diff --git a/src/crypto.rs b/src/crypto.rs index cd46c61c..f13fab26 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -6,7 +6,7 @@ use openssl::error::ErrorStack; use openssl::hash::MessageDigest; use openssl::pkcs5; use openssl::pkey::{PKey, Private, Public}; -use openssl::rsa::Rsa; +use openssl::rsa::{Padding, Rsa}; use openssl::sign::Signer; use std::error::Error; use std::fmt; @@ -62,6 +62,27 @@ pub fn rsa_generate( Ok(Rsa::generate(key_size)?) } +/* + * Inputs: OpenSSL RSA key + * ciphertext to be decrypted + * Output: decrypted plaintext + * + * Take in an RSA-encrypted ciphertext and an RSA private key and decrypt the + * ciphertext based on PKCS1 OAEP. Parameters match that of Python-Keylime. + */ +pub fn rsa_decrypt( + private_key: Rsa, + ciphertext: String, +) -> Result { + let mut dec_result = vec![0; private_key.size() as usize]; + let dec_len = private_key.private_decrypt( + ciphertext.as_bytes(), + &mut dec_result, + Padding::PKCS1, + )?; + Ok(to_hex_string(dec_result[..dec_len].to_vec())) +} + /* * Inputs: password to derive key * shared salt diff --git a/src/main.rs b/src/main.rs index ff6e38a8..59fcd873 100644 --- a/src/main.rs +++ b/src/main.rs @@ -483,13 +483,19 @@ fn get_request_handler( if let Err(e) = set_response_content(200, "Success", response_map, my_response) { - return emsg("Failed to edit the response content body.", Some(e)); + return emsg( + "Failed to edit the response content body.", + Some(e), + ); } } else { if let Err(e) = set_response_content(400, "Bad Request.", Map::new(), my_response) { - return emsg("Failed to edit the response content body.", Some(e)); + return emsg( + "Failed to edit the response content body.", + Some(e), + ); } return emsg("Bad Request. Invalid request content.", None::); }