mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-19 18:39:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Removes mode param from mbedtls_rsa_pkcs1_sign

Browse Source 
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit is contained in:
Thomas Daubney 2021-05-18 16:04:07 +01:00
parent 9a66d5c181
commit 140184d029
11 changed files with 25 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
include/mbedtls/rsa.h
View File

@ -790,7 +790,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* a message digest using PKCS#1. * a message digest using PKCS#1.
* *
* It is the generic wrapper for performing a PKCS#1 * It is the generic wrapper for performing a PKCS#1
* signature using the \p mode from the context. * signature.
* *
* \note The \p sig buffer must be as large as the size * \note The \p sig buffer must be as large as the size
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
@ -799,25 +799,13 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* mbedtls_rsa_rsassa_pss_sign() for details on * mbedtls_rsa_rsassa_pss_sign() for details on
* \p md_alg and \p hash_id. * \p md_alg and \p hash_id.
* *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* implicitly set to #MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA context to use. * \param ctx The initialized RSA context to use.
* \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1, * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1,
* this must be provided. If the padding mode is PKCS#1 v1.5 and * this must be provided. If the padding mode is PKCS#1 v1.5
* \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding * it is used for blinding and should be provided;
* and should be provided; see mbedtls_rsa_private() for more * see mbedtls_rsa_private() for more.
* more. It is ignored otherwise.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
* if \p f_rng is \c NULL or doesn't need a context argument. * if \p f_rng is \c NULL or doesn't need a context argument.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data. * \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data. * Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest. * \param hashlen The length of the message digest.
@ -838,7 +826,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,

5
library/pk_wrap.c
View File

@ -120,8 +120,9 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
*sig_len = mbedtls_rsa_get_len( rsa ); *sig_len = mbedtls_rsa_get_len( rsa );
return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng,
md_alg, (unsigned int) hash_len, hash, sig ) ); md_alg, (unsigned int) hash_len,
hash, sig ) );
} }
static int rsa_decrypt_wrap( void *ctx, static int rsa_decrypt_wrap( void *ctx,

1
library/psa_crypto_rsa.c
View File

@ -419,7 +419,6 @@ static psa_status_t rsa_sign_hash(
ret = mbedtls_rsa_pkcs1_sign( rsa, ret = mbedtls_rsa_pkcs1_sign( rsa,
mbedtls_psa_get_random, mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_PSA_RANDOM_STATE,
MBEDTLS_RSA_PRIVATE,
md_alg, md_alg,
(unsigned int) hash_length, (unsigned int) hash_length,
hash, hash,

13
library/rsa.c
View File

@ -2129,15 +2129,12 @@ cleanup:
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ) unsigned char *sig )
{ {
RSA_VALIDATE_RET( ctx != NULL ); RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) || hashlen == 0 ) ||
hash != NULL ); hash != NULL );
@ -2147,14 +2144,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
{ {
#if defined(MBEDTLS_PKCS1_V15) #if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15: case MBEDTLS_RSA_PKCS_V15:
return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
hashlen, hash, sig ); md_alg, hashlen, hash, sig );
#endif #endif
#if defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21: case MBEDTLS_RSA_PKCS_V21:
return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
hashlen, hash, sig ); md_alg, hashlen, hash, sig );
#endif #endif
default: default:
@ -2714,7 +2711,7 @@ int mbedtls_rsa_self_test( int verbose )
} }
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, MBEDTLS_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 ) sha1sum, rsa_ciphertext ) != 0 )
{ {
if( verbose != 0 ) if( verbose != 0 )

2
programs/pkey/dh_server.c
View File

@ -229,7 +229,7 @@ int main( void )
buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len ); buf[n + 1] = (unsigned char)( rsa.len );
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 ) 0, hash, buf + n + 2 ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );

2
programs/pkey/rsa_sign.c
View File

@ -146,7 +146,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
20, hash, buf ) ) != 0 ) 20, hash, buf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret ); mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );

2
tests/suites/test_suite_pk.function
View File

@ -76,7 +76,7 @@ int mbedtls_rsa_sign_func( void *ctx,
((void) f_rng); ((void) f_rng);
((void) p_rng); ((void) p_rng);
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx,
mbedtls_test_rnd_std_rand, NULL, MBEDTLS_RSA_PRIVATE, mbedtls_test_rnd_std_rand, NULL,
md_alg, hashlen, hash, sig ) ); md_alg, hashlen, hash, sig ) );
} }
size_t mbedtls_rsa_key_len_func( void *ctx ) size_t mbedtls_rsa_key_len_func( void *ctx )

4
tests/suites/test_suite_pkcs1_v15.function
View File

@ -293,8 +293,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
&info, MBEDTLS_RSA_PRIVATE, digest, &info, digest, 0, hash_result,
0, hash_result, output ) == result ); output ) == result );
if( result == 0 ) if( result == 0 )
{ {

4
tests/suites/test_suite_pkcs1_v21.function
View File

@ -148,8 +148,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q,
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
{ {
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
&info, MBEDTLS_RSA_PRIVATE, digest, 0, &info, digest, 0,hash_result,
hash_result, output ) == result ); output ) == result );
if( result == 0 ) if( result == 0 )
{ {
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );

12
tests/suites/test_suite_rsa.function
View File

@ -205,22 +205,18 @@ void rsa_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), buf, 0, sizeof( buf ), buf,
buf ) ); buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), NULL, 0, sizeof( buf ), NULL,
buf ) ); buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), buf, 0, sizeof( buf ), buf,
NULL ) ); NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
MBEDTLS_MD_SHA1, MBEDTLS_MD_SHA1,
0, NULL, 0, NULL,
buf ) ); buf ) );
@ -479,8 +475,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
&rnd_info, MBEDTLS_RSA_PRIVATE, digest, &rnd_info, digest, 0, hash_result,
0, hash_result, output ) == result ); output ) == result );
if( result == 0 ) if( result == 0 )
{ {
@ -560,8 +556,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result,
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
&rnd_info, MBEDTLS_RSA_PRIVATE, &rnd_info, MBEDTLS_MD_NONE,
MBEDTLS_MD_NONE, hash_result->len, hash_result->len,
hash_result->x, output ) == 0 ); hash_result->x, output ) == 0 );

4
tests/suites/test_suite_x509write.function
View File

@ -19,8 +19,8 @@ int mbedtls_rsa_sign_func( void *ctx,
mbedtls_md_type_t md_alg, unsigned int hashlen, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig ) const unsigned char *hash, unsigned char *sig )
{ {
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
md_alg, hashlen, hash, sig ) ); md_alg, hashlen, hash, sig ) );
} }
size_t mbedtls_rsa_key_len_func( void *ctx ) size_t mbedtls_rsa_key_len_func( void *ctx )
{ {