mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-02 17:54:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4488 from tom-daubney-arm/remove_rsa_mode_params

Browse Source 
Remove rsa mode params part 1
This commit is contained in:
Gilles Peskine 2021-05-17 13:49:19 +02:00 committed by GitHub
commit 864b425156
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 64 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/pk.h
View File

@ -229,7 +229,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
/**
* \brief Types for RSA-alt abstraction
*/
typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len );
typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,

58
include/mbedtls/rsa.h
View File

@ -705,7 +705,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
* message padding.
*
* It is the generic wrapper for performing a PKCS#1 decryption
* operation using the \p mode from the context.
* operation.
*
* \note The output buffer length \c output_max_len should be
* as large as the size \p ctx->len of \p ctx->N (for example,
@ -714,24 +714,11 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
* hold the decryption of the particular ciphertext provided,
* the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* implicitly set to #MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA context to use.
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
* this is used for blinding and should be provided; see
* mbedtls_rsa_private() for more. If \p mode is
* #MBEDTLS_RSA_PUBLIC, it is ignored.
* \param f_rng The RNG function. This is used for blinding and should
* be provided; see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param olen The address at which to store the length of
* the plaintext. This must not be \c NULL.
* \param input The ciphertext buffer. This must be a readable buffer
@ -747,7 +734,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t *olen,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
@ -763,24 +750,11 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
* hold the decryption of the particular ciphertext provided,
* the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* implicitly set to #MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA context to use.
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
* this is used for blinding and should be provided; see
* mbedtls_rsa_private() for more. If \p mode is
* #MBEDTLS_RSA_PUBLIC, it is ignored.
* \param f_rng The RNG function. This is used for blinding and should
* be provided; see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param olen The address at which to store the length of
* the plaintext. This must not be \c NULL.
* \param input The ciphertext buffer. This must be a readable buffer
@ -797,7 +771,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t *olen,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
@ -814,24 +788,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* ciphertext provided, the function returns
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* implicitly set to #MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA context to use.
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
* this is used for blinding and should be provided; see
* mbedtls_rsa_private() for more. If \p mode is
* #MBEDTLS_RSA_PUBLIC, it is ignored.
* \param f_rng The RNG function. This is used for blinding and should
* be provided; see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param label The buffer holding the custom label to use.
* This must be a readable buffer of length \p label_len
* Bytes. It may be \c NULL if \p label_len is \c 0.
@ -851,7 +812,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
const unsigned char *label, size_t label_len,
size_t *olen,
const unsigned char *input,

4
library/pk_wrap.c
View File

@ -135,7 +135,7 @@ static int rsa_decrypt_wrap( void *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
olen, input, output, osize ) );
}
static int rsa_encrypt_wrap( void *ctx,
@ -788,7 +788,7 @@ static int rsa_alt_decrypt_wrap( void *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return( rsa_alt->decrypt_func( rsa_alt->key,
MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
olen, input, output, osize ) );
}
#if defined(MBEDTLS_RSA_C)

2
library/psa_crypto.c
View File

@ -3025,7 +3025,6 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
mbedtls_rsa_pkcs1_decrypt( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
MBEDTLS_RSA_PRIVATE,
output_length,
input,
output,
@ -3041,7 +3040,6 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
mbedtls_rsa_rsaes_oaep_decrypt( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
MBEDTLS_RSA_PRIVATE,
salt, salt_length,
output_length,
input,

