Used Openssl RSA_verify function

src/libpts/pts/pts.c

@@ -27,6 +27,10 @@
 #include <sys/utsname.h>
 #include <errno.h>
 
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
 #define PTS_BUF_SIZE	4096
 
 typedef struct private_pts_t private_pts_t;
@@ -1170,8 +1174,11 @@ METHOD(pts_t, get_quote_info, bool,
 METHOD(pts_t, verify_quote_signature, bool,
 				private_pts_t *this, chunk_t data, chunk_t signature)
 {
-	/** Implementation using strongswan -> not working */
 	public_key_t *aik_pub_key;
+	chunk_t key_encoding;
+	EVP_PKEY *pkey = NULL;
+	RSA *rsa = NULL;
+	unsigned char *p;
 
 	aik_pub_key = this->aik->get_public_key(this->aik);
 	if (!aik_pub_key)
@@ -1187,10 +1194,59 @@ METHOD(pts_t, verify_quote_signature, bool,
 		DESTROY_IF(aik_pub_key);
 		return FALSE;
 	}
+	*/
 
-	aik_pub_key->destroy(aik_pub_key);
+	if (!aik_pub_key->get_encoding(aik_pub_key, PUBKEY_SPKI_ASN1_DER, &key_encoding))
+	{
+		DBG1(DBG_PTS, "failed to get encoding of AIK public key");
+		goto cleanup;
+	}
 	
+	p = key_encoding.ptr;
+	pkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, key_encoding.len);
+	if (!pkey)
+	{
+		DBG1(DBG_PTS, "failed to get EVP_PKEY object from AIK public key encoding");
+		goto cleanup;
+	}
+
+	rsa = EVP_PKEY_get1_RSA(pkey);
+	if (!rsa)
+	{
+		DBG1(DBG_PTS, "failed to get RSA object from EVP_PKEY");
+		goto cleanup;
+	}
+
+	if (RSA_verify(NID_sha1, data.ptr, data.len, signature.ptr, signature.len, rsa) != 1)
+	{
+		DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
+		goto cleanup;
+	}
+
+	RSA_free(rsa);
+	EVP_PKEY_free(pkey);
+	if (key_encoding.ptr)
+	{
+		chunk_clear(&key_encoding);
+	}
+	aik_pub_key->destroy(aik_pub_key);
 	return TRUE;
+
+cleanup:
+	if (rsa)
+	{
+		RSA_free(rsa);
+	}
+	if (pkey)
+	{
+		EVP_PKEY_free(pkey);
+	}
+	if (key_encoding.ptr)
+	{
+		chunk_clear(&key_encoding);
+	}
+	DESTROY_IF(aik_pub_key);
+	return FALSE;
 }
 
 METHOD(pts_t, destroy, void,