diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-01 16:06:09 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-01 16:06:09 -0800 |
commit | 8abfa6ebebe7b3b8e16a465ef3c79dd22cc39e85 (patch) | |
tree | 340210e89bca997bf33d16a99adc14564651c753 | |
parent | fedc3ec89535795525aa785886bcd32d9644020d (diff) | |
download | openssl-pkcs11-export-8abfa6ebebe7b3b8e16a465ef3c79dd22cc39e85.tar.gz |
Add RSA decrypt function
This completes the suite of functions necessary to make RSA private
keys functional with openssl.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | crypto.c | 20 | ||||
-rw-r--r-- | openssl-pkcs11.h | 2 | ||||
-rw-r--r-- | pkcs11.c | 24 |
3 files changed, 46 insertions, 0 deletions
@@ -164,3 +164,23 @@ int crypto_sign(int sec_num, void *data, unsigned long data_len, return 0; } + +int crypto_decrypt(int sec_num, void *enc_data, unsigned long enc_len, + void *data, unsigned long *data_len) +{ + EVP_PKEY_CTX *ctx; + EVP_PKEY *pkey; + + pkey = (EVP_PKEY *)cache_get_by_secnum(sec_num, "pkey", NULL); + if (!pkey) { + fprintf(stderr, "crypto_encrypt internal error: no PKEY\n"); + return -1; + } + ctx = EVP_PKEY_CTX_new(pkey, NULL); + EVP_PKEY_decrypt_init(ctx); + EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING); + EVP_PKEY_decrypt(ctx, data, data_len, enc_data, enc_len); + EVP_PKEY_CTX_free(ctx); + + return 0; +} diff --git a/openssl-pkcs11.h b/openssl-pkcs11.h index 0b668e9..10252d3 100644 --- a/openssl-pkcs11.h +++ b/openssl-pkcs11.h @@ -18,6 +18,8 @@ int crypto_load_public_key(int sec_num, const char *pub); int crypto_load_private_key(int sec_num, const unsigned char *pin, int pin_len); int crypto_sign(int sec_num, void *data, unsigned long data_len, void *sig, unsigned long *sig_len); +int crypto_decrypt(int sec_num, void *enc_data, unsigned long enc_len, + void *data, unsigned long *data_len); /* ini.c exported functions */ void parse_ini_file(void); @@ -450,6 +450,28 @@ C_Sign(CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, return CKR_OK; } +CK_RV +C_DecryptInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech, + CK_OBJECT_HANDLE key) +{ + if (mech->mechanism != CKM_RSA_PKCS) + return CKR_ARGUMENTS_BAD; + if ((key & 1) != 1 || key >> 1 != handle) + return CKR_ARGUMENTS_BAD; + + return CKR_OK; +} + +CK_RV +C_Decrypt(CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data, CK_ULONG enc_len, + CK_BYTE_PTR data, CK_ULONG_PTR data_len) +{ + int sec_num = handle; + if (crypto_decrypt(sec_num, enc_data, enc_len, data, data_len)) + return CKR_ARGUMENTS_BAD; + return CKR_OK; +} + static CK_FUNCTION_LIST module_functions = { .C_GetFunctionList = C_GetFunctionList, .C_Initialize = C_Initialize, @@ -470,4 +492,6 @@ static CK_FUNCTION_LIST module_functions = { .C_GetMechanismInfo = C_GetMechanismInfo, .C_SignInit = C_SignInit, .C_Sign = C_Sign, + .C_DecryptInit = C_DecryptInit, + .C_Decrypt = C_Decrypt, }; |