66
library/rsa.c
View File

@ -1353,7 +1353,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
const unsigned char *label, size_t label_len,
size_t *olen,
const unsigned char *input,
@ -1370,8 +1369,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
RSA_VALIDATE_RET( input != NULL );
@ -1380,7 +1377,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
/*
* Parameters sanity checks
*/
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
ilen = ctx->len;
@ -1401,9 +1398,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
/*
* RSA operation
*/
ret = ( mode == MBEDTLS_RSA_PUBLIC )
? mbedtls_rsa_public( ctx, input, buf )
: mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
if( ret != 0 )
goto cleanup;
@ -1591,7 +1586,7 @@ static void mem_move_to_left( void *start,
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t *olen,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len )
@ -1616,8 +1611,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
unsigned output_too_large;
RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
RSA_VALIDATE_RET( input != NULL );
RSA_VALIDATE_RET( olen != NULL );
@ -1627,15 +1620,13 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
ilen - 11 :
output_max_len );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( ilen < 16 || ilen > sizeof( buf ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
ret = ( mode == MBEDTLS_RSA_PUBLIC )
? mbedtls_rsa_public( ctx, input, buf )
: mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
if( ret != 0 )
goto cleanup;
@ -1644,37 +1635,20 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* memory trace. The first byte must be 0. */
bad |= buf[0];
if( mode == MBEDTLS_RSA_PRIVATE )
{
/* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
* where PS must be at least 8 nonzero bytes. */
bad |= buf[1] ^ MBEDTLS_RSA_CRYPT;
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count. */
for( i = 2; i < ilen; i++ )
{
pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1;
pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
}
}
else
{
/* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
* where PS must be at least 8 bytes with the value 0xFF. */
bad |= buf[1] ^ MBEDTLS_RSA_SIGN;
/* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
* where PS must be at least 8 nonzero bytes. */
bad |= buf[1] ^ MBEDTLS_RSA_CRYPT;
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count.
* If there's a non-0xff byte in the padding, the padding is bad. */
for( i = 2; i < ilen; i++ )
{
pad_done |= if_int( buf[i], 0, 1 );
pad_count += if_int( pad_done, 0, 1 );
bad |= if_int( pad_done, 0, buf[i] ^ 0xFF );
}
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count. */
for( i = 2; i < ilen; i++ )
{
pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1;
pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
}
/* If pad_done is still zero, there's no data, only unfinished padding. */
bad |= if_int( pad_done, 0, 1 );
@ -1763,14 +1737,12 @@ cleanup:
int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t *olen,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len)
{
RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
RSA_VALIDATE_RET( input != NULL );
RSA_VALIDATE_RET( olen != NULL );
@ -1779,13 +1751,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, olen,
input, output, output_max_len );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, NULL, 0,
olen, input, output,
output_max_len );
#endif
@ -2733,7 +2705,7 @@ int mbedtls_rsa_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( "passed\n PKCS#1 decryption : " );
if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE,
if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL,
&len, rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 )
{

2
programs/pkey/rsa_decrypt.c
View File

@ -177,7 +177,7 @@ int main( int argc, char *argv[] )
fflush( stdout );
ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
&ctr_drbg, &i,
buf, result, 1024 );
if( ret != 0 )
{

4
tests/suites/test_suite_pk.function
View File

@ -60,12 +60,12 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter )
}
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
mbedtls_test_rnd_std_rand, NULL, mode,
mbedtls_test_rnd_std_rand, NULL,
olen, input, output, output_max_len ) );
}
int mbedtls_rsa_sign_func( void *ctx,

76
tests/suites/test_suite_pkcs1_v15.data
View File

@ -41,91 +41,43 @@ RSASSA-V15 Verification Test Vector Int
pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0
RSAES-V15 decoding: good, payload=max, tight output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:117:0
pkcs1_v15_decode:"0002505152535455565700":117:117:0
RSAES-V15 decoding: good, payload=max, larger output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:128:0
pkcs1_v15_decode:"0002505152535455565700":117:128:0
RSAES-V15 decoding: good, payload=max-1, tight output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:116:0
pkcs1_v15_decode:"000250515253545556575800":116:116:0
RSAES-V15 decoding: good, payload=max-1, larger output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:117:0
pkcs1_v15_decode:"000250515253545556575800":116:117:0
RSAES-V15 decoding: good, payload=1
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"00025050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":1:1:0
pkcs1_v15_decode:"00025050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":1:1:0
RSAES-V15 decoding: good, empty payload
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":0:0:0
pkcs1_v15_decode:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":0:0:0
RSAES-V15 decoding: payload=max, output too large
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:116:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
pkcs1_v15_decode:"0002505152535455565700":117:116:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
RSAES-V15 decoding: payload=max-1, output too large
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:115:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
pkcs1_v15_decode:"000250515253545556575800":116:115:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
RSAES-V15 decoding: bad first byte
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0102505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
pkcs1_v15_decode:"0102505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 decoding: bad second byte (0 instead of 2)
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0000505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
pkcs1_v15_decode:"0000505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 decoding: bad second byte (1 instead of 2)
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0001505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
pkcs1_v15_decode:"0001505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 decoding: padding too short (0)
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000200":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
pkcs1_v15_decode:"000200":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 decoding: padding too short (7)
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050500000ffffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
pkcs1_v15_decode:"0002505050505050500000ffffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 decoding: unfinished padding
pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: good, payload=max, tight output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:117:0
EMSA-V15 decoding: good, payload=max, larger output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:128:0
EMSA-V15 decoding: good, payload=max-1, tight output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:116:0
EMSA-V15 decoding: good, payload=max-1, larger output buffer
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:117:0
EMSA-V15 decoding: good, payload=1
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":1:1:0
EMSA-V15 decoding: good, empty payload
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":0:0:0
EMSA-V15 decoding: bad first byte
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0101ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: bad second byte (0 instead of 1)
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: bad second byte (2 instead of 1)
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0002ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: padding too short (0)
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"000100":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: padding too short (7)
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffff0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: invalid padding at first byte
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffe00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: invalid padding at last byte
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: unfinished padding
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: unfinished padding with invalid first byte
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
EMSA-V15 decoding: unfinished padding with invalid last byte
pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
pkcs1_v15_decode:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING

