From 0d3766df21b04187083cf938dbb43fd3670de9b5 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 19:52:13 +0000 Subject: [PATCH 1/3] Add RSA encrypt/decrypt example to pkcs11_rsa.c Co-Authored-By: colton@wolfssl.com --- pkcs11/pkcs11_rsa.c | 84 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 83 insertions(+), 1 deletion(-) diff --git a/pkcs11/pkcs11_rsa.c b/pkcs11/pkcs11_rsa.c index 772e9e95..92953704 100644 --- a/pkcs11/pkcs11_rsa.c +++ b/pkcs11/pkcs11_rsa.c @@ -1,6 +1,6 @@ /* pkcs11_rsa.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -321,6 +321,83 @@ static int rsa_sign_verify_pss(int devId) } #endif /* ifdef WC_RSA_PSS */ #endif /* ifndef NO_RSA */ +static int rsa_encrypt_decrypt(int devId) +{ + int ret = 0; + byte plain[128], out[2048/8], dec[2048/8]; + word32 plainSz, outSz, decSz; + RsaKey pub; + RsaKey priv; + + memset(plain, 9, sizeof(plain)); + plainSz = sizeof(plain); + outSz = sizeof(out); + decSz = sizeof(dec); + + /* Encrypt with public key */ + ret = decode_public_key(&pub, devId); + if (ret == 0) { + fprintf(stderr, "RSA Public Encrypt\n"); + +#ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(&pub, &rng); + if (ret != 0) + fprintf(stderr, "Failed to set RNG: %d\n", ret); +#endif + + if (ret == 0) { + outSz = ret = wc_RsaPublicEncrypt_ex(plain, plainSz, out, (int)outSz, + &pub, &rng, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, + NULL, 0); + if (ret < 0) + fprintf(stderr, "Failed to perform public encrypt: %d\n", ret); + else + ret = 0; + } + + wc_FreeRsaKey(&pub); + } + + /* Decrypt with private key */ + if (ret == 0) { + ret = decode_private_key(&priv, devId); + if (ret == 0) { + fprintf(stderr, "RSA Private Decrypt\n"); + +#ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(&priv, &rng); + if (ret != 0) + fprintf(stderr, "Failed to set RNG: %d\n", ret); +#endif + + if (ret == 0) { + decSz = ret = wc_RsaPrivateDecrypt_ex(out, outSz, dec, (int)decSz, + &priv, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, + NULL, 0); + if (ret < 0) + fprintf(stderr, "Failed to perform private decrypt: %d\n", ret); + else + ret = 0; + } + + /* Verify the decrypted data matches the original */ + if (ret == 0) { + if (decSz != plainSz || memcmp(plain, dec, decSz) != 0) { + fprintf(stderr, "Decrypted data does not match plain text\n"); + ret = -1; + } + else { + fprintf(stderr, "Decryption successful\n"); + } + } + + wc_FreeRsaKey(&priv); + } + } + + return ret; +} + int main(int argc, char* argv[]) { @@ -388,6 +465,11 @@ int main(int argc, char* argv[]) ret = 1; } #endif + if (ret == 0) { + ret = rsa_encrypt_decrypt(devId); + if (ret != 0) + ret = 1; + } #endif } wc_Pkcs11Token_Final(&token); From e298fbf19a9c17b9d8ca5dea40ef1ae1ec8f3a48 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 18:31:11 +0000 Subject: [PATCH 2/3] Address PR comments for RSA encrypt/decrypt example Co-Authored-By: colton@wolfssl.com --- pkcs11/pkcs11_rsa.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/pkcs11/pkcs11_rsa.c b/pkcs11/pkcs11_rsa.c index 92953704..de9a16b0 100644 --- a/pkcs11/pkcs11_rsa.c +++ b/pkcs11/pkcs11_rsa.c @@ -320,19 +320,24 @@ static int rsa_sign_verify_pss(int devId) return ret; } #endif /* ifdef WC_RSA_PSS */ -#endif /* ifndef NO_RSA */ + +/* Define maximum RSA key size in bits */ +#define MAX_RSA_KEY_BITS 2048 + +#ifndef NO_RSA static int rsa_encrypt_decrypt(int devId) { int ret = 0; - byte plain[128], out[2048/8], dec[2048/8]; + byte plain[128], out[MAX_RSA_KEY_BITS/8], dec[MAX_RSA_KEY_BITS/8]; word32 plainSz, outSz, decSz; RsaKey pub; RsaKey priv; + /* Initialize plain text buffer with 9's as sample data */ memset(plain, 9, sizeof(plain)); - plainSz = sizeof(plain); - outSz = sizeof(out); - decSz = sizeof(dec); + plainSz = (word32)sizeof(plain); + outSz = (word32)sizeof(out); + decSz = (word32)sizeof(dec); /* Encrypt with public key */ ret = decode_public_key(&pub, devId); @@ -397,7 +402,7 @@ static int rsa_encrypt_decrypt(int devId) return ret; } - +#endif /* ifndef NO_RSA */ int main(int argc, char* argv[]) { From 3ab39f84684b00be3b6ea3080b678b91b7656220 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 18:36:39 +0000 Subject: [PATCH 3/3] Fix preprocessor directive issue by removing redundant #ifndef NO_RSA Co-Authored-By: colton@wolfssl.com --- pkcs11/pkcs11_rsa.c | 1 - 1 file changed, 1 deletion(-) diff --git a/pkcs11/pkcs11_rsa.c b/pkcs11/pkcs11_rsa.c index de9a16b0..cd257901 100644 --- a/pkcs11/pkcs11_rsa.c +++ b/pkcs11/pkcs11_rsa.c @@ -324,7 +324,6 @@ static int rsa_sign_verify_pss(int devId) /* Define maximum RSA key size in bits */ #define MAX_RSA_KEY_BITS 2048 -#ifndef NO_RSA static int rsa_encrypt_decrypt(int devId) { int ret = 0;