From c32e2b0921dafb07412628ca1460a2a5999608a1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 17:03:47 +0100 Subject: [PATCH 01/39] Removal and modification of tests Changes for tests involving mbedtls_rsa_pkcs1_encrypt. Removal of test in test_suite_rsa.function where invalid mode is used. Also modification of other tests to use the constant MBEDTLS_RSA_PUBLIC instead of the mode variable. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1182cc6e6986..1eca3148a3f5 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -103,22 +103,17 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - invalid_mode, - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, NULL ) ); From 2177277ddab7896b295205ed5d5e15180b6aca08 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 17:30:32 +0100 Subject: [PATCH 02/39] Removes mode param from mbedtls_rsa_pkcs1_encrypt Removal of the mode parameter from mbedtls_rsa_pkcs1_encrypt function. This change is propagated throughout the codebase and to relevant tests. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 17 +++-------------- library/pk_wrap.c | 2 +- library/psa_crypto.c | 1 - library/rsa.c | 16 ++++++++-------- programs/pkey/rsa_encrypt.c | 3 +-- tests/suites/test_suite_pkcs1_v15.function | 4 ++-- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 11 ++++------- 8 files changed, 21 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a54ac4dd09fe..943321544ad2 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -571,12 +571,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * It is the generic wrapper for performing a PKCS#1 encryption - * operation using the \p mode from the context. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. + * operation. * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead @@ -584,16 +579,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * * \param ctx The initialized RSA context to use. * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding - * encoding, and for PKCS#1 v1.5 padding encoding when used - * with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5 - * padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE, - * it is used for blinding and should be provided in this - * case; see mbedtls_rsa_private() for more. + * encoding, and for PKCS#1 v1.5 padding encoding. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't * need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -608,7 +597,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 8e4f25123135..e1ad50795d8d 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -149,7 +149,7 @@ static int rsa_encrypt_wrap( void *ctx, if( *olen > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); - return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, + return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, ilen, input, output ) ); } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 64ead5b6edcc..c4354d758105 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3064,7 +3064,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_pkcs1_encrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, input_length, input, output ) ); diff --git a/library/rsa.c b/library/rsa.c index 6761fbdb7915..5ecc778355ed 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1317,13 +1317,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -1331,14 +1329,16 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, - input, output ); + return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, + MBEDTLS_RSA_PUBLIC, ilen, + input, output ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, - ilen, input, output ); + return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, + MBEDTLS_RSA_PUBLIC, NULL, 0, + ilen, input, output ); #endif default: @@ -2691,7 +2691,7 @@ int mbedtls_rsa_self_test( int verbose ) memcpy( rsa_plaintext, RSA_PT, PT_LEN ); - if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, + if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, PT_LEN, rsa_plaintext, rsa_ciphertext ) != 0 ) { diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index ba0120172905..6c654ad188af 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -143,8 +143,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, MBEDTLS_RSA_PUBLIC, - strlen( argv[1] ), input, buf ); + &ctr_drbg, strlen( argv[1] ), input, buf ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index b03bddac687d..878c414ad678 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -36,8 +36,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, message_str->x = NULL; TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 2e7f3399dbfd..623f7bc55221 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -35,8 +35,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E, message_str->x = NULL; TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1eca3148a3f5..c051ed3504a4 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -103,17 +103,14 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, - MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, NULL ) ); @@ -703,8 +700,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &rnd_info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { @@ -743,8 +740,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, - NULL, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + NULL, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { From 69a8c3809e1a6b5fd2a234da2771a89210734180 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 17:59:50 +0100 Subject: [PATCH 03/39] Removes and modifies tests Removal and modification of tests relating to mbedtls_rsa_rsaes_pkcs1_v15_encrypt. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 40 +++------------------------- 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index c051ed3504a4..4a818c59a5c4 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -117,25 +117,19 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, NULL, - invalid_mode, - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, NULL ) ); @@ -605,34 +599,6 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, result_str->len ) == 0 ); -#if defined(MBEDTLS_PKCS1_V15) - /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ - if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) - { - int res; - memset( output, 0x00, sizeof( output) ); - - res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, - &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, hash_result->len, - hash_result->x, output ); - -#if !defined(MBEDTLS_RSA_ALT) - TEST_ASSERT( res == 0 ); -#else - TEST_ASSERT( ( res == 0 ) || - ( res == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) ); -#endif - - if( res == 0 ) - { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, - ctx.len, - result_str->len ) == 0 ); - } - } -#endif /* MBEDTLS_PKCS1_V15 */ - exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); From 53e4ac64b7dd34e537ddf7b203629dd4cde89eda Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 18:26:49 +0100 Subject: [PATCH 04/39] Removes mode param from mbedtls_rsa_rsaes_pkcs1_v15_encrypt Removal of mode parameter from mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit propagates the change to all relevant function calls and tests. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 14 ++------ library/rsa.c | 50 +++++++++------------------- tests/suites/test_suite_rsa.function | 18 ++++------ 3 files changed, 24 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 943321544ad2..47726ec72cad 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -605,25 +605,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. It is needed for padding generation - * if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is - * #MBEDTLS_RSA_PRIVATE (discouraged), it is used for - * blinding and should be provided; see mbedtls_rsa_private(). + * \param f_rng The RNG function to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng is \c NULL or if \p f_rng * doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -638,7 +628,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ); diff --git a/library/rsa.c b/library/rsa.c index 5ecc778355ed..6651c880a288 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1244,8 +1244,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, + void *p_rng, size_t ilen, const unsigned char *input, unsigned char *output ) { @@ -1254,14 +1253,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, unsigned char *p = output; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - olen = ctx->len; /* first comparison checks for overflow */ @@ -1271,43 +1265,32 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, nb_pad = olen - 3 - ilen; *p++ = 0; - if( mode == MBEDTLS_RSA_PUBLIC ) - { - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - *p++ = MBEDTLS_RSA_CRYPT; + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - while( nb_pad-- > 0 ) - { - int rng_dl = 100; + *p++ = MBEDTLS_RSA_CRYPT; - do { - ret = f_rng( p_rng, p, 1 ); - } while( *p == 0 && --rng_dl && ret == 0 ); + while( nb_pad-- > 0 ) + { + int rng_dl = 100; - /* Check if RNG failed to generate data */ - if( rng_dl == 0 || ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + do { + ret = f_rng( p_rng, p, 1 ); + } while( *p == 0 && --rng_dl && ret == 0 ); - p++; - } - } - else - { - *p++ = MBEDTLS_RSA_SIGN; + /* Check if RNG failed to generate data */ + if( rng_dl == 0 || ret != 0 ) + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); - while( nb_pad-- > 0 ) - *p++ = 0xFF; + p++; } *p++ = 0; if( ilen != 0 ) memcpy( p, input, ilen ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return( mbedtls_rsa_public( ctx, output, output ) ); } #endif /* MBEDTLS_PKCS1_V15 */ @@ -1330,8 +1313,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, - MBEDTLS_RSA_PUBLIC, ilen, - input, output ); + ilen, input, output ); #endif #if defined(MBEDTLS_PKCS1_V21) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 4a818c59a5c4..d3b65b205634 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -116,22 +116,16 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, - NULL, - MBEDTLS_RSA_PUBLIC, - sizeof( buf ), buf, - buf ) ); + NULL, sizeof( buf ), + buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - MBEDTLS_RSA_PUBLIC, - sizeof( buf ), NULL, - buf ) ); + NULL, sizeof( buf ), + NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - MBEDTLS_RSA_PUBLIC, - sizeof( buf ), buf, - NULL ) ); + NULL, sizeof( buf ), + buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, From 3c487f4b8eefc20e6bda94ed4fd5dd1603a4ba89 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 18:45:01 +0100 Subject: [PATCH 05/39] Removes and modifies tests Removes and modifies tests for mbedtls_rsa_rsaes_oaep_encrypt. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d3b65b205634..6da946e0ca1d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -129,31 +129,25 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - invalid_mode, - buf, sizeof( buf ), - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, NULL, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, NULL ) ); From 141700f0573fc2711709dfc05b97b1c44280545c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 19:06:10 +0100 Subject: [PATCH 06/39] Removes mode param from mbedtls_rsa_rsaes_oaep_encrypt Removes mode parameter from mbedtls_rsa_rsaes_oaep_encrypt and propagates changes throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/psa_crypto.c | 1 - library/rsa.c | 13 ++----------- tests/suites/test_suite_rsa.function | 4 ---- 4 files changed, 2 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 47726ec72cad..c250525d7094 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -639,22 +639,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \note The output buffer must be as large as the size * of ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initnialized RSA context to use. * \param f_rng The RNG function to use. This is needed for padding * generation and must be provided. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -673,7 +662,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c4354d758105..098c4bba8767 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3078,7 +3078,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_rsaes_oaep_encrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, salt, salt_length, input_length, input, diff --git a/library/rsa.c b/library/rsa.c index 6651c880a288..86bd71d47ddf 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1156,7 +1156,6 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, @@ -1170,15 +1169,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); RSA_VALIDATE_RET( label_len == 0 || label != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1232,9 +1226,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, if( ret != 0 ) return( ret ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return( mbedtls_rsa_public( ctx, output, output ) ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1318,8 +1310,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, - MBEDTLS_RSA_PUBLIC, NULL, 0, + return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0, ilen, input, output ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 6da946e0ca1d..1bf185002778 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -129,25 +129,21 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, - MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, NULL, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, NULL ) ); From 11425347f0b40e7ce2225789a8619352d95aacba Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 11:57:05 +0100 Subject: [PATCH 07/39] Modifies tests in rsa test suite Modification of tests in test_suite_rsa.function to adept them for the removal of the mode param from mbedtls_rsa_pkcs1_sign function. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1bf185002778..f8bf859bf601 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -205,27 +205,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From fa1581ea03395212b9fef2b01ba957a0d26502ab Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 12:38:33 +0100 Subject: [PATCH 08/39] Modifies typedef of mbedtls_pk_rsa_alt_sign_func This commit modifies the typedef of mbedtls_pk_rsa_alt_sign_func and propagates the associated changes throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/pk.h | 2 +- library/pk_wrap.c | 2 +- tests/suites/test_suite_pk.function | 4 ++-- tests/suites/test_suite_x509write.function | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 093b3bc6d60e..25f02ff69db7 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -234,7 +234,7 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen, size_t output_max_len ); typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e1ad50795d8d..ec07c6024661 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -770,7 +770,7 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, md_alg, (unsigned int) hash_len, hash, sig ) ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b81bd7be474d..27d73ff9ade3 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -70,13 +70,13 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { ((void) f_rng); ((void) p_rng); return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, mode, + mbedtls_test_rnd_std_rand, NULL, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 04ea69b1a6e3..a36fa437639a 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -16,10 +16,10 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) From b9eaa7369ba7db91a1077634db3be1362ef6b361 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 15:42:16 +0100 Subject: [PATCH 09/39] Modifies tests in test suite RSA Modifies tests for mbedtls_rsa_rsassa_pkcs1_v15_sign function in test_suite_rsa.function Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f8bf859bf601..e70faac72b3e 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -227,27 +227,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 9a66d5c1817792e30d39911cd6781c21f8e0cc65 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 15:50:21 +0100 Subject: [PATCH 10/39] Modifies tests in RSA test suite Tests for mbedtls_rsa_rsassa_pss_sign in test_suite_rsa.function have been modified to allow for upcoming removal of mode param. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e70faac72b3e..7c7d8f9b69a9 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -249,27 +249,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 140184d0293bf14e004c78f6cc722d563f9b0079 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 16:04:07 +0100 Subject: [PATCH 11/39] Removes mode param from mbedtls_rsa_pkcs1_sign Commit removes the mode parameter from mbedtls_rsa_pkcs1_sign and progagates the change to all relevant parts of the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 21 ++++----------------- library/pk_wrap.c | 5 +++-- library/psa_crypto_rsa.c | 1 - library/rsa.c | 13 +++++-------- programs/pkey/dh_server.c | 2 +- programs/pkey/rsa_sign.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_pkcs1_v15.function | 4 ++-- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 12 ++++-------- tests/suites/test_suite_x509write.function | 4 ++-- 11 files changed, 25 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c250525d7094..96548bd4dfcd 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -790,7 +790,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * a message digest using PKCS#1. * * It is the generic wrapper for performing a PKCS#1 - * signature using the \p mode from the context. + * signature. * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. @@ -799,25 +799,13 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * mbedtls_rsa_rsassa_pss_sign() for details on * \p md_alg and \p hash_id. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1, - * this must be provided. If the padding mode is PKCS#1 v1.5 and - * \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding - * and should be provided; see mbedtls_rsa_private() for more - * more. It is ignored otherwise. + * this must be provided. If the padding mode is PKCS#1 v1.5 + * it is used for blinding and should be provided; + * see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -838,7 +826,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index ec07c6024661..9f4c187b05a8 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -120,8 +120,9 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, *sig_len = mbedtls_rsa_get_len( rsa ); - return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, (unsigned int) hash_len, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, + md_alg, (unsigned int) hash_len, + hash, sig ) ); } static int rsa_decrypt_wrap( void *ctx, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 686f07d33446..192f4a397142 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -419,7 +419,6 @@ static psa_status_t rsa_sign_hash( ret = mbedtls_rsa_pkcs1_sign( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, md_alg, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 86bd71d47ddf..22880a23d262 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2129,15 +2129,12 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); @@ -2147,14 +2144,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, hashlen, hash, sig ); #endif default: @@ -2714,7 +2711,7 @@ int mbedtls_rsa_self_test( int verbose ) } if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, + MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index dccf0951ca1e..63df77ee01c2 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -229,7 +229,7 @@ int main( void ) buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n + 1] = (unsigned char)( rsa.len ); - if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256, 0, hash, buf + n + 2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index c9522c8c264b..1cfa0a8dd90e 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -146,7 +146,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 27d73ff9ade3..0038a58630de 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -76,7 +76,7 @@ int mbedtls_rsa_sign_func( void *ctx, ((void) f_rng); ((void) p_rng); return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, MBEDTLS_RSA_PRIVATE, + mbedtls_test_rnd_std_rand, NULL, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 878c414ad678..0c2547d2e88b 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -293,8 +293,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PRIVATE, digest, - 0, hash_result, output ) == result ); + &info, digest, 0, hash_result, + output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 623f7bc55221..e64f22290f5e 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -148,8 +148,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q, if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) { TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PRIVATE, digest, 0, - hash_result, output ) == result ); + &info, digest, 0,hash_result, + output ) == result ); if( result == 0 ) { ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 7c7d8f9b69a9..e4f962562aff 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -205,22 +205,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -479,8 +475,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, digest, - 0, hash_result, output ) == result ); + &rnd_info, digest, 0, hash_result, + output ) == result ); if( result == 0 ) { @@ -560,8 +556,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, - MBEDTLS_MD_NONE, hash_result->len, + &rnd_info, MBEDTLS_MD_NONE, + hash_result->len, hash_result->x, output ) == 0 ); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index a36fa437639a..44f846fd3189 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -19,8 +19,8 @@ int mbedtls_rsa_sign_func( void *ctx, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, hashlen, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, + md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) { From 526549854c79c721d4eefcece6756102f125a6bb Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 16:54:00 +0100 Subject: [PATCH 12/39] Removes mode param from mbedtls_rsa_rsassa_pkcs1_v15_sign Commit removes the mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_sign and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 18 ++---------------- library/rsa.c | 18 +----------------- tests/suites/test_suite_rsa.function | 4 ---- 3 files changed, 3 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 96548bd4dfcd..e7ab073b09ef 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -835,24 +835,11 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. If \p mode is - * #MBEDTLS_RSA_PUBLIC, it is ignored. + * \param f_rng The RNG function. This is used for blinding and should be + * provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -873,7 +860,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/rsa.c b/library/rsa.c index 22880a23d262..8129429b92b8 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2049,7 +2049,6 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2059,16 +2058,11 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, unsigned char *sig_try = NULL, *verif = NULL; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - /* * Prepare PKCS1-v1.5 encoding (padding and hash identifier) */ @@ -2077,16 +2071,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, ctx->len, sig ) ) != 0 ) return( ret ); - /* - * Call respective RSA primitive - */ - - if( mode == MBEDTLS_RSA_PUBLIC ) - { - /* Skip verification on a public key operation */ - return( mbedtls_rsa_public( ctx, sig, sig ) ); - } - /* Private key operation * * In order to prevent Lenstra's attack, make the signature in a @@ -2144,7 +2128,7 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e4f962562aff..440c57174274 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -223,22 +223,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From de9fdc4b12c2f83a32c3bc5e16148970d37c303a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 17:10:04 +0100 Subject: [PATCH 13/39] Removes mode param from mbedtls_rsa_rsassa_pss_sign Commit removes the mode param from mbedtls_rsa_rsassa_pss_sign and propagates the changes throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/psa_crypto_rsa.c | 1 - library/rsa.c | 7 +++---- tests/suites/test_suite_rsa.function | 4 ---- 4 files changed, 3 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e7ab073b09ef..103d6915f54b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -939,21 +939,10 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, * the key size in bytes), this function returns * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function. It must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -974,7 +963,6 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 192f4a397142..4f4159654317 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -433,7 +433,6 @@ static psa_status_t rsa_sign_hash( ret = mbedtls_rsa_rsassa_pss_sign( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 8129429b92b8..b241b8fee3ed 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1897,13 +1897,12 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2134,8 +2133,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, + hashlen, hash, sig ); #endif default: diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 440c57174274..814385baa4d4 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -241,22 +241,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 28b55850bdf836d83fe240a455c819a7f3bd7174 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 18:30:00 +0100 Subject: [PATCH 14/39] Modifies tests for verify functions Relevant tests have been modified and in some cases removed in preparation for removal of mode parameter from verify functions. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 55 ++++++++-------------------- 1 file changed, 16 insertions(+), 39 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 814385baa4d4..96a8cbf02271 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -281,118 +281,95 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, NULL, - valid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, - invalid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, - valid_mode, - 0, sizeof( buf ), - buf, - 0, 0, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - invalid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, 0, 0, From ac1331211e9f9c9d371a8e327c2fc8a95e90b239 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 19:26:39 +0100 Subject: [PATCH 15/39] Removes f_rng parameter from mbedtls_rsa_pkcs1_verify Commit removes f_rng parameter from mbedtls_rsa_pkcs1_verify as a prerequisite to removing the mode parameter. f_rng no longer has relevance in this function if mode is removed. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/pk_wrap.c | 2 +- library/psa_crypto_rsa.c | 1 - library/rsa.c | 7 +++---- programs/pkey/dh_client.c | 2 +- programs/pkey/rsa_verify.c | 2 +- tests/suites/test_suite_pkcs1_v15.