From: Martin Willi <martin@revosec.ch>
Date: Wed, 11 Aug 2010 07:53:45 +0000 (+0200)
Subject: Implemented RSA en-/decryption in openssl plugin
X-Git-Tag: 4.5.0~536
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d775af9d187c38a2a30cb52afebbe6eef03a7450;p=thirdparty%2Fstrongswan.git

Implemented RSA en-/decryption in openssl plugin
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index dbf990e818..e78090638e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -169,8 +169,33 @@ METHOD(private_key_t, decrypt, bool,
 	private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme,
 	chunk_t crypto, chunk_t *plain)
 {
-	DBG1(DBG_LIB, "RSA private key decryption not implemented");
-	return FALSE;
+	int padding, len;
+	char *decrypted;
+
+	switch (scheme)
+	{
+		case ENCRYPT_RSA_PKCS1:
+			padding = RSA_PKCS1_PADDING;
+			break;
+		case ENCRYPT_RSA_OAEP_SHA1:
+			padding = RSA_PKCS1_OAEP_PADDING;
+			break;
+		default:
+			DBG1(DBG_LIB, "encryption scheme %N not supported via openssl",
+				 encryption_scheme_names, scheme);
+			return FALSE;
+	}
+	decrypted = malloc(RSA_size(this->rsa));
+	len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted,
+							  this->rsa, padding);
+	if (len < 0)
+	{
+		DBG1(DBG_LIB, "RSA decryption failed");
+		free(decrypted);
+		return FALSE;
+	}
+	*plain = chunk_create(decrypted, len);
+	return TRUE;
 }
 
 METHOD(private_key_t, get_keysize, int,
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 80a5710585..667ddad1a0 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -149,10 +149,35 @@ METHOD(public_key_t, verify, bool,
 
 METHOD(public_key_t, encrypt, bool,
 	private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme,
-	chunk_t crypto, chunk_t *plain)
+	chunk_t plain, chunk_t *crypto)
 {
-	DBG1(DBG_LIB, "RSA public key encryption not implemented");
-	return FALSE;
+	int padding, len;
+	char *encrypted;
+
+	switch (scheme)
+	{
+		case ENCRYPT_RSA_PKCS1:
+			padding = RSA_PKCS1_PADDING;
+			break;
+		case ENCRYPT_RSA_OAEP_SHA1:
+			padding = RSA_PKCS1_OAEP_PADDING;
+			break;
+		default:
+			DBG1(DBG_LIB, "decryption scheme %N not supported via openssl",
+				 encryption_scheme_names, scheme);
+			return FALSE;
+	}
+	encrypted = malloc(RSA_size(this->rsa));
+	len = RSA_public_encrypt(plain.len, plain.ptr, encrypted,
+							 this->rsa, padding);
+	if (len < 0)
+	{
+		DBG1(DBG_LIB, "RSA decryption failed");
+		free(encrypted);
+		return FALSE;
+	}
+	*crypto = chunk_create(encrypted, len);
+	return TRUE;
 }
 
 METHOD(public_key_t, get_keysize, int,