|
1 | 1 | /* pkcs11_rsa.c |
2 | 2 | * |
3 | | - * Copyright (C) 2006-2020 wolfSSL Inc. |
| 3 | + * Copyright (C) 2006-2025 wolfSSL Inc. |
4 | 4 | * |
5 | 5 | * This file is part of wolfSSL. |
6 | 6 | * |
@@ -321,6 +321,83 @@ static int rsa_sign_verify_pss(int devId) |
321 | 321 | } |
322 | 322 | #endif /* ifdef WC_RSA_PSS */ |
323 | 323 | #endif /* ifndef NO_RSA */ |
| 324 | +static int rsa_encrypt_decrypt(int devId) |
| 325 | +{ |
| 326 | + int ret = 0; |
| 327 | + byte plain[128], out[2048/8], dec[2048/8]; |
| 328 | + word32 plainSz, outSz, decSz; |
| 329 | + RsaKey pub; |
| 330 | + RsaKey priv; |
| 331 | + |
| 332 | + memset(plain, 9, sizeof(plain)); |
| 333 | + plainSz = sizeof(plain); |
| 334 | + outSz = sizeof(out); |
| 335 | + decSz = sizeof(dec); |
| 336 | + |
| 337 | + /* Encrypt with public key */ |
| 338 | + ret = decode_public_key(&pub, devId); |
| 339 | + if (ret == 0) { |
| 340 | + fprintf(stderr, "RSA Public Encrypt\n"); |
| 341 | + |
| 342 | +#ifdef WC_RSA_BLINDING |
| 343 | + ret = wc_RsaSetRNG(&pub, &rng); |
| 344 | + if (ret != 0) |
| 345 | + fprintf(stderr, "Failed to set RNG: %d\n", ret); |
| 346 | +#endif |
| 347 | + |
| 348 | + if (ret == 0) { |
| 349 | + outSz = ret = wc_RsaPublicEncrypt_ex(plain, plainSz, out, (int)outSz, |
| 350 | + &pub, &rng, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, |
| 351 | + NULL, 0); |
| 352 | + if (ret < 0) |
| 353 | + fprintf(stderr, "Failed to perform public encrypt: %d\n", ret); |
| 354 | + else |
| 355 | + ret = 0; |
| 356 | + } |
| 357 | + |
| 358 | + wc_FreeRsaKey(&pub); |
| 359 | + } |
| 360 | + |
| 361 | + /* Decrypt with private key */ |
| 362 | + if (ret == 0) { |
| 363 | + ret = decode_private_key(&priv, devId); |
| 364 | + if (ret == 0) { |
| 365 | + fprintf(stderr, "RSA Private Decrypt\n"); |
| 366 | + |
| 367 | +#ifdef WC_RSA_BLINDING |
| 368 | + ret = wc_RsaSetRNG(&priv, &rng); |
| 369 | + if (ret != 0) |
| 370 | + fprintf(stderr, "Failed to set RNG: %d\n", ret); |
| 371 | +#endif |
| 372 | + |
| 373 | + if (ret == 0) { |
| 374 | + decSz = ret = wc_RsaPrivateDecrypt_ex(out, outSz, dec, (int)decSz, |
| 375 | + &priv, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, |
| 376 | + NULL, 0); |
| 377 | + if (ret < 0) |
| 378 | + fprintf(stderr, "Failed to perform private decrypt: %d\n", ret); |
| 379 | + else |
| 380 | + ret = 0; |
| 381 | + } |
| 382 | + |
| 383 | + /* Verify the decrypted data matches the original */ |
| 384 | + if (ret == 0) { |
| 385 | + if (decSz != plainSz || memcmp(plain, dec, decSz) != 0) { |
| 386 | + fprintf(stderr, "Decrypted data does not match plain text\n"); |
| 387 | + ret = -1; |
| 388 | + } |
| 389 | + else { |
| 390 | + fprintf(stderr, "Decryption successful\n"); |
| 391 | + } |
| 392 | + } |
| 393 | + |
| 394 | + wc_FreeRsaKey(&priv); |
| 395 | + } |
| 396 | + } |
| 397 | + |
| 398 | + return ret; |
| 399 | +} |
| 400 | + |
324 | 401 |
|
325 | 402 | int main(int argc, char* argv[]) |
326 | 403 | { |
@@ -388,6 +465,11 @@ int main(int argc, char* argv[]) |
388 | 465 | ret = 1; |
389 | 466 | } |
390 | 467 | #endif |
| 468 | + if (ret == 0) { |
| 469 | + ret = rsa_encrypt_decrypt(devId); |
| 470 | + if (ret != 0) |
| 471 | + ret = 1; |
| 472 | + } |
391 | 473 | #endif |
392 | 474 | } |
393 | 475 | wc_Pkcs11Token_Final(&token); |
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?v=4&size=40){kind=avatar}
0 commit comments