diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt new file mode 100644 index 0000000000..854dda34b2 --- /dev/null +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -0,0 +1,9 @@ +Removals + * The RSA module no longer supports private-key operations with the public + key and vice versa. +API changes + * Remove the mode parameter from RSA operation functions. Signature and + decryption functions now always use the private key and verification and + encryption use the public key. Verification functions also no longer have + RNG parameters. + * The RNG is now mandatory for all private-key RSA operations. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md new file mode 100644 index 0000000000..e400650dd0 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -0,0 +1,29 @@ +Remove the mode parameter from RSA functions +-------------------------------------------- + +This affects all users who use the RSA encryption, decryption, sign and +verify APIs. + +The RSA module no longer supports private-key operations with the public key or +vice versa. As a consequence, RSA operation functions no longer have a mode +parameter. If you were calling RSA operations with the normal mode (public key +for verification or encryption, private key for signature or decryption), remove +the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling +RSA operations with the wrong mode, which rarely makes sense from a security +perspective, this is no longer supported. + +Remove the RNG parameter from RSA verify functions +-------------------------------------------------- + +RSA verification functions also no longer take random generator arguments (this +was only needed when using a private key). This affects all applications using +the RSA verify functions. + +RNG is now mandatory in all RSA private key operations +------------------------------------------------------ + +The random generator is now mandatory for blinding in all RSA private-key +operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`, +`mbedtls_rsa_xxx_decrypt`) as well as for encryption +(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer +supported. diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 093b3bc6d6..25f02ff69d 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -234,7 +234,7 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen, size_t output_max_len ); typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a54ac4dd09..ba00bff31b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -57,8 +57,6 @@ /* * RSA constants */ -#define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */ -#define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */ #define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ #define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ @@ -423,7 +421,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * * \param ctx The initialized RSA context used to hold the key. * \param f_rng The RNG function to be used for key generation. - * This must not be \c NULL. + * This is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. * This may be \c NULL if \p f_rng doesn't need a context. * \param nbits The size of the public key in bits. @@ -544,11 +542,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * of a PRNG. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function, used for blinding. It is discouraged - * and deprecated to pass \c NULL here, in which case - * blinding will be omitted. + * \param f_rng The RNG function, used for blinding. It is mandatory. * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or if \p f_rng doesn't need a context. + * if \p f_rng doesn't need a context. * \param input The input buffer. This must be a readable buffer * of length \c ctx->len Bytes. For example, \c 256 Bytes * for an 2048-bit RSA modulus. @@ -571,29 +567,13 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * It is the generic wrapper for performing a PKCS#1 encryption - * operation using the \p mode from the context. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. + * operation. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding - * encoding, and for PKCS#1 v1.5 padding encoding when used - * with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5 - * padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE, - * it is used for blinding and should be provided in this - * case; see mbedtls_rsa_private() for more. + * \param f_rng The RNG to use. It is used for padding generation + * and it is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. May be - * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't - * need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). + * \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -608,7 +588,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ); @@ -616,25 +596,11 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. It is needed for padding generation - * if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is - * #MBEDTLS_RSA_PRIVATE (discouraged), it is used for - * blinding and should be provided; see mbedtls_rsa_private(). + * \param f_rng The RNG function to use. It is mandatory and used for + * padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng is \c NULL or if \p f_rng - * doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). + * be \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -649,7 +615,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ); @@ -660,22 +626,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \note The output buffer must be as large as the size * of ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initnialized RSA context to use. * \param f_rng The RNG function to use. This is needed for padding - * generation and must be provided. + * generation and is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -694,7 +649,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, @@ -715,10 +669,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -751,10 +705,10 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -789,10 +743,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -823,7 +777,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * a message digest using PKCS#1. * * It is the generic wrapper for performing a PKCS#1 - * signature using the \p mode from the context. + * signature. * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. @@ -832,25 +786,11 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * mbedtls_rsa_rsassa_pss_sign() for details on * \p md_alg and \p hash_id. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1, - * this must be provided. If the padding mode is PKCS#1 v1.5 and - * \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding - * and should be provided; see mbedtls_rsa_private() for more - * more. It is ignored otherwise. + * \param f_rng The RNG function to use. This is mandatory and + * must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). + * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -871,7 +811,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -881,24 +820,11 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. If \p mode is - * #MBEDTLS_RSA_PUBLIC, it is ignored. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). + * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -919,7 +845,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -944,7 +869,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It must not be \c NULL. + * \param f_rng The RNG function. It is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. @@ -999,21 +924,10 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, * the key size in bytes), this function returns * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It must not be \c NULL. + * \param f_rng The RNG function. It is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1034,7 +948,6 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -1045,29 +958,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * the message digest. * * This is the generic wrapper for performing a PKCS#1 - * verification using the mode from the context. + * verification. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and * \p hash_id. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1085,9 +982,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -1097,23 +991,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1131,9 +1009,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -1154,23 +1029,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * same. If \p hash_id in the RSA context is unset, * the \p md_alg from the function call is used. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1188,9 +1047,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -1209,13 +1065,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \note The \p hash_id in the RSA context is ignored. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1236,9 +1085,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk.c b/library/pk.c index 6d296638d8..06021e26c0 100644 --- a/library/pk.c +++ b/library/pk.c @@ -367,11 +367,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - NULL, NULL, MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, hash, - pss_opts->mgf1_hash_id, - pss_opts->expected_salt_len, - sig ); + md_alg, (unsigned int) hash_len, hash, + pss_opts->mgf1_hash_id, + pss_opts->expected_salt_len, + sig ); if( ret != 0 ) return( ret ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 8e4f251231..c351113e04 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,9 +90,9 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, - MBEDTLS_RSA_PUBLIC, md_alg, - (unsigned int) hash_len, hash, sig ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg, + (unsigned int) hash_len, + hash, sig ) ) != 0 ) return( ret ); /* The buffer contains a valid signature followed by extra data. @@ -120,8 +120,9 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, *sig_len = mbedtls_rsa_get_len( rsa ); - return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, (unsigned int) hash_len, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, + md_alg, (unsigned int) hash_len, + hash, sig ) ); } static int rsa_decrypt_wrap( void *ctx, @@ -149,7 +150,7 @@ static int rsa_encrypt_wrap( void *ctx, if( *olen > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); - return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, + return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, ilen, input, output ) ); } @@ -770,7 +771,7 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, md_alg, (unsigned int) hash_len, hash, sig ) ); } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bc7cf3ce2d..db44e3f342 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2918,7 +2918,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_pkcs1_encrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, input_length, input, output ) ); @@ -2933,7 +2932,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_rsaes_oaep_encrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, salt, salt_length, input_length, input, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 686f07d334..10ce30e380 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -419,7 +419,6 @@ static psa_status_t rsa_sign_hash( ret = mbedtls_rsa_pkcs1_sign( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, md_alg, (unsigned int) hash_length, hash, @@ -434,7 +433,6 @@ static psa_status_t rsa_sign_hash( ret = mbedtls_rsa_rsassa_pss_sign( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, (unsigned int) hash_length, hash, @@ -492,9 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_length, hash, @@ -507,9 +502,6 @@ static psa_status_t rsa_verify_hash( { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); ret = mbedtls_rsa_rsassa_pss_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 6761fbdb79..36424bd193 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1156,7 +1156,6 @@ exit: int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, @@ -1170,15 +1169,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); RSA_VALIDATE_RET( label_len == 0 || label != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1232,9 +1226,7 @@ exit: if( ret != 0 ) return( ret ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return( mbedtls_rsa_public( ctx, output, output ) ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1244,8 +1236,7 @@ exit: */ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, + void *p_rng, size_t ilen, const unsigned char *input, unsigned char *output ) { @@ -1254,14 +1245,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, unsigned char *p = output; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - olen = ctx->len; /* first comparison checks for overflow */ @@ -1271,43 +1257,32 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, nb_pad = olen - 3 - ilen; *p++ = 0; - if( mode == MBEDTLS_RSA_PUBLIC ) + + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + *p++ = MBEDTLS_RSA_CRYPT; + + while( nb_pad-- > 0 ) { - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + int rng_dl = 100; - *p++ = MBEDTLS_RSA_CRYPT; + do { + ret = f_rng( p_rng, p, 1 ); + } while( *p == 0 && --rng_dl && ret == 0 ); - while( nb_pad-- > 0 ) - { - int rng_dl = 100; + /* Check if RNG failed to generate data */ + if( rng_dl == 0 || ret != 0 ) + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); - do { - ret = f_rng( p_rng, p, 1 ); - } while( *p == 0 && --rng_dl && ret == 0 ); - - /* Check if RNG failed to generate data */ - if( rng_dl == 0 || ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); - - p++; - } - } - else - { - *p++ = MBEDTLS_RSA_SIGN; - - while( nb_pad-- > 0 ) - *p++ = 0xFF; + p++; } *p++ = 0; if( ilen != 0 ) memcpy( p, input, ilen ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return( mbedtls_rsa_public( ctx, output, output ) ); } #endif /* MBEDTLS_PKCS1_V15 */ @@ -1317,13 +1292,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -1331,14 +1304,14 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, - input, output ); + return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, + ilen, input, output ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, - ilen, input, output ); + return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0, + ilen, input, output ); #endif default: @@ -1771,7 +1744,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -1787,14 +1759,12 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) + if( ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); if( f_rng == NULL ) @@ -1895,9 +1865,7 @@ exit: if( ret != 0 ) return( ret ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, sig ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); + return mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ); } /* @@ -1913,7 +1881,7 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int saltlen, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen, sig ); } @@ -1924,13 +1892,12 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2076,7 +2043,6 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2086,14 +2052,12 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, unsigned char *sig_try = NULL, *verif = NULL; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) + if( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); /* @@ -2104,16 +2068,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, ctx->len, sig ) ) != 0 ) return( ret ); - /* - * Call respective RSA primitive - */ - - if( mode == MBEDTLS_RSA_PUBLIC ) - { - /* Skip verification on a public key operation */ - return( mbedtls_rsa_public( ctx, sig, sig ) ); - } - /* Private key operation * * In order to prevent Lenstra's attack, make the signature in a @@ -2156,15 +2110,12 @@ cleanup: int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); @@ -2174,14 +2125,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, + md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, + hashlen, hash, sig ); #endif default: @@ -2194,9 +2145,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2217,24 +2165,17 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - siglen = ctx->len; if( siglen < 16 || siglen > sizeof( buf ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); + ret = mbedtls_rsa_public( ctx, sig, buf ); if( ret != 0 ) return( ret ); @@ -2344,9 +2285,6 @@ exit: * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2354,8 +2292,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, { mbedtls_md_type_t mgf1_hash_id; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2365,10 +2301,11 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode, - md_alg, hashlen, hash, - mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, - sig ) ); + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, + md_alg, hashlen, hash, + mgf1_hash_id, + MBEDTLS_RSA_SALT_LEN_ANY, + sig ) ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2378,9 +2315,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2391,8 +2325,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, unsigned char *encoded = NULL, *encoded_expected = NULL; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2400,9 +2332,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, sig_len = ctx->len; - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - /* * Prepare expected PKCS1 v1.5 encoding of hash. */ @@ -2422,9 +2351,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); + ret = mbedtls_rsa_public( ctx, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2461,17 +2388,12 @@ cleanup: * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2481,14 +2403,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg, + hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg, + hashlen, hash, sig ); #endif default: @@ -2691,7 +2613,7 @@ int mbedtls_rsa_self_test( int verbose ) memcpy( rsa_plaintext, RSA_PT, PT_LEN ); - if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, + if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, PT_LEN, rsa_plaintext, rsa_ciphertext ) != 0 ) { @@ -2741,7 +2663,7 @@ int mbedtls_rsa_self_test( int verbose ) } if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, + MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) @@ -2754,8 +2676,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index d6e4990a9b..c6b3132005 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,8 +220,8 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); goto exit; diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index dccf0951ca..63df77ee01 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -229,7 +229,7 @@ int main( void ) buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n + 1] = (unsigned char)( rsa.len ); - if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256, 0, hash, buf + n + 2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index ba01201729..6c654ad188 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -143,8 +143,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, MBEDTLS_RSA_PUBLIC, - strlen( argv[1] ), input, buf ); + &ctr_drbg, strlen( argv[1] ), input, buf ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index c9522c8c26..1cfa0a8dd9 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -146,7 +146,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret ); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index fbc0779b2c..6aca17134a 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,8 +140,8 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); goto exit; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index f346b78eca..ddef83604e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -70,13 +70,13 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { ((void) f_rng); ((void) p_rng); return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, mode, + mbedtls_test_rnd_std_rand, NULL, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index b03bddac68..d1c0fc1292 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -36,8 +36,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, message_str->x = NULL; TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) @@ -293,8 +293,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PRIVATE, digest, - 0, hash_result, output ) == result ); + &info, digest, 0, hash_result, + output ) == result ); if( result == 0 ) { @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 2e7f3399db..8f22f20943 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -35,8 +35,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E, message_str->x = NULL; TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { @@ -148,8 +148,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q, if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) { TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PRIVATE, digest, 0, - hash_result, output ) == result ); + &info, digest, 0,hash_result, + output ) == result ); if( result == 0 ) { ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,14 +244,13 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - result_str->x ) == result_simple ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id, + hash_len, hash_result, + result_str->x ) == result_simple ); - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - mgf_hash, salt_len, - result_str->x ) == result_full ); + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_len, + hash_result, mgf_hash, salt_len, + result_str->x ) == result_full ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1182cc6e69..efea5c169a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -23,8 +23,6 @@ void rsa_invalid_param( ) mbedtls_rsa_context ctx; const int valid_padding = MBEDTLS_RSA_PKCS_V21; const int invalid_padding = 42; - const int valid_mode = MBEDTLS_RSA_PRIVATE; - const int invalid_mode = 42; unsigned char buf[42] = { 0 }; size_t olen; @@ -103,77 +101,47 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, - valid_mode, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - invalid_mode, - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - valid_mode, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - valid_mode, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, - NULL, - valid_mode, - sizeof( buf ), buf, - buf ) ); + NULL, sizeof( buf ), + buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - invalid_mode, - sizeof( buf ), buf, - buf ) ); + NULL, sizeof( buf ), + NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - valid_mode, - sizeof( buf ), NULL, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - valid_mode, - sizeof( buf ), buf, - NULL ) ); + NULL, sizeof( buf ), + buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, - valid_mode, buf, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - invalid_mode, - buf, sizeof( buf ), - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, NULL, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, buf, sizeof( buf ), sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, buf, sizeof( buf ), sizeof( buf ), buf, NULL ) ); @@ -235,81 +203,54 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, - valid_mode, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, - valid_mode, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, - valid_mode, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -337,119 +278,76 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, - valid_mode, + mbedtls_rsa_pkcs1_verify( NULL, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_pkcs1_verify( &ctx, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_pkcs1_verify( &ctx, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, - NULL, - valid_mode, + mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, - valid_mode, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, - valid_mode, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, - valid_mode, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify( NULL, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify( &ctx, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify( &ctx, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify( &ctx, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify_ext( NULL, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), - buf, - 0, 0, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_MD_SHA1, 0, NULL, 0, 0, @@ -524,8 +422,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, digest, - 0, hash_result, output ) == result ); + &rnd_info, digest, 0, hash_result, + output ) == result ); if( result == 0 ) { @@ -565,7 +463,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -605,42 +503,14 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, - MBEDTLS_MD_NONE, hash_result->len, + &rnd_info, MBEDTLS_MD_NONE, + hash_result->len, hash_result->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, result_str->len ) == 0 ); -#if defined(MBEDTLS_PKCS1_V15) - /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ - if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) - { - int res; - memset( output, 0x00, sizeof( output) ); - - res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, - &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, hash_result->len, - hash_result->x, output ); - -#if !defined(MBEDTLS_RSA_ALT) - TEST_ASSERT( res == 0 ); -#else - TEST_ASSERT( ( res == 0 ) || - ( res == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) ); -#endif - - if( res == 0 ) - { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, - ctx.len, - result_str->len ) == 0 ); - } - } -#endif /* MBEDTLS_PKCS1_V15 */ - exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); @@ -672,7 +542,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -708,8 +578,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &rnd_info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { @@ -748,8 +618,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, - NULL, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + NULL, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 04ea69b1a6..44f846fd31 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -16,11 +16,11 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, - md_alg, hashlen, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, + md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) {