only key"); return FALSE; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index 820ac3f315..dce3a9f15a 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -388,7 +388,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_pkcs11_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypt, chunk_t *plain) + void *params, chunk_t crypt, chunk_t *plain) { CK_MECHANISM_PTR mechanism; CK_SESSION_HANDLE session; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c index cbebc63644..0455055746 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -307,7 +307,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_pkcs11_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypt) + void *params, chunk_t plain, chunk_t *crypt) { CK_MECHANISM_PTR mechanism; CK_SESSION_HANDLE session; diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c index 82d113dece..e40528d098 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c @@ -137,7 +137,7 @@ static bool decrypt(private_key_t *private, chunk_t key, chunk_t iv, int oid, DBG1(DBG_LIB, "unsupported content encryption algorithm"); return FALSE; } - if (!private->decrypt(private, ENCRYPT_RSA_PKCS1, key, &plain_key)) + if (!private->decrypt(private, ENCRYPT_RSA_PKCS1, NULL, key, &plain_key)) { DBG1(DBG_LIB, "symmetric key could not be decrypted with rsa"); return FALSE; @@ -438,7 +438,7 @@ static bool encrypt_key(certificate_t *cert, chunk_t in, chunk_t *out) { return FALSE; } - if (!key->encrypt(key, ENCRYPT_RSA_PKCS1, in, out)) + if (!key->encrypt(key, ENCRYPT_RSA_PKCS1, NULL, in, out)) { key->destroy(key); return FALSE; diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_ec_private_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_ec_private_key.c index 2a2b44e4c9..a08cc17e39 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_ec_private_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_ec_private_key.c @@ -207,7 +207,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_wolfssl_ec_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC private key decryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_ec_public_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_ec_public_key.c index abcddab79a..d8a1ededb0 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_ec_public_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_ec_public_key.c @@ -195,7 +195,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_wolfssl_ec_public_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC public key encryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_ed_private_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_ed_private_key.c index 2b6b743086..871c22085f 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_ed_private_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_ed_private_key.c @@ -113,7 +113,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EdDSA private key decryption not implemented"); return FALSE; diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_ed_public_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_ed_public_key.c index 9a5bec19e5..a336d519e4 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_ed_public_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_ed_public_key.c @@ -114,7 +114,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_public_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c index 028d50c1a4..03b6c9326f 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c @@ -243,7 +243,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_wolfssl_rsa_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) + void *params, chunk_t crypto, chunk_t *plain) { int padding, mgf, len; enum wc_HashType hash; diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c index 4a03d40145..5329b59539 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c @@ -218,7 +218,7 @@ METHOD(public_key_t, verify, bool, METHOD(public_key_t, encrypt, bool, private_wolfssl_rsa_public_key_t *this, encryption_scheme_t scheme, - chunk_t plain, chunk_t *crypto) + void *params, chunk_t plain, chunk_t *crypto) { int padding, mgf, len; enum wc_HashType hash; diff --git a/src/libstrongswan/tests/suites/test_ed25519.c b/src/libstrongswan/tests/suites/test_ed25519.c index 057cc2af8c..66df6d7598 100644 --- a/src/libstrongswan/tests/suites/test_ed25519.c +++ b/src/libstrongswan/tests/suites/test_ed25519.c @@ -379,7 +379,7 @@ START_TEST(test_ed25519_gen) key2->destroy(key2); /* decryption not supported */ - ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL)); + ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, NULL, msg, NULL)); /* wrong signature scheme */ ck_assert(!key->sign(key, SIGN_ED448, NULL, msg, &sig)); @@ -414,7 +414,7 @@ START_TEST(test_ed25519_gen) pubkey2->destroy(pubkey2); /* encryption not supported */ - ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL)); + ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, msg, NULL)); /* verify with wrong signature scheme */ ck_assert(!pubkey->verify(pubkey, SIGN_ED448, NULL, msg, sig)); diff --git a/src/libstrongswan/tests/suites/test_ed448.c b/src/libstrongswan/tests/suites/test_ed448.c index 6505731554..7137fcf832 100644 --- a/src/libstrongswan/tests/suites/test_ed448.c +++ b/src/libstrongswan/tests/suites/test_ed448.c @@ -440,7 +440,7 @@ START_TEST(test_ed448_gen) key2->destroy(key2); /* decryption not supported */ - ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL)); + ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, NULL, msg, NULL)); /* wrong signature scheme */ ck_assert(!key->sign(key, SIGN_ED25519, NULL, msg, &sig)); @@ -475,7 +475,7 @@ START_TEST(test_ed448_gen) pubkey2->destroy(pubkey2); /* encryption not supported */ - ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL)); + ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, msg, NULL)); /* verify with wrong signature scheme */ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig)); diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 1b755ea34e..f3854eba52 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -1628,7 +1628,7 @@ static status_t send_key_exchange_encrypt(private_tls_peer_t *this, this->alert->add(this->alert, TLS_FATAL, TLS_CERTIFICATE_UNKNOWN); return NEED_MORE; } - if (!public->encrypt(public, ENCRYPT_RSA_PKCS1, + if (!public->encrypt(public, ENCRYPT_RSA_PKCS1, NULL, chunk_from_thing(premaster), &encrypted)) { public->destroy(public); diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index f067549e39..bbfe542496 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -805,8 +805,8 @@ static status_t process_key_exchange_encrypted(private_tls_server_t *this, rng->destroy(rng); if (this->private && - this->private->decrypt(this->private, - ENCRYPT_RSA_PKCS1, encrypted, &decrypted)) + this->private->decrypt(this->private, ENCRYPT_RSA_PKCS1, NULL, + encrypted, &decrypted)) { if (decrypted.len == sizeof(premaster) && untoh16(decrypted.ptr) == this->client_version) diff --git a/src/libtpmtss/plugins/tpm/tpm_private_key.c b/src/libtpmtss/plugins/tpm/tpm_private_key.c index d946fbe567..9345d92af8 100644 --- a/src/libtpmtss/plugins/tpm/tpm_private_key.c +++ b/src/libtpmtss/plugins/tpm/tpm_private_key.c @@ -105,7 +105,7 @@ METHOD(private_key_t, sign, bool, METHOD(private_key_t, decrypt, bool, private_tpm_private_key_t *this, encryption_scheme_t scheme, - chunk_t crypt, chunk_t *plain) + void *params, chunk_t crypt, chunk_t *plain) { return FALSE; }