|
1 | 1 | /* pkcs11_rsa.c |
2 | 2 | * |
3 | | - * Copyright (C) 2006-2020 wolfSSL Inc. |
| 3 | + * Copyright (C) 2006-2025 wolfSSL Inc. |
4 | 4 | * |
5 | 5 | * This file is part of wolfSSL. |
6 | 6 | * |
@@ -320,6 +320,87 @@ static int rsa_sign_verify_pss(int devId) |
320 | 320 | return ret; |
321 | 321 | } |
322 | 322 | #endif /* ifdef WC_RSA_PSS */ |
| 323 | + |
| 324 | +/* Define maximum RSA key size in bits */ |
| 325 | +#define MAX_RSA_KEY_BITS 2048 |
| 326 | + |
| 327 | +static int rsa_encrypt_decrypt(int devId) |
| 328 | +{ |
| 329 | + int ret = 0; |
| 330 | + byte plain[128], out[MAX_RSA_KEY_BITS/8], dec[MAX_RSA_KEY_BITS/8]; |
| 331 | + word32 plainSz, outSz, decSz; |
| 332 | + RsaKey pub; |
| 333 | + RsaKey priv; |
| 334 | + |
| 335 | + /* Initialize plain text buffer with 9's as sample data */ |
| 336 | + memset(plain, 9, sizeof(plain)); |
| 337 | + plainSz = (word32)sizeof(plain); |
| 338 | + outSz = (word32)sizeof(out); |
| 339 | + decSz = (word32)sizeof(dec); |
| 340 | + |
| 341 | + /* Encrypt with public key */ |
| 342 | + ret = decode_public_key(&pub, devId); |
| 343 | + if (ret == 0) { |
| 344 | + fprintf(stderr, "RSA Public Encrypt\n"); |
| 345 | + |
| 346 | +#ifdef WC_RSA_BLINDING |
| 347 | + ret = wc_RsaSetRNG(&pub, &rng); |
| 348 | + if (ret != 0) |
| 349 | + fprintf(stderr, "Failed to set RNG: %d\n", ret); |
| 350 | +#endif |
| 351 | + |
| 352 | + if (ret == 0) { |
| 353 | + outSz = ret = wc_RsaPublicEncrypt_ex(plain, plainSz, out, (int)outSz, |
| 354 | + &pub, &rng, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, |
| 355 | + NULL, 0); |
| 356 | + if (ret < 0) |
| 357 | + fprintf(stderr, "Failed to perform public encrypt: %d\n", ret); |
| 358 | + else |
| 359 | + ret = 0; |
| 360 | + } |
| 361 | + |
| 362 | + wc_FreeRsaKey(&pub); |
| 363 | + } |
| 364 | + |
| 365 | + /* Decrypt with private key */ |
| 366 | + if (ret == 0) { |
| 367 | + ret = decode_private_key(&priv, devId); |
| 368 | + if (ret == 0) { |
| 369 | + fprintf(stderr, "RSA Private Decrypt\n"); |
| 370 | + |
| 371 | +#ifdef WC_RSA_BLINDING |
| 372 | + ret = wc_RsaSetRNG(&priv, &rng); |
| 373 | + if (ret != 0) |
| 374 | + fprintf(stderr, "Failed to set RNG: %d\n", ret); |
| 375 | +#endif |
| 376 | + |
| 377 | + if (ret == 0) { |
| 378 | + decSz = ret = wc_RsaPrivateDecrypt_ex(out, outSz, dec, (int)decSz, |
| 379 | + &priv, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, |
| 380 | + NULL, 0); |
| 381 | + if (ret < 0) |
| 382 | + fprintf(stderr, "Failed to perform private decrypt: %d\n", ret); |
| 383 | + else |
| 384 | + ret = 0; |
| 385 | + } |
| 386 | + |
| 387 | + /* Verify the decrypted data matches the original */ |
| 388 | + if (ret == 0) { |
| 389 | + if (decSz != plainSz || memcmp(plain, dec, decSz) != 0) { |
| 390 | + fprintf(stderr, "Decrypted data does not match plain text\n"); |
| 391 | + ret = -1; |
| 392 | + } |
| 393 | + else { |
| 394 | + fprintf(stderr, "Decryption successful\n"); |
| 395 | + } |
| 396 | + } |
| 397 | + |
| 398 | + wc_FreeRsaKey(&priv); |
| 399 | + } |
| 400 | + } |
| 401 | + |
| 402 | + return ret; |
| 403 | +} |
323 | 404 | #endif /* ifndef NO_RSA */ |
324 | 405 |
|
325 | 406 | int main(int argc, char* argv[]) |
@@ -388,6 +469,11 @@ int main(int argc, char* argv[]) |
388 | 469 | ret = 1; |
389 | 470 | } |
390 | 471 | #endif |
| 472 | + if (ret == 0) { |
| 473 | + ret = rsa_encrypt_decrypt(devId); |
| 474 | + if (ret != 0) |
| 475 | + ret = 1; |
| 476 | + } |
391 | 477 | #endif |
392 | 478 | } |
393 | 479 | wc_Pkcs11Token_Final(&token); |
|
0 commit comments