Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). fix formatting.
This commit is contained in:
parent
16ca73ae40
commit
2be799f739
@ -1782,7 +1782,7 @@ parse_pss_params(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
|
|||||||
util_fatal("Salt length must be greater or equal "
|
util_fatal("Salt length must be greater or equal "
|
||||||
"to zero, or equal to -1 (meaning: use digest size) "
|
"to zero, or equal to -1 (meaning: use digest size) "
|
||||||
"or to -2 (meaning: use maximum permissible size");
|
"or to -2 (meaning: use maximum permissible size");
|
||||||
|
|
||||||
modlen = (get_private_key_length(session, key) + 7) / 8;
|
modlen = (get_private_key_length(session, key) + 7) / 8;
|
||||||
switch (opt_salt_len) {
|
switch (opt_salt_len) {
|
||||||
case -1: /* salt size equals to digest size */
|
case -1: /* salt size equals to digest size */
|
||||||
@ -2024,7 +2024,7 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||||||
|
|
||||||
if (opt_hash_alg != 0 && opt_mechanism != CKM_RSA_PKCS_OAEP)
|
if (opt_hash_alg != 0 && opt_mechanism != CKM_RSA_PKCS_OAEP)
|
||||||
util_fatal("The hash-algorithm is applicable only to "
|
util_fatal("The hash-algorithm is applicable only to "
|
||||||
"RSA-PKCS-OAEP mechanism");
|
"RSA-PKCS-OAEP mechanism");
|
||||||
|
|
||||||
if (opt_input == NULL)
|
if (opt_input == NULL)
|
||||||
fd = 0;
|
fd = 0;
|
||||||
@ -2053,7 +2053,7 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||||||
case CKM_SHA512:
|
case CKM_SHA512:
|
||||||
oaep_params.mgf = CKG_MGF1_SHA512;
|
oaep_params.mgf = CKG_MGF1_SHA512;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
oaep_params.hashAlg = CKM_SHA_1;
|
oaep_params.hashAlg = CKM_SHA_1;
|
||||||
/* fall through */
|
/* fall through */
|
||||||
case CKM_SHA_1:
|
case CKM_SHA_1:
|
||||||
@ -2090,7 +2090,7 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||||||
oaep_params.pSourceData,
|
oaep_params.pSourceData,
|
||||||
oaep_params.ulSourceDataLen);
|
oaep_params.ulSourceDataLen);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = p11->C_DecryptInit(session, &mech, key);
|
rv = p11->C_DecryptInit(session, &mech, key);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
@ -5270,45 +5270,45 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (mech_type == CKM_RSA_PKCS_OAEP) {
|
if (mech_type == CKM_RSA_PKCS_OAEP) {
|
||||||
EVP_PKEY_CTX *ctx;
|
EVP_PKEY_CTX *ctx;
|
||||||
ctx = EVP_PKEY_CTX_new(pkey, NULL);
|
ctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||||
if (!ctx) {
|
if (!ctx) {
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
printf("EVP_PKEY_CTX_new failed, returning\n");
|
printf("EVP_PKEY_CTX_new failed, returning\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (EVP_PKEY_encrypt_init(ctx) <= 0) {
|
if (EVP_PKEY_encrypt_init(ctx) <= 0) {
|
||||||
EVP_PKEY_CTX_free(ctx);
|
EVP_PKEY_CTX_free(ctx);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
printf("EVP_PKEY_encrypt_init failed, returning\n");
|
printf("EVP_PKEY_encrypt_init failed, returning\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
|
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
|
||||||
EVP_PKEY_CTX_free(ctx);
|
EVP_PKEY_CTX_free(ctx);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
printf("set OAEP padding failed, returning\n");
|
printf("set OAEP padding failed, returning\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
size_t outlen = sizeof(encrypted);
|
size_t outlen = sizeof(encrypted);
|
||||||
if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, orig_data, sizeof(orig_data)) <= 0) {
|
if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, orig_data, sizeof(orig_data)) <= 0) {
|
||||||
EVP_PKEY_CTX_free(ctx);
|
EVP_PKEY_CTX_free(ctx);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
printf("Encryption failed, returning\n");
|
printf("Encryption failed, returning\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
EVP_PKEY_CTX_free(ctx);
|
EVP_PKEY_CTX_free(ctx);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
encrypted_len = outlen;
|
encrypted_len = outlen;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey);
|
encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
if (((int) encrypted_len) <= 0) {
|
if (((int) encrypted_len) <= 0) {
|
||||||
printf("Encryption failed, returning\n");
|
printf("Encryption failed, returning\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* set "default" MGF and hash algorithms. We can overwrite MGF later */
|
/* set "default" MGF and hash algorithms. We can overwrite MGF later */
|
||||||
switch (mech_type) {
|
switch (mech_type) {
|
||||||
@ -5461,6 +5461,7 @@ static int test_decrypt(CK_SESSION_HANDLE sess)
|
|||||||
printf("No OpenSSL support, unable to validate decryption\n");
|
printf("No OpenSSL support, unable to validate decryption\n");
|
||||||
#else
|
#else
|
||||||
for (n = 0; n < num_mechs; n++) {
|
for (n = 0; n < num_mechs; n++) {
|
||||||
|
|
||||||
errors += encrypt_decrypt(sess, mechs[n], privKeyObject);
|
errors += encrypt_decrypt(sess, mechs[n], privKeyObject);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user