15
tests/suites/test_suite_pkcs1_v15.function
View File

@ -89,7 +89,6 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info,
MBEDTLS_RSA_PRIVATE,
&output_len, message_str->x,
NULL, 0 ) == result );
}
@ -97,7 +96,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
{
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info, MBEDTLS_RSA_PRIVATE,
&rnd_info,
&output_len, message_str->x,
output, 1000 ) == result );
if( result == 0 )
@ -116,8 +115,7 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void pkcs1_v15_decode( int mode,
data_t *input,
void pkcs1_v15_decode( data_t *input,
int expected_plaintext_length_arg,
int output_size_arg,
int expected_result )
@ -207,17 +205,12 @@ void pkcs1_v15_decode( int mode,
TEST_ASSERT( input->len <= sizeof( N ) );
memcpy( original, input->x, input->len );
memset( original + input->len, 'd', sizeof( original ) - input->len );
if( mode == MBEDTLS_RSA_PRIVATE )
TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
else
TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand,
&rnd_info, original,
intermediate ) == 0 );
TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
memcpy( final, default_content, sizeof( final ) );
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info, mode, &output_length,
&rnd_info, &output_length,
intermediate, final,
output_size ) == expected_result );
if( expected_result == 0 )

2
tests/suites/test_suite_pkcs1_v21.function
View File

@ -85,7 +85,6 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q,
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info,
MBEDTLS_RSA_PRIVATE,
&output_len, message_str->x,
NULL, 0 ) == result );
}
@ -94,7 +93,6 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q,
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info,
MBEDTLS_RSA_PRIVATE,
&output_len, message_str->x,
output,
sizeof( output ) ) == result );

71
tests/suites/test_suite_rsa.function
View File

@ -180,78 +180,55 @@ void rsa_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
valid_mode, &olen,
&olen,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
invalid_mode, &olen,
NULL,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
valid_mode, NULL,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
valid_mode, &olen,
&olen,
NULL, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
valid_mode, &olen,
&olen,
buf, NULL, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
NULL,
valid_mode, &olen,
NULL, &olen,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
NULL,
invalid_mode, &olen,
NULL, NULL,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
NULL,
valid_mode, NULL,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
NULL,
valid_mode, &olen,
NULL, &olen,
NULL, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
NULL,
valid_mode, &olen,
NULL, &olen,
buf, NULL, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
valid_mode,
buf, sizeof( buf ),
&olen,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
invalid_mode,
buf, sizeof( buf ),
&olen,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
valid_mode,
NULL, sizeof( buf ),
NULL,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
valid_mode,
buf, sizeof( buf ),
&olen,
NULL, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
valid_mode,
buf, sizeof( buf ),
&olen,
buf, NULL, 42 ) );
@ -697,36 +674,6 @@ void rsa_pkcs1_verify_raw( data_t * hash_result,
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to verify signatures */
if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
{
int res;
int ok;
size_t olen;
res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
NULL, NULL, MBEDTLS_RSA_PUBLIC,
&olen, result_str->x, output, sizeof( output ) );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
#else
TEST_ASSERT( ( res == 0 ) ||
( res == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) );
#endif
if( res == 0 )
{
ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0;
if( correct == 0 )
TEST_ASSERT( ok == 1 );
else
TEST_ASSERT( ok == 0 );
}
}
#endif /* MBEDTLS_PKCS1_V15 */
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
mbedtls_rsa_free( &ctx );
@ -853,7 +800,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
output_len = 0;
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand,
&rnd_info, MBEDTLS_RSA_PRIVATE,
&rnd_info,
&output_len, message_str->x, output,
max_output ) == result );
if( result == 0 )

6
tests/suites/test_suite_x509write.function
View File

@ -7,12 +7,12 @@
#include "mbedtls/rsa.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
input, output, output_max_len ) );
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL,
olen, input, output, output_max_len ) );
}
int mbedtls_rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,