diff options
author | Sansar Choinyambuu <schoinya@hsr.ch> | 2011-10-31 16:08:31 +0100 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-28 20:31:13 +0100 |
commit | 5fbbfe0a489aee2ea2735f260174d11521a8153e (patch) | |
tree | ccb562fc49bdb3a48324589364efb5cdcc4649fe /src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | |
parent | 379f7a7533b36162ae9cc6373e25c9b16f9746dc (diff) | |
download | strongswan-5fbbfe0a489aee2ea2735f260174d11521a8153e.tar.bz2 strongswan-5fbbfe0a489aee2ea2735f260174d11521a8153e.tar.xz |
use openssl rsa_verify function
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c')
-rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index a24bae5d6..2c9ad2a55 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -116,6 +116,64 @@ error: return valid; } +/** + * Verification of an EMPSA PKCS1 signature described in PKCS#1 + */ +static bool verify_rsa_signature(private_openssl_rsa_public_key_t *this, + int type, chunk_t data, chunk_t signature) +{ + bool valid = FALSE; + int rsa_size = RSA_size(this->rsa); + + /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */ + if (signature.len > rsa_size) + { + signature = chunk_skip(signature, signature.len - rsa_size); + } + + if (type == NID_undef) + { + chunk_t hash = chunk_alloc(rsa_size); + + hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr, + this->rsa, RSA_PKCS1_PADDING); + valid = chunk_equals(data, hash); + free(hash.ptr); + } + else + { + EVP_PKEY *key; + RSA *rsa = NULL; + + key = EVP_PKEY_new(); + if (!EVP_PKEY_set1_RSA(key, this->rsa)) + { + goto error; + } + rsa = EVP_PKEY_get1_RSA(key); + if (!rsa) + { + goto error; + } + + valid = (RSA_verify(type, data.ptr, data.len, + signature.ptr, signature.len, rsa) == 1); + +error: + if (key) + { + EVP_PKEY_free(key); + } + if (rsa) + { + RSA_free(rsa); + } + } + + return valid; +} + + METHOD(public_key_t, get_type, key_type_t, private_openssl_rsa_public_key_t *this) { @@ -128,6 +186,8 @@ METHOD(public_key_t, verify, bool, { switch (scheme) { + case SIGN_RSA_SHA1: + return verify_rsa_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, NID_undef, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA1: |