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 12 ++++++------ 9 files changed, 15 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 103d6915f54b..f4e7d965fde7 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -989,9 +989,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -1013,7 +1010,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9f4c187b05a8..fbcfdb15798e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,7 +90,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 4f4159654317..1ab57c61a3b9 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_RSA_PUBLIC, md_alg, diff --git a/library/rsa.c b/library/rsa.c index b241b8fee3ed..7545a799ada1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2414,7 +2414,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, @@ -2434,13 +2433,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, p_rng, mode, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, p_rng, mode, md_alg, hashlen, hash, sig ); #endif @@ -2707,7 +2706,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, + if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index d6e4990a9b13..eb21566f6428 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,7 +220,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index fbc0779b2cd3..60e1377bca9b 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,7 +140,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 0c2547d2e88b..83604285c25c 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index e64f22290f5e..f291a5fbb649 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,7 +244,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, result_str->x ) == result_simple ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 96a8cbf02271..873ce8a478ed 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -280,22 +280,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, + mbedtls_rsa_pkcs1_verify( NULL, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -485,7 +485,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -564,7 +564,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); From 613d1a4fb7ce0a4c172b5f30e0b1220594ca0a9b Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 19:34:03 +0100 Subject: [PATCH 16/39] Removes p_rng param from mbedtls_rsa_pkcs1_verify Commit removes p_rng from mbedtls_rsa_pkcs1_verify since p_rng has no relevance following the removal of f_rng from this function. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/pk_wrap.c | 6 +++--- library/psa_crypto_rsa.c | 1 - library/rsa.c | 7 +++---- programs/pkey/dh_client.c | 2 +- programs/pkey/rsa_verify.c | 2 +- tests/suites/test_suite_pkcs1_v15.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 12 ++++++------ 9 files changed, 17 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index f4e7d965fde7..b41af89a248e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -989,8 +989,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1010,7 +1008,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index fbcfdb15798e..b536b6615e81 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,9 +90,9 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, - MBEDTLS_RSA_PUBLIC, md_alg, - (unsigned int) hash_len, hash, sig ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, MBEDTLS_RSA_PUBLIC, + md_alg, (unsigned int) hash_len, + hash, sig ) ) != 0 ) return( ret ); /* The buffer contains a valid signature followed by extra data. diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 1ab57c61a3b9..25157d261118 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_length, diff --git a/library/rsa.c b/library/rsa.c index 7545a799ada1..ba164ffa9890 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2414,7 +2414,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2433,13 +2432,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, mode, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, mode, md_alg, hashlen, hash, sig ); #endif @@ -2706,7 +2705,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, + if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index eb21566f6428..bdbabb620ed2 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,7 +220,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 60e1377bca9b..8f207c78b567 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,7 +140,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 83604285c25c..2e22bdd33ecb 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index f291a5fbb649..ad8f319e4e09 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,7 +244,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, result_str->x ) == result_simple ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 873ce8a478ed..764d21a95af2 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -280,22 +280,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( NULL, NULL, + mbedtls_rsa_pkcs1_verify( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -485,7 +485,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -564,7 +564,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); From 68d9cbca97aa9aaf495318904096f8a2a15e90cd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 18:45:09 +0100 Subject: [PATCH 17/39] Removes mode param from mbedtls_rsa_pkcs1_verify Commit removes mode parameter from mbedtls_rsa_pkcs1_verify and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 14 +------------- library/pk_wrap.c | 4 ++-- library/psa_crypto_rsa.c | 1 - library/rsa.c | 10 +++------- programs/pkey/dh_client.c | 4 ++-- programs/pkey/rsa_verify.c | 4 ++-- tests/suites/test_suite_pkcs1_v15.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 8 ++++---- tests/suites/test_suite_rsa.function | 8 ++------ 9 files changed, 17 insertions(+), 38 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index b41af89a248e..f1696c2ebb84 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -973,24 +973,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * the message digest. * * This is the generic wrapper for performing a PKCS#1 - * verification using the mode from the context. + * verification. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and * \p hash_id. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1008,7 +997,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index b536b6615e81..c351113e048e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,8 +90,8 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg, + (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 25157d261118..11c9ab29c335 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index ba164ffa9890..4619f0207ddb 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2414,15 +2414,12 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2432,13 +2429,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif @@ -2705,8 +2702,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index bdbabb620ed2..c6b31320054c 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,8 +220,8 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); goto exit; diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 8f207c78b567..6aca17134aed 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,8 +140,8 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); goto exit; diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 2e22bdd33ecb..d1c0fc129206 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index ad8f319e4e09..0983a4232d25 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,9 +244,9 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - result_str->x ) == result_simple ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id, + hash_len, hash_result, + result_str->x ) == result_simple ); TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 764d21a95af2..112c4fc7b6e5 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -281,22 +281,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -485,7 +481,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -564,7 +560,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); From cbc088f5d0c522ecf3fb6b9cab370ee7e3bef42c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:39:58 +0100 Subject: [PATCH 18/39] Removes p_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify Commit removes p_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify function in preparation of removal of mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 4 ---- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index f1696c2ebb84..37fddddee9ba 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1019,8 +1019,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, * this is used for blinding and should be provided; see * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1041,7 +1039,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/rsa.c b/library/rsa.c index 4619f0207ddb..9e2d054b8614 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2332,7 +2332,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2377,7 +2376,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); + : mbedtls_rsa_private( ctx, f_rng, NULL, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2429,7 +2428,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 112c4fc7b6e5..a529c55ce9ce 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -298,25 +298,21 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, - NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 475053df2c9188ae8ead34de32e620451d4e8d07 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:44:27 +0100 Subject: [PATCH 19/39] Removes f_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify Commit performs removal of f_rng parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify function in preparation for removal of mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 8 ++++---- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 37fddddee9ba..6a0309af07b9 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1016,9 +1016,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1038,7 +1035,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/rsa.c b/library/rsa.c index 9e2d054b8614..4d569704a93d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2331,7 +2331,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2376,7 +2375,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, f_rng, NULL, sig, encoded ); + : mbedtls_rsa_private( ctx, NULL, NULL, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2428,7 +2427,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a529c55ce9ce..8f952b38f8b4 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -297,22 +297,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 2e1262517cb7e11e508c5cf20b49dfd399d77410 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:48:53 +0100 Subject: [PATCH 20/39] Removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify Commit removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/rsa.c | 14 +++----------- tests/suites/test_suite_rsa.function | 4 ---- 3 files changed, 3 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6a0309af07b9..869bfd923d4b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1006,18 +1006,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1035,7 +1024,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/rsa.c b/library/rsa.c index 4d569704a93d..bdb2b7ef3787 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2331,7 +2331,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2342,8 +2341,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, unsigned char *encoded = NULL, *encoded_expected = NULL; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2351,9 +2348,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, sig_len = ctx->len; - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - /* * Prepare expected PKCS1 v1.5 encoding of hash. */ @@ -2373,9 +2367,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, NULL, NULL, sig, encoded ); + ret = mbedtls_rsa_public( ctx, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2427,8 +2419,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg, + hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8f952b38f8b4..f6aaa7a025e9 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -298,22 +298,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 08f4c9c571685bd44dfd5ad5c6a916e2589cedfc Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:56:02 +0100 Subject: [PATCH 21/39] Removes p_rng param from mbedtls_rsa_rsassa_pss_verify Commit removes p_rng parameter from mbedtls_rsa_rsassa_pss_verify function as preparation for removing the mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/psa_crypto_rsa.c | 1 - library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 8 ++++---- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 869bfd923d4b..a89c1f59bfa4 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1057,8 +1057,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, * this is used for blinding and should be provided; see * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1079,7 +1077,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 11c9ab29c335..464e027d72a9 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -503,7 +503,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); ret = mbedtls_rsa_rsassa_pss_verify( rsa, mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, (unsigned int) hash_length, diff --git a/library/rsa.c b/library/rsa.c index bdb2b7ef3787..333747e49410 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2298,7 +2298,6 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2318,7 +2317,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, NULL, mode, md_alg, hashlen, hash, mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, sig ) ); @@ -2425,7 +2424,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f6aaa7a025e9..41cef93832a3 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -315,22 +315,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( NULL, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 718a53db2c5bf4d615ce8e73aed3ba68fb1a8b9e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:01:35 +0100 Subject: [PATCH 22/39] Removed f_rng param from mbedtls_rsa_rsassa_pss_verify Commit removes f_rng parameter from mbedtls_rsa_rsassa_pss_verify function in preparation of mode parameter removal. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/psa_crypto_rsa.c | 1 - library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 8 ++++---- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a89c1f59bfa4..ab2d5a53b1f0 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1054,9 +1054,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1076,7 +1073,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 464e027d72a9..410870390962 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -502,7 +502,6 @@ static psa_status_t rsa_verify_hash( { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); ret = mbedtls_rsa_rsassa_pss_verify( rsa, - mbedtls_psa_get_random, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, (unsigned int) hash_length, diff --git a/library/rsa.c b/library/rsa.c index 333747e49410..99a56b799fe1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2297,7 +2297,6 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2317,7 +2316,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, NULL, mode, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, mode, md_alg, hashlen, hash, mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, sig ) ); @@ -2424,7 +2423,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 41cef93832a3..b9d7b59004f7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -315,22 +315,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 5ee4cc031c590df8fb4e5c36c2652af9d9d80e34 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:07:42 +0100 Subject: [PATCH 23/39] Removes mode param from mbedtls_rsa_rsassa_pss_verify Commit removes the mode parameter from the mbedtls_rsa_rsassa_pss_verify function and propagates the change throughout the process. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/psa_crypto_rsa.c | 1 - library/rsa.c | 17 ++++++++--------- tests/suites/test_suite_rsa.function | 4 ---- 4 files changed, 8 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index ab2d5a53b1f0..0b53eb7a0782 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1044,18 +1044,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * same. If \p hash_id in the RSA context is unset, * the \p md_alg from the function call is used. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1073,7 +1062,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 410870390962..10ce30e38047 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -502,7 +502,6 @@ static psa_status_t rsa_verify_hash( { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); ret = mbedtls_rsa_rsassa_pss_verify( rsa, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 99a56b799fe1..d3b4bf0fccc5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2297,7 +2297,6 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2305,8 +2304,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, { mbedtls_md_type_t mgf1_hash_id; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2316,10 +2313,12 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, mode, - md_alg, hashlen, hash, - mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, - sig ) ); + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, + MBEDTLS_RSA_PUBLIC, + md_alg, hashlen, hash, + mgf1_hash_id, + MBEDTLS_RSA_SALT_LEN_ANY, + sig ) ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2423,8 +2422,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg, + hashlen, hash, sig ); #endif default: diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index b9d7b59004f7..847503681727 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -316,22 +316,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 578e9abcbda986bcdc48fb76a010f12278a874b7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:14:57 +0100 Subject: [PATCH 24/39] Removes p_rng param from mbedtls_rsa_rsassa_pss_verify_ext Commit removes p_rng parameter from the mbedtls_rsa_rsassa_pss_verify_ext function in preparation for removal of the mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/pk.c | 2 +- library/rsa.c | 5 ++--- tests/suites/test_suite_pkcs1_v21.function | 2 +- tests/suites/test_suite_rsa.function | 8 ++++---- 5 files changed, 8 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0b53eb7a0782..0fde575f4d3d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1083,8 +1083,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, * this is used for blinding and should be provided; see * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. @@ -1108,7 +1106,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/pk.c b/library/pk.c index 6d296638d8bd..e0dedecc3701 100644 --- a/library/pk.c +++ b/library/pk.c @@ -367,7 +367,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - NULL, NULL, MBEDTLS_RSA_PUBLIC, + NULL, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, pss_opts->mgf1_hash_id, pss_opts->expected_salt_len, diff --git a/library/rsa.c b/library/rsa.c index d3b4bf0fccc5..6b18fe7cf316 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2148,7 +2148,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2187,7 +2186,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); + : mbedtls_rsa_private( ctx, f_rng, NULL, sig, buf ); if( ret != 0 ) return( ret ); @@ -2313,7 +2312,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, mgf1_hash_id, diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 0983a4232d25..82f33d610e95 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -248,7 +248,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len, hash_result, result_str->x ) == result_simple ); - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, mgf_hash, salt_len, result_str->x ) == result_full ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 847503681727..05886ffba82d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -333,26 +333,26 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 9e65f791b56634e1bc4fd0b2edebd50cc1beab46 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:18:58 +0100 Subject: [PATCH 25/39] Removes f_rng param from mbedtls_rsa_rsassa_pss_verify_ext Commit removes the f_rng parameter from the mbedtls_rsa_rsassa_pss_verify_ext function. This is in preparation for the removal of the mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/pk.c | 2 +- library/rsa.c | 5 ++--- tests/suites/test_suite_pkcs1_v21.function | 2 +- tests/suites/test_suite_rsa.function | 8 ++++---- 5 files changed, 8 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0fde575f4d3d..3f453f684e37 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1080,9 +1080,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \note The \p hash_id in the RSA context is ignored. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. @@ -1105,7 +1102,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/pk.c b/library/pk.c index e0dedecc3701..65a4d0c0f416 100644 --- a/library/pk.c +++ b/library/pk.c @@ -367,7 +367,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - NULL, MBEDTLS_RSA_PUBLIC, + MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, pss_opts->mgf1_hash_id, pss_opts->expected_salt_len, diff --git a/library/rsa.c b/library/rsa.c index 6b18fe7cf316..db684c8faaf9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2147,7 +2147,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2186,7 +2185,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, NULL, sig, buf ); + : mbedtls_rsa_private( ctx, NULL, NULL, sig, buf ); if( ret != 0 ) return( ret ); @@ -2312,7 +2311,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, mgf1_hash_id, diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 82f33d610e95..c52edcb8918f 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -248,7 +248,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len, hash_result, result_str->x ) == result_simple ); - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, mgf_hash, salt_len, result_str->x ) == result_full ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 05886ffba82d..b822ed9ead36 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -333,26 +333,26 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 782a7f5bd6f40ec919baba159661e1977f562ccf Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:27:35 +0100 Subject: [PATCH 26/39] Removes mode param from mbedtls_rsa_rsassa_pss_verify_ext Commit removes the mode parameter from the mbedtls_rsa_rsassa_pss_verify_ext function. This change is propagated throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/pk.c | 9 ++++----- library/rsa.c | 11 +---------- tests/suites/test_suite_pkcs1_v21.function | 7 +++---- tests/suites/test_suite_rsa.function | 4 ---- 5 files changed, 8 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 3f453f684e37..2c2af3f96e4e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1080,8 +1080,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \note The \p hash_id in the RSA context is ignored. * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1102,7 +1100,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk.c b/library/pk.c index 65a4d0c0f416..06021e26c0aa 100644 --- a/library/pk.c +++ b/library/pk.c @@ -367,11 +367,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, hash, - pss_opts->mgf1_hash_id, - pss_opts->expected_salt_len, - sig ); + md_alg, (unsigned int) hash_len, hash, + pss_opts->mgf1_hash_id, + pss_opts->expected_salt_len, + sig ); if( ret != 0 ) return( ret ); diff --git a/library/rsa.c b/library/rsa.c index db684c8faaf9..14eb9205c776 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2147,7 +2147,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2168,24 +2167,17 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - siglen = ctx->len; if( siglen < 16 || siglen > sizeof( buf ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, NULL, NULL, sig, buf ); + ret = mbedtls_rsa_public( ctx, sig, buf ); if( ret != 0 ) return( ret ); @@ -2312,7 +2304,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, : md_alg; return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, - MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c52edcb8918f..8f22f2094357 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -248,10 +248,9 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len, hash_result, result_str->x ) == result_simple ); - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - mgf_hash, salt_len, - result_str->x ) == result_full ); + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_len, + hash_result, mgf_hash, salt_len, + result_str->x ) == result_full ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index b822ed9ead36..442e857ed762 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -334,26 +334,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, 0, 0, From 10bc18e3b417632878613648bbd4194e50c1d1a0 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:40:20 +0100 Subject: [PATCH 27/39] Corrects outstanding documentation issues Commit removes any remaining superfluous documentation that was not yet removed. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 2c2af3f96e4e..dda0a61b8338 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -573,10 +573,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 encryption * operation. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding * encoding, and for PKCS#1 v1.5 padding encoding. @@ -605,10 +601,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may From cad59ed48e4e6bb1fa0f8f25c5e9b25f79eda527 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 15:04:08 +0100 Subject: [PATCH 28/39] Removes mode param from rsa_rsassa_pss_sign Commit removes the mode parameter from the internal function rsa_rsassa_pss_sign. Signed-off-by: Thomas Daubney --- library/rsa.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 14eb9205c776..2f9438ad08a9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1744,7 +1744,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -1760,16 +1759,11 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1868,9 +1862,7 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, if( ret != 0 ) return( ret ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, sig ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); + return mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ); } /* @@ -1886,7 +1878,7 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int saltlen, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen, sig ); } @@ -1902,7 +1894,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig ); } #endif /* MBEDTLS_PKCS1_V21 */ From 41e4ce4884a95235b04f1ef899de7881dba55310 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 15:10:05 +0100 Subject: [PATCH 29/39] Removes RSA constants This commit removes the RSA constants MBEDTLS_RSA_PUBLIC and MBEDTLS_RSA_PRIVATE because they are now superfluous given that the mode parameter has been removed. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 2 -- library/rsa.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index dda0a61b8338..ecf345e64ae7 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -57,8 +57,6 @@ /* * RSA constants */ -#define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */ -#define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */ #define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ #define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ diff --git a/library/rsa.c b/library/rsa.c index 2f9438ad08a9..c3b54afda2cd 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2345,7 +2345,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = mbedtls_rsa_public( ctx, sig, encoded ); + ret = mbedtls_rsa_public( ctx, sig, encoded ); if( ret != 0 ) goto cleanup; From f505b0e30717172ec1abcebcf4c4eeadfa9e8878 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 20 May 2021 12:20:55 +0100 Subject: [PATCH 30/39] Removes unused variables in test_suite_rsa.function CI was failing on check_params due to MBEDTLS_RSA_PRIVATE being assigned to a now superfluous variable. The variable has been as well as another superfluous variable. This should correct the CI issue. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 442e857ed762..efea5c169a89 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -23,8 +23,6 @@ void rsa_invalid_param( ) mbedtls_rsa_context ctx; const int valid_padding = MBEDTLS_RSA_PKCS_V21; const int invalid_padding = 42; - const int valid_mode = MBEDTLS_RSA_PRIVATE; - const int invalid_mode = 42; unsigned char buf[42] = { 0 }; size_t olen; From 03412787e16c1e248501286764b4f690ef21d6cf Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 20 May 2021 15:31:17 +0100 Subject: [PATCH 31/39] Modifies documentation in rsa.h Changes to documentation to show that f_rng is no longer going to be optional in 3.0. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index ecf345e64ae7..9b5c1db1a55f 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -542,11 +542,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * of a PRNG. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function, used for blinding. It is discouraged - * and deprecated to pass \c NULL here, in which case - * blinding will be omitted. + * \param f_rng The RNG function, used for blinding. * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or if \p f_rng doesn't need a context. + * if \p f_rng doesn't need a context. * \param input The input buffer. This must be a readable buffer * of length \c ctx->len Bytes. For example, \c 256 Bytes * for an 2048-bit RSA modulus. @@ -572,11 +570,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding - * encoding, and for PKCS#1 v1.5 padding encoding. + * \param f_rng The RNG to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. May be - * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't - * need a context argument. + * \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -602,8 +598,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \param ctx The initialized RSA context to use. * \param f_rng The RNG function to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng is \c NULL or if \p f_rng - * doesn't need a context argument. + * be \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -675,7 +670,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \param f_rng The RNG function. This is used for blinding and should * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -711,7 +706,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \param f_rng The RNG function. This is used for blinding and should * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -746,10 +741,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -790,12 +784,9 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \p md_alg and \p hash_id. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1, - * this must be provided. If the padding mode is PKCS#1 v1.5 - * it is used for blinding and should be provided; - * see mbedtls_rsa_private() for more. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or doesn't need a context argument. + * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. From 2c65db96553e15438b8a7c43ea3d76aaa68f5643 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 10:58:28 +0100 Subject: [PATCH 32/39] Corrects documentation in rsa.h Some documentation in rsa.h was still incorrect regarding f_rng being mandatory. This has now been corrected. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 9b5c1db1a55f..494e2f2c2288 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -421,7 +421,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * * \param ctx The initialized RSA context used to hold the key. * \param f_rng The RNG function to be used for key generation. - * This must not be \c NULL. + * This is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. * This may be \c NULL if \p f_rng doesn't need a context. * \param nbits The size of the public key in bits. @@ -542,7 +542,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * of a PRNG. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function, used for blinding. + * \param f_rng The RNG function, used for blinding. It is mandatory. * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context. * \param input The input buffer. This must be a readable buffer @@ -570,7 +570,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It is needed for padding generation. + * \param f_rng The RNG to use. It used for padding generation + * and it is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. @@ -596,7 +597,8 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * (RSAES-PKCS1-v1_5-ENCRYPT). * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. It is needed for padding generation. + * \param f_rng The RNG function to use. It is mandatory and used for + * padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. @@ -626,7 +628,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * * \param ctx The initnialized RSA context to use. * \param f_rng The RNG function to use. This is needed for padding - * generation and must be provided. + * generation and is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng doesn't need a context argument. * \param label The buffer holding the custom label to use. @@ -667,8 +669,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of @@ -703,8 +705,8 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of @@ -741,7 +743,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context. * \param label The buffer holding the custom label to use. @@ -784,7 +787,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \p md_alg and \p hash_id. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. This must not be \c NULL. + * \param f_rng The RNG function to use. This is mandatory and + * must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. @@ -817,10 +821,10 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * operation (RSASSA-PKCS1-v1_5-SIGN). * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should be - * provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or doesn't need a context argument. + * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -865,7 +869,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It must not be \c NULL. + * \param f_rng The RNG function. It is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. @@ -921,7 +925,7 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It must not be \c NULL. + * \param f_rng The RNG function. It is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. From d58ed587fda2059fc30a56e140de2d654b4d5637 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 11:50:39 +0100 Subject: [PATCH 33/39] Restores erroneously removed checks Some padding checks in rsa.c were erroneously removed in a previous commit and are restored in this commit. Signed-off-by: Thomas Daubney --- library/rsa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index c3b54afda2cd..36424bd193a0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1764,6 +1764,9 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); + if( ctx->padding != MBEDTLS_RSA_PKCS_V21 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -2054,6 +2057,9 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); + if( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + /* * Prepare PKCS1-v1.5 encoding (padding and hash identifier) */ From 62b0d1dbc83fa49d8b84f9eeacd37d6f637093b1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 16:55:03 +0100 Subject: [PATCH 34/39] Adds ChangeLog and Migration guide entry Commit adds relevant entry to the ChangeLog and to the Migration guide. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 6 ++++++ .../remove-rsa-mode-parameter.md | 20 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 ChangeLog.d/remove-rsa-mode-parameter.txt create mode 100644 docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt new file mode 100644 index 000000000000..7ee3adb957b0 --- /dev/null +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -0,0 +1,6 @@ +API changes + * Remove mode parameter from RSA functions. All encryption, + decryption, sign and verify functions are affected. Also + removes the RNG parameters from the RSA verify functions. + Existing user code which utilises these RSA functions must + remove the mode parameter. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md new file mode 100644 index 000000000000..61100d3f30d5 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -0,0 +1,20 @@ +Remove the mode parameter from RSA functions +-------------------------------------------- + +This affects all users who use the RSA encryption, decryption, sign and +verify APIs. + +If you were using the mode parameter to specify the wrong mode then +this behaviour is no longer supported. You must delete the mode +parameter from your RSA function calls. + + +Remove the RNG parameter from RSA functions +-------------------------------------------- + +This affects all users who use the RSA verify functions. + +If you were using the RNG parameters then you must remove +them from your function calls. Since usiong the wrong mode +is no longer supported, the RNG parameters namely f_rng +and p_rng are no longer needed. From f54c5c5547483789f06c6337b5f4f52dec76dc61 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 17:00:30 +0100 Subject: [PATCH 35/39] Fixes typo Commit fixes typo in rsa.h found in review. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 494e2f2c2288..ba00bff31b19 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -570,7 +570,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It used for padding generation + * \param f_rng The RNG to use. It is used for padding generation * and it is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng doesn't need a context argument. From 2fbbe1d2fe395ff7d9aa20f7101168ffb9b82404 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 May 2021 10:53:57 +0100 Subject: [PATCH 36/39] Corrections to ChangeLog and Migration guide This commit fixes typos and re-words the migration guide. It also adds the issue number to the ChangeLog. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 2 +- .../remove-rsa-mode-parameter.md | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt index 7ee3adb957b0..b7c6f327f8bf 100644 --- a/ChangeLog.d/remove-rsa-mode-parameter.txt +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -3,4 +3,4 @@ API changes decryption, sign and verify functions are affected. Also removes the RNG parameters from the RSA verify functions. Existing user code which utilises these RSA functions must - remove the mode parameter. + remove the mode parameter. Fixes #4278. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md index 61100d3f30d5..406004f45d15 100644 --- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -4,10 +4,13 @@ Remove the mode parameter from RSA functions This affects all users who use the RSA encryption, decryption, sign and verify APIs. -If you were using the mode parameter to specify the wrong mode then -this behaviour is no longer supported. You must delete the mode -parameter from your RSA function calls. - +You must delete the mode parameter from your RSA function calls. +Using the correct modes are now the default and only behaviour, and this +cannot be changed. If you were using the mode parameter to specify the +wrong mode then this behaviour is no longer supported. For reference the +correct, supported modes are: Public keys for encryption and verification +functions and private keys for decryption and signing functions, but the +user does not have to specify this. Remove the RNG parameter from RSA functions -------------------------------------------- @@ -15,6 +18,6 @@ Remove the RNG parameter from RSA functions This affects all users who use the RSA verify functions. If you were using the RNG parameters then you must remove -them from your function calls. Since usiong the wrong mode +them from your function calls. Since using the wrong mode is no longer supported, the RNG parameters namely f_rng and p_rng are no longer needed. From 3ca92b182ce46c630304aafa1448a6863ac0ccb7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 May 2021 14:11:39 +0100 Subject: [PATCH 37/39] Re-wording of Migration guide entry Commit re-words the migration guide entry as requested in review. Signed-off-by: Thomas Daubney --- .../remove-rsa-mode-parameter.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md index 406004f45d15..2a849a30c769 100644 --- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -5,12 +5,12 @@ This affects all users who use the RSA encryption, decryption, sign and verify APIs. You must delete the mode parameter from your RSA function calls. -Using the correct modes are now the default and only behaviour, and this -cannot be changed. If you were using the mode parameter to specify the -wrong mode then this behaviour is no longer supported. For reference the -correct, supported modes are: Public keys for encryption and verification -functions and private keys for decryption and signing functions, but the -user does not have to specify this. +Using the correct mode is now the default behaviour. Encryption +and verification functions are now equivalent to their 2.x +counterparts with mode=MBEDTLS_RSA_PUBLIC. Decryption and signing +functions are now equivalent to their 2.x counterparts with +mode=MBEDTLS_RSA_PRIVATE. Note that the constants +MBEDTLS_RSA_PUBLIC and MBEDTLS_RSA_PRIVATE have been removed in 3.0. Remove the RNG parameter from RSA functions -------------------------------------------- From 6f966112c7c90c461cc6646305ef74ebd4c06cfd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 May 2021 15:00:19 +0100 Subject: [PATCH 38/39] Corrections to ChangeLog and Migration guide Corrections to address wording of ChangeLog and Migration guide. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 11 +++++- .../remove-rsa-mode-parameter.md | 34 +++++++++++-------- 2 files changed, 30 insertions(+), 15 deletions(-) diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt index b7c6f327f8bf..6b32f6550684 100644 --- a/ChangeLog.d/remove-rsa-mode-parameter.txt +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -1,6 +1,15 @@ +Removals + * The RSA module no longer supports private-key operations with the public + key and vice versa. This change only affects applications which use the + wrong mode. In this case the wrong mode is to use mode=MBEDTLS_RSA_PUBLIC + with decryption and signing functions and mode=MBEDTLS_RSA_PRIVATE with + encryption and verification functions. Addresses issue #4278. API changes * Remove mode parameter from RSA functions. All encryption, decryption, sign and verify functions are affected. Also removes the RNG parameters from the RSA verify functions. Existing user code which utilises these RSA functions must - remove the mode parameter. Fixes #4278. + remove the mode parameter. + * RNG is now mandatory for all private-key RSA operations. Existing user code + which does not use an RNG with private-key RSA functions must now be + updated to do so. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md index 2a849a30c769..e400650dd010 100644 --- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -4,20 +4,26 @@ Remove the mode parameter from RSA functions This affects all users who use the RSA encryption, decryption, sign and verify APIs. -You must delete the mode parameter from your RSA function calls. -Using the correct mode is now the default behaviour. Encryption -and verification functions are now equivalent to their 2.x -counterparts with mode=MBEDTLS_RSA_PUBLIC. Decryption and signing -functions are now equivalent to their 2.x counterparts with -mode=MBEDTLS_RSA_PRIVATE. Note that the constants -MBEDTLS_RSA_PUBLIC and MBEDTLS_RSA_PRIVATE have been removed in 3.0. +The RSA module no longer supports private-key operations with the public key or +vice versa. As a consequence, RSA operation functions no longer have a mode +parameter. If you were calling RSA operations with the normal mode (public key +for verification or encryption, private key for signature or decryption), remove +the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling +RSA operations with the wrong mode, which rarely makes sense from a security +perspective, this is no longer supported. -Remove the RNG parameter from RSA functions --------------------------------------------- +Remove the RNG parameter from RSA verify functions +-------------------------------------------------- + +RSA verification functions also no longer take random generator arguments (this +was only needed when using a private key). This affects all applications using +the RSA verify functions. -This affects all users who use the RSA verify functions. +RNG is now mandatory in all RSA private key operations +------------------------------------------------------ -If you were using the RNG parameters then you must remove -them from your function calls. Since using the wrong mode -is no longer supported, the RNG parameters namely f_rng -and p_rng are no longer needed. +The random generator is now mandatory for blinding in all RSA private-key +operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`, +`mbedtls_rsa_xxx_decrypt`) as well as for encryption +(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer +supported. From 731b952b692564c23b69ab9284e4981daf222334 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 May 2021 16:26:24 +0100 Subject: [PATCH 39/39] Additional corrections to ChangeLog Commit makes further corrections to the wording in the ChangeLog entry. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt index 6b32f6550684..854dda34b230 100644 --- a/ChangeLog.d/remove-rsa-mode-parameter.txt +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -1,15 +1,9 @@ Removals * The RSA module no longer supports private-key operations with the public - key and vice versa. This change only affects applications which use the - wrong mode. In this case the wrong mode is to use mode=MBEDTLS_RSA_PUBLIC - with decryption and signing functions and mode=MBEDTLS_RSA_PRIVATE with - encryption and verification functions. Addresses issue #4278. + key and vice versa. API changes - * Remove mode parameter from RSA functions. All encryption, - decryption, sign and verify functions are affected. Also - removes the RNG parameters from the RSA verify functions. - Existing user code which utilises these RSA functions must - remove the mode parameter. - * RNG is now mandatory for all private-key RSA operations. Existing user code - which does not use an RNG with private-key RSA functions must now be - updated to do so. + * Remove the mode parameter from RSA operation functions. Signature and + decryption functions now always use the private key and verification and + encryption use the public key. Verification functions also no longer have + RNG parameters. + * The RNG is now mandatory for all private-key RSA operations.