From fb8d90a2db8c4c12ace2d4bb4adf22fb9a17add7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Mar 2023 10:47:59 +0100 Subject: [PATCH] RSA: always use MD light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Note: already auto-enabled in build_info.h Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 5 -- include/mbedtls/mbedtls_config.h | 11 +-- library/rsa.c | 84 ---------------------- tests/suites/test_suite_pkcs1_v21.function | 15 ++++ tests/suites/test_suite_rsa.function | 4 ++ 5 files changed, 22 insertions(+), 97 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7b7ecba1a0..412bb0a92f 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -174,11 +174,6 @@ #error "MBEDTLS_PKCS5_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PKCS1_V21) && \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) -#error "MBEDTLS_PKCS1_V21 defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ !defined(MBEDTLS_SHA256_C)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f460e0d44f..225664ee85 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1180,15 +1180,10 @@ * * Enable support for PKCS#1 v2.1 encoding. * - * Requires: MBEDTLS_RSA_C and (MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C). + * Requires: MBEDTLS_RSA_C * - * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() - * before doing any PKCS#1 v2.1 operation. - * - * \warning When building with MBEDTLS_MD_C, all hashes used with this - * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, - * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by - * this module in builds where MBEDTLS_MD_C is disabled. + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any PKCS#1 v2.1 operation. * * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ diff --git a/library/rsa.c b/library/rsa.c index 01159dfa20..558cee0ef5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -54,18 +54,6 @@ #include #endif -/* We use MD first if it's available (for compatibility reasons) - * and "fall back" to PSA otherwise (which needs psa_crypto_init()). */ -#if defined(MBEDTLS_PKCS1_V21) -#if !defined(MBEDTLS_MD_C) -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_md_errors, \ - psa_generic_status_to_mbedtls) -#endif /* !MBEDTLS_MD_C */ -#endif /* MBEDTLS_PKCS1_V21 */ - #include "mbedtls/platform.h" #if !defined(MBEDTLS_RSA_ALT) @@ -1089,7 +1077,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, unsigned int hlen; size_t i, use_len; unsigned char mask[MBEDTLS_HASH_MAX_SIZE]; -#if defined(MBEDTLS_MD_C) int ret = 0; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; @@ -1106,14 +1093,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, } hlen = mbedtls_md_get_size(md_info); -#else - psa_hash_operation_t op = PSA_HASH_OPERATION_INIT; - psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg); - psa_status_t status = PSA_SUCCESS; - size_t out_len; - - hlen = PSA_HASH_LENGTH(alg); -#endif memset(mask, 0, sizeof(mask)); memset(counter, 0, 4); @@ -1127,7 +1106,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, use_len = dlen; } -#if defined(MBEDTLS_MD_C) if ((ret = mbedtls_md_starts(&md_ctx)) != 0) { goto exit; } @@ -1140,21 +1118,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, if ((ret = mbedtls_md_finish(&md_ctx, mask)) != 0) { goto exit; } -#else - if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) { - goto exit; - } - if ((status = psa_hash_update(&op, src, slen)) != PSA_SUCCESS) { - goto exit; - } - if ((status = psa_hash_update(&op, counter, 4)) != PSA_SUCCESS) { - goto exit; - } - status = psa_hash_finish(&op, mask, sizeof(mask), &out_len); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif for (i = 0; i < use_len; ++i) { *p++ ^= mask[i]; @@ -1167,15 +1130,9 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, exit: mbedtls_platform_zeroize(mask, sizeof(mask)); -#if defined(MBEDTLS_MD_C) mbedtls_md_free(&md_ctx); return ret; -#else - psa_hash_abort(&op); - - return PSA_TO_MBEDTLS_ERR(status); -#endif } /** @@ -1194,7 +1151,6 @@ static int hash_mprime(const unsigned char *hash, size_t hlen, { const unsigned char zeros[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; -#if defined(MBEDTLS_MD_C) mbedtls_md_context_t md_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1227,35 +1183,6 @@ exit: mbedtls_md_free(&md_ctx); return ret; -#else - psa_hash_operation_t op = PSA_HASH_OPERATION_INIT; - psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t out_size = PSA_HASH_LENGTH(alg); - size_t out_len; - - if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) { - goto exit; - } - if ((status = psa_hash_update(&op, zeros, sizeof(zeros))) != PSA_SUCCESS) { - goto exit; - } - if ((status = psa_hash_update(&op, hash, hlen)) != PSA_SUCCESS) { - goto exit; - } - if ((status = psa_hash_update(&op, salt, slen)) != PSA_SUCCESS) { - goto exit; - } - status = psa_hash_finish(&op, out, out_size, &out_len); - if (status != PSA_SUCCESS) { - goto exit; - } - -exit: - psa_hash_abort(&op); - - return PSA_TO_MBEDTLS_ERR(status); -#endif /* !MBEDTLS_MD_C */ } /** @@ -1270,7 +1197,6 @@ static int compute_hash(mbedtls_md_type_t md_alg, const unsigned char *input, size_t ilen, unsigned char *output) { -#if defined(MBEDTLS_MD_C) const mbedtls_md_info_t *md_info; md_info = mbedtls_md_info_from_type(md_alg); @@ -1279,16 +1205,6 @@ static int compute_hash(mbedtls_md_type_t md_alg, } return mbedtls_md(md_info, input, ilen, output); -#else - psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg); - psa_status_t status; - size_t out_size = PSA_HASH_LENGTH(alg); - size_t out_len; - - status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len); - - return PSA_TO_MBEDTLS_ERR(status); -#endif /* !MBEDTLS_MD_C */ } #endif /* MBEDTLS_PKCS1_V21 */ diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 75dbc357c8..2eece0a93a 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -18,6 +18,8 @@ void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E, mbedtls_test_rnd_buf_info info; mbedtls_mpi N, E; + MD_PSA_INIT(); + info.fallback_f_rng = mbedtls_test_rnd_std_rand; info.fallback_p_rng = NULL; info.buf = rnd_buf->x; @@ -53,6 +55,7 @@ void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E, exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); mbedtls_rsa_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -69,6 +72,8 @@ void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q, mbedtls_mpi N, P, Q, E; ((void) seed); + MD_PSA_INIT(); + mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); @@ -114,6 +119,7 @@ exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); mbedtls_rsa_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -129,6 +135,8 @@ void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, mbedtls_test_rnd_buf_info info; mbedtls_mpi N, P, Q, E; + MD_PSA_INIT(); + info.fallback_f_rng = mbedtls_test_rnd_std_rand; info.fallback_p_rng = NULL; info.buf = rnd_buf->x; @@ -179,6 +187,7 @@ exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); mbedtls_rsa_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -191,6 +200,8 @@ void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E, mbedtls_mpi N, E; ((void) salt); + MD_PSA_INIT(); + mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); mbedtls_rsa_init(&ctx); TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, @@ -213,6 +224,7 @@ void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E, exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); mbedtls_rsa_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -227,6 +239,8 @@ void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E, mbedtls_rsa_context ctx; mbedtls_mpi N, E; + MD_PSA_INIT(); + mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); mbedtls_rsa_init(&ctx); TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, @@ -254,5 +268,6 @@ void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E, exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); mbedtls_rsa_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a2fe6c8ac7..96fc59b9ab 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1376,6 +1376,10 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { + MD_PSA_INIT(); TEST_ASSERT(mbedtls_rsa_self_test(1) == 0); + +exit: + MD_PSA_DONE(); } /* END_CASE */