Removes mode param from mbedtls_rsa_rsassa_pkcs1_v15_sign

Commit removes the mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_sign and
propagates the change throughout the
codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>

include/mbedtls/rsa.h

@@ -835,24 +835,11 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
  * \brief          This function performs a PKCS#1 v1.5 signature
  *                 operation (RSASSA-PKCS1-v1_5-SIGN).
  *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
  * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. If \p mode is
- *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param f_rng    The RNG function. This is used for blinding and should be
+ *                 provided; see mbedtls_rsa_private() for more.
  * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
  *                 if \p f_rng is \c NULL or doesn't need a context argument.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
  * \param hashlen  The length of the message digest.
@@ -873,7 +860,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
 int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
                                int (*f_rng)(void *, unsigned char *, size_t),
                                void *p_rng,
-                               int mode,
                                mbedtls_md_type_t md_alg,
                                unsigned int hashlen,
                                const unsigned char *hash,

library/rsa.c

@@ -2049,7 +2049,6 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
 int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
                                int (*f_rng)(void *, unsigned char *, size_t),
                                void *p_rng,
-                               int mode,
                                mbedtls_md_type_t md_alg,
                                unsigned int hashlen,
                                const unsigned char *hash,
@@ -2059,16 +2058,11 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
     unsigned char *sig_try = NULL, *verif = NULL;
 
     RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
     RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
                         hashlen == 0 ) ||
                       hash != NULL );
     RSA_VALIDATE_RET( sig != NULL );
 
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
     /*
      * Prepare PKCS1-v1.5 encoding (padding and hash identifier)
      */
@@ -2077,16 +2071,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
                                              ctx->len, sig ) ) != 0 )
         return( ret );
 
-    /*
-     * Call respective RSA primitive
-     */
-
-    if( mode == MBEDTLS_RSA_PUBLIC )
-    {
-        /* Skip verification on a public key operation */
-        return( mbedtls_rsa_public( ctx, sig, sig ) );
-    }
-
     /* Private key operation
      *
      * In order to prevent Lenstra's attack, make the signature in a
@@ -2144,7 +2128,7 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
     {
 #if defined(MBEDTLS_PKCS1_V15)
         case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+            return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng,
                                                       md_alg, hashlen, hash, sig );
 #endif
 

tests/suites/test_suite_rsa.function

@@ -223,22 +223,18 @@ void rsa_invalid_param( )
 
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
-                                                        MBEDTLS_RSA_PRIVATE,
                                                         0, sizeof( buf ), buf,
                                                         buf ) );
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
-                                                        MBEDTLS_RSA_PRIVATE,
                                                         0, sizeof( buf ), NULL,
                                                         buf ) );
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
-                                                        MBEDTLS_RSA_PRIVATE,
                                                         0, sizeof( buf ), buf,
                                                         NULL ) );
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
-                                                        MBEDTLS_RSA_PRIVATE,
                                                         MBEDTLS_MD_SHA1,
                                                         0, NULL,
                                                         buf ) );