diff options
| author | Sansar Choinyambuu <schoinya@hsr.ch> | 2011-10-31 16:08:31 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-28 14:39:53 +0100 |
| commit | 3cd6077b75c3e95c5efac3de5cd9796403d09445 (patch) | |
| tree | 0b526faa01d0bee982563183a1dac05ac9e3bc0d /src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | |
| parent | cb66320fee1f23d0b3ec3b42aec00a80c7ffdcbd (diff) | |
| download | strongswan-3cd6077b75c3e95c5efac3de5cd9796403d09445.tar.bz2 strongswan-3cd6077b75c3e95c5efac3de5cd9796403d09445.tar.xz | |
use openssl rsa_verify function
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 422e31521..6c05b087a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -44,6 +44,8 @@ struct private_openssl_rsa_public_key_t { refcount_t ref; }; + + /** * Verification of an EMPSA PKCS1 signature described in PKCS#1 */ @@ -114,6 +116,64 @@ error: return valid; } +/** + * Verification of an EMPSA PKCS1 signature described in PKCS#1 + */ +static bool verify_rsa_signature(private_openssl_rsa_public_key_t *this, + int type, chunk_t data, chunk_t signature) +{ + bool valid = FALSE; + int rsa_size = RSA_size(this->rsa); + + /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */ + if (signature.len > rsa_size) + { + signature = chunk_skip(signature, signature.len - rsa_size); + } + + if (type == NID_undef) + { + chunk_t hash = chunk_alloc(rsa_size); + + hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr, + this->rsa, RSA_PKCS1_PADDING); + valid = chunk_equals(data, hash); + free(hash.ptr); + } + else + { + EVP_PKEY *key; + RSA *rsa = NULL; + + key = EVP_PKEY_new(); + if (!EVP_PKEY_set1_RSA(key, this->rsa)) + { + goto error; + } + rsa = EVP_PKEY_get1_RSA(key); + if (!rsa) + { + goto error; + } + + valid = (RSA_verify(type, data.ptr, data.len, + signature.ptr, signature.len, rsa) == 1); + +error: + if (key) + { + EVP_PKEY_free(key); + } + if (rsa) + { + RSA_free(rsa); + } + } + + return valid; +} + + METHOD(public_key_t, get_type, key_type_t, private_openssl_rsa_public_key_t *this) { @@ -126,6 +186,8 @@ METHOD(public_key_t, verify, bool, { switch (scheme) { + case SIGN_RSA_SHA1: + return verify_rsa_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, NID_undef, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA1: |