aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
diff options
context:
space:
mode:
authorSansar Choinyambuu <schoinya@hsr.ch>2011-10-31 16:08:31 +0100
committerAndreas Steffen <andreas.steffen@strongswan.org>2011-11-28 20:31:13 +0100
commit5fbbfe0a489aee2ea2735f260174d11521a8153e (patch)
treeccb562fc49bdb3a48324589364efb5cdcc4649fe /src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
parent379f7a7533b36162ae9cc6373e25c9b16f9746dc (diff)
downloadstrongswan-5fbbfe0a489aee2ea2735f260174d11521a8153e.tar.bz2
strongswan-5fbbfe0a489aee2ea2735f260174d11521a8153e.tar.xz
use openssl rsa_verify function
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c60
1 files changed, 60 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index a24bae5d6..2c9ad2a55 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -116,6 +116,64 @@ error:
return valid;
}
+/**
+ * Verification of an EMPSA PKCS1 signature described in PKCS#1
+ */
+static bool verify_rsa_signature(private_openssl_rsa_public_key_t *this,
+ int type, chunk_t data, chunk_t signature)
+{
+ bool valid = FALSE;
+ int rsa_size = RSA_size(this->rsa);
+
+ /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
+ if (signature.len > rsa_size)
+ {
+ signature = chunk_skip(signature, signature.len - rsa_size);
+ }
+
+ if (type == NID_undef)
+ {
+ chunk_t hash = chunk_alloc(rsa_size);
+
+ hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
+ this->rsa, RSA_PKCS1_PADDING);
+ valid = chunk_equals(data, hash);
+ free(hash.ptr);
+ }
+ else
+ {
+ EVP_PKEY *key;
+ RSA *rsa = NULL;
+
+ key = EVP_PKEY_new();
+ if (!EVP_PKEY_set1_RSA(key, this->rsa))
+ {
+ goto error;
+ }
+ rsa = EVP_PKEY_get1_RSA(key);
+ if (!rsa)
+ {
+ goto error;
+ }
+
+ valid = (RSA_verify(type, data.ptr, data.len,
+ signature.ptr, signature.len, rsa) == 1);
+
+error:
+ if (key)
+ {
+ EVP_PKEY_free(key);
+ }
+ if (rsa)
+ {
+ RSA_free(rsa);
+ }
+ }
+
+ return valid;
+}
+
+
METHOD(public_key_t, get_type, key_type_t,
private_openssl_rsa_public_key_t *this)
{
@@ -128,6 +186,8 @@ METHOD(public_key_t, verify, bool,
{
switch (scheme)
{
+ case SIGN_RSA_SHA1:
+ return verify_rsa_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA1: