Skip to content

Commit

Permalink
Added support for OAEP padding to RSA encryption/decryption. (#120)
Browse files Browse the repository at this point in the history 
Co-authored-by: Jason Law <[email protected]>
  • Loading branch information
@jasonelaw
jasonelaw and Jason Law authored Oct 5, 2023
1 parent 634c885 commit 5302c6f
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 10 deletions.
9 changes: 5 additions & 4 deletions R/rsa.R
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
#'
#' @export
#' @param data raw vector of max 245 bytes (for 2048 bit keys) with data to encrypt/decrypt
#' @param oaep if TRUE, changes padding to EME-OAEP as defined in PKCS #1 v2.0
#' @inheritParams signature_create
#' @rdname rsa_encrypt
#' @aliases rsa encrypt
Expand All @@ -28,19 +29,19 @@
#' tempkey <- rsa_decrypt(ciphertext, key)
#' message <- aes_cbc_decrypt(blob, tempkey, iv)
#' out <- rawToChar(message)
rsa_encrypt <- function(data, pubkey = my_pubkey()){
rsa_encrypt <- function(data, pubkey = my_pubkey(), oaep = FALSE){
pk <- read_pubkey(pubkey)
stopifnot(inherits(pk, "rsa"))
stopifnot(is.raw(data))
.Call(R_rsa_encrypt, data, pk)
.Call(R_rsa_encrypt, data, pk, oaep)
}

#' @useDynLib openssl R_rsa_decrypt
#' @export
#' @rdname rsa_encrypt
rsa_decrypt <- function(data, key = my_key(), password = askpass){
rsa_decrypt <- function(data, key = my_key(), password = askpass, oaep = FALSE){
sk <- read_key(key, password)
stopifnot(inherits(sk, "rsa"))
stopifnot(is.raw(data))
.Call(R_rsa_decrypt, data, sk)
.Call(R_rsa_decrypt, data, sk, oaep)
}
6 changes: 4 additions & 2 deletions man/rsa_encrypt.Rd
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 6 additions & 4 deletions src/rsa.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,14 @@
#include <openssl/pem.h>
#include "utils.h"

SEXP R_rsa_encrypt(SEXP data, SEXP keydata) {
SEXP R_rsa_encrypt(SEXP data, SEXP keydata, SEXP oaep) {
const unsigned char *ptr = RAW(keydata);
RSA *rsa = d2i_RSA_PUBKEY(NULL, &ptr, LENGTH(keydata));
int pad = asLogical(oaep) ? RSA_PKCS1_OAEP_PADDING : RSA_PKCS1_PADDING;
bail(!!rsa);
int keysize = RSA_size(rsa);
unsigned char* buf = OPENSSL_malloc(keysize);
int len = RSA_public_encrypt(LENGTH(data), RAW(data), buf, rsa, RSA_PKCS1_PADDING);
int len = RSA_public_encrypt(LENGTH(data), RAW(data), buf, rsa, pad);
bail(len > 0);
RSA_free(rsa);
SEXP res = allocVector(RAWSXP, len);
Expand All @@ -20,13 +21,14 @@ SEXP R_rsa_encrypt(SEXP data, SEXP keydata) {
return res;
}

SEXP R_rsa_decrypt(SEXP data, SEXP keydata){
SEXP R_rsa_decrypt(SEXP data, SEXP keydata, SEXP oaep){
const unsigned char *ptr = RAW(keydata);
RSA *rsa = d2i_RSAPrivateKey(NULL, &ptr, LENGTH(keydata));
int pad = asLogical(oaep) ? RSA_PKCS1_OAEP_PADDING : RSA_PKCS1_PADDING;
bail(!!rsa);
int keysize = RSA_size(rsa);
unsigned char* buf = OPENSSL_malloc(keysize);
int len = RSA_private_decrypt(LENGTH(data), RAW(data), buf, rsa, RSA_PKCS1_PADDING);
int len = RSA_private_decrypt(LENGTH(data), RAW(data), buf, rsa, pad);
bail(len > 0);
RSA_free(rsa);
SEXP res = allocVector(RAWSXP, len);
Expand Down

0 comments on commit 5302c6f

Please sign in to comment.