QuasarApp/easyssl
4
1
Fork 0
mirror of https://github.com/QuasarApp/easyssl.git synced 2025-05-09 18:59:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix RSA

Browse Source
This commit is contained in:
Andrei Yankovich 2023-07-14 16:33:48 +02:00
parent 1ab0cc87bf
commit 73ed5b9b82
3 changed files with 107 additions and 10 deletions
src/lib/src/public/easyssl
rsassl.cpprsassl.h
tests/units
cryptotest.h

57
src/lib/src/public/easyssl/rsassl.cpp

@ -17,17 +17,20 @@
namespace EasySSL {
RSASSL::RSASSL() {
RSASSL::RSASSL(RSAPadding padding) {
setPadding(padding);
}
EVP_PKEY * RSASSL::makeRawKeys() const {
EVP_PKEY *pkey = nullptr;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(nullptr, "RSA", nullptr);
EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 4096);
EVP_PKEY_keygen_init(pctx);
if (EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, _bits) <= 0) {
EasySSLUtils::printlastOpenSSlError();
};
EVP_PKEY_generate(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
@ -160,7 +163,7 @@ QByteArray RSASSL::decrypt(const QByteArray &message, const QByteArray &key) {
return {};
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
if (EVP_PKEY_CTX_set_rsa_padding(ctx, getRawOpenSSLPandingValue(_padding)) <= 0) {
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(rsaPrivateKey);
return {};
@ -171,7 +174,7 @@ QByteArray RSASSL::decrypt(const QByteArray &message, const QByteArray &key) {
for (int index = 0; index < message.size(); index += maxDencryptedSize) {
QByteArray decryptedDataPart(maxDencryptedSize, 0);
size_t realDecryptedDataPartSize = 0;
size_t realDecryptedDataPartSize = maxDencryptedSize; // must be equals or large of private key size.
if (EVP_PKEY_decrypt(ctx,
reinterpret_cast<unsigned char*>(decryptedDataPart.data()),
&realDecryptedDataPartSize,
@ -215,7 +218,7 @@ QByteArray RSASSL::encrypt(const QByteArray &message, const QByteArray &key) {
return {};
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
if (EVP_PKEY_CTX_set_rsa_padding(ctx, getRawOpenSSLPandingValue(_padding)) <= 0) {
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(rsaPublicKey);
return {};
@ -228,13 +231,14 @@ QByteArray RSASSL::encrypt(const QByteArray &message, const QByteArray &key) {
QByteArray encryptedDataPart(maxEncryptedSize, 0);
size_t realEncryptedDataPartSize = 0;
int currentPartSize = std::min(message.length() - index, maxEncryptedSize);
int currentPartSize = std::min(message.length() - index, maxEncryptedSize - getPandingSize(_padding)) ;
if (EVP_PKEY_encrypt(ctx,
reinterpret_cast<unsigned char*>(encryptedDataPart.data()),
&realEncryptedDataPartSize,
reinterpret_cast<const unsigned char*>(&(message.constData()[index])),
currentPartSize) <= 0) {
EasySSLUtils::printlastOpenSSlError();
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(rsaPublicKey);
return {};
@ -249,4 +253,41 @@ QByteArray RSASSL::encrypt(const QByteArray &message, const QByteArray &key) {
return encryptedData;
}
RSASSL::RSAPadding RSASSL::padding() const {
return _padding;
}
void RSASSL::setPadding(RSAPadding newPadding) {
_padding = newPadding;
}
int RSASSL::getRawOpenSSLPandingValue(RSAPadding panding) {
switch (panding) {
case NO_PADDING: return RSA_NO_PADDING;
case PKCS1_OAEP_PADDING: return RSA_PKCS1_OAEP_PADDING;
case PKCS1_PADDING: return RSA_PKCS1_PADDING;
default:
return 0;
}
}
int RSASSL::getPandingSize(RSAPadding panding) {
switch (panding) {
case PKCS1_OAEP_PADDING: return 42;
case PKCS1_PADDING: return 11;
default:
return 0;
}
}
RSASSL::RSABits RSASSL::bits() const {
return _bits;
}
void RSASSL::setBits(RSABits newBits) {
_bits = newBits;
}
}

58
src/lib/src/public/easyssl/rsassl.h

@ -19,8 +19,32 @@ namespace EasySSL {
*/
class EASYSSL_EXPORT RSASSL: public EasySSL::ICrypto
{
/**
* @brief The RsaPadding enum
* @see https://www.openssl.org/docs/man1.1.1/man3/RSA_public_encrypt.html
*/
enum RSAPadding {
/// Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure.
NO_PADDING,
/// EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications.
PKCS1_OAEP_PADDING,
///PKCS #1 v1.5 padding. This currently is the most widely used mode. However, it is highly recommended to use RSA_PKCS1_OAEP_PADDING in new applications. SEE WARNING BELOW.
PKCS1_PADDING,
};
enum RSABits {
RSA_Base = 1024,
RSA_2048 = 2 * RSA_Base,
RSA_3072 = 3 * RSA_Base,
RSA_4096 = 4 * RSA_Base,
};
public:
RSASSL();
RSASSL(RSAPadding padding = PKCS1_OAEP_PADDING);
EVP_PKEY *makeRawKeys() const override;
Features supportedFeatures() const override;
@ -41,6 +65,38 @@ public:
*/
QByteArray encrypt(const QByteArray &message, const QByteArray &key) override;
/**
* @brief padding This is mode of pending data before icnription.
* @return encription pending mode.
*/
RSAPadding padding() const;
/**
* @brief setPadding This method sets new mode for encription pendong.
* @param newPadding This is new new mode.
* @note You must change padding mode for both side (encryption and decryption)
*/
void setPadding(RSAPadding newPadding);
/**
* @brief bits return cuurrent rsa keys size mode. Using oly for generate keys.
* @return size of the rsa keys.
*/
RSABits bits() const;
/**
* @brief setBits sets new value of the rsa key generator.
* @param newBits this is new value of the key size of rsa.
*/
void setBits(RSABits newBits);
private:
int getRawOpenSSLPandingValue(RSAPadding panding);
int getPandingSize(RSAPadding panding);
RSAPadding _padding = PKCS1_OAEP_PADDING;
RSABits _bits = RSABits::RSA_3072;
};
}

2
tests/units/cryptotest.h

@ -25,7 +25,7 @@ public:
//test long messages
const int Mb = 1024 * 1024 * 1024; //1 mb
const int Mb = 1024 * 1024; //1 mb
testImpl(QByteArray(Mb, 'c'));
} ;