Add RSA encrypt/decrypt example to pkcs11_rsa.c

Co-Authored-By: colton@wolfssl.com <colton@wolfssl.com>
2025-03-20 19:52:13 +00:00 · 2025-03-20 19:52:13 +00:00 · 0d3766df21
parent dc36abdfd4
commit 0d3766df21
1 changed files with 83 additions and 1 deletions
--- a/pkcs11/pkcs11_rsa.c
+++ b/pkcs11/pkcs11_rsa.c
@ -1,6 +1,6 @@
 /* pkcs11_rsa.c
 *
- * Copyright (C) 2006-2020 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -321,6 +321,83 @@ static int rsa_sign_verify_pss(int devId)
 }
 #endif /* ifdef WC_RSA_PSS */
 #endif /* ifndef NO_RSA */
+static int rsa_encrypt_decrypt(int devId)
+{
+    int    ret = 0;
+    byte   plain[128], out[2048/8], dec[2048/8];
+    word32 plainSz, outSz, decSz;
+    RsaKey pub;
+    RsaKey priv;
+
+    memset(plain, 9, sizeof(plain));
+    plainSz = sizeof(plain);
+    outSz = sizeof(out);
+    decSz = sizeof(dec);
+
+    /* Encrypt with public key */
+    ret = decode_public_key(&pub, devId);
+    if (ret == 0) {
+        fprintf(stderr, "RSA Public Encrypt\n");
+        
+#ifdef WC_RSA_BLINDING
+        ret = wc_RsaSetRNG(&pub, &rng);
+        if (ret != 0)
+            fprintf(stderr, "Failed to set RNG: %d\n", ret);
+#endif
+
+        if (ret == 0) {
+            outSz = ret = wc_RsaPublicEncrypt_ex(plain, plainSz, out, (int)outSz,
+                &pub, &rng, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, 
+                NULL, 0);
+            if (ret < 0)
+                fprintf(stderr, "Failed to perform public encrypt: %d\n", ret);
+            else
+                ret = 0;
+        }
+        
+        wc_FreeRsaKey(&pub);
+    }
+
+    /* Decrypt with private key */
+    if (ret == 0) {
+        ret = decode_private_key(&priv, devId);
+        if (ret == 0) {
+            fprintf(stderr, "RSA Private Decrypt\n");
+            
+#ifdef WC_RSA_BLINDING
+            ret = wc_RsaSetRNG(&priv, &rng);
+            if (ret != 0)
+                fprintf(stderr, "Failed to set RNG: %d\n", ret);
+#endif
+
+            if (ret == 0) {
+                decSz = ret = wc_RsaPrivateDecrypt_ex(out, outSz, dec, (int)decSz, 
+                    &priv, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, 
+                    NULL, 0);
+                if (ret < 0)
+                    fprintf(stderr, "Failed to perform private decrypt: %d\n", ret);
+                else
+                    ret = 0;
+            }
+
+            /* Verify the decrypted data matches the original */
+            if (ret == 0) {
+                if (decSz != plainSz || memcmp(plain, dec, decSz) != 0) {
+                    fprintf(stderr, "Decrypted data does not match plain text\n");
+                    ret = -1;
+                }
+                else {
+                    fprintf(stderr, "Decryption successful\n");
+                }
+            }
+            
+            wc_FreeRsaKey(&priv);
+        }
+    }
+
+    return ret;
+}
+

 int main(int argc, char* argv[])
 {
@ -388,6 +465,11 @@ int main(int argc, char* argv[])
                        ret = 1;
                }
            #endif
+                if (ret == 0) {
+                    ret = rsa_encrypt_decrypt(devId);
+                    if (ret != 0)
+                        ret = 1;
+                }
            #endif
            }
            wc_Pkcs11Token_Final(&token);