eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removes mode param from mbedtls_rsa_pkcs1_encrypt

Browse source 
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit is contained in:
Thomas Daubney 2021-05-13 17:30:32 +01:00
parent c32e2b0921
commit 2177277dda
8 changed files with 21 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

17
include/mbedtls/rsa.h
View file

@ -571,12 +571,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* operation. * operation.
* *
* It is the generic wrapper for performing a PKCS#1 encryption * It is the generic wrapper for performing a PKCS#1 encryption
* operation using the \p mode from the context. * operation.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* implicitly set to #MBEDTLS_RSA_PUBLIC.
* *
* \note Alternative implementations of RSA need not support * \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
@ -584,16 +579,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* *
* \param ctx The initialized RSA context to use. * \param ctx The initialized RSA context to use.
* \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding
* encoding, and for PKCS#1 v1.5 padding encoding when used * encoding, and for PKCS#1 v1.5 padding encoding.
* with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
* padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
* it is used for blinding and should be provided in this
* case; see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. May be * \param p_rng The RNG context to be passed to \p f_rng. May be
* \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
* need a context argument. * need a context argument.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param ilen The length of the plaintext in Bytes. * \param ilen The length of the plaintext in Bytes.
* \param input The input data to encrypt. This must be a readable * \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if * buffer of size \p ilen Bytes. It may be \c NULL if
@ -608,7 +597,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode, size_t ilen, size_t ilen,
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );

2
library/pk_wrap.c
View file

@ -149,7 +149,7 @@ static int rsa_encrypt_wrap( void *ctx,
if( *olen > osize ) if( *olen > osize )
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
ilen, input, output ) ); ilen, input, output ) );
} }

1
library/psa_crypto.c
View file

@ -3064,7 +3064,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
mbedtls_rsa_pkcs1_encrypt( rsa, mbedtls_rsa_pkcs1_encrypt( rsa,
mbedtls_psa_get_random, mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_PSA_RANDOM_STATE,
MBEDTLS_RSA_PUBLIC,
input_length, input_length,
input, input,
output ) ); output ) );

16
library/rsa.c
View file

@ -1317,13 +1317,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode, size_t ilen, size_t ilen,
const unsigned char *input, const unsigned char *input,
unsigned char *output ) unsigned char *output )
{ {
RSA_VALIDATE_RET( ctx != NULL ); RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL );
@ -1331,14 +1329,16 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
{ {
#if defined(MBEDTLS_PKCS1_V15) #if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15: case MBEDTLS_RSA_PKCS_V15:
return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng,
input, output ); MBEDTLS_RSA_PUBLIC, ilen,
input, output );
#endif #endif
#if defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21: case MBEDTLS_RSA_PKCS_V21:
return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng,
ilen, input, output ); MBEDTLS_RSA_PUBLIC, NULL, 0,
ilen, input, output );
#endif #endif
default: default:
@ -2691,7 +2691,7 @@ int mbedtls_rsa_self_test( int verbose )
memcpy( rsa_plaintext, RSA_PT, PT_LEN ); memcpy( rsa_plaintext, RSA_PT, PT_LEN );
if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL,
PT_LEN, rsa_plaintext, PT_LEN, rsa_plaintext,
rsa_ciphertext ) != 0 ) rsa_ciphertext ) != 0 )
{ {

3
programs/pkey/rsa_encrypt.c
View file

@ -143,8 +143,7 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, MBEDTLS_RSA_PUBLIC, &ctr_drbg, strlen( argv[1] ), input, buf );
strlen( argv[1] ), input, buf );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",

4
tests/suites/test_suite_pkcs1_v15.function
View file

@ -36,8 +36,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
message_str->x = NULL; message_str->x = NULL;
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_buffer_rand, &mbedtls_test_rnd_buffer_rand,
&info, MBEDTLS_RSA_PUBLIC, &info, message_str->len,
message_str->len, message_str->x, message_str->x,
output ) == result ); output ) == result );
if( result == 0 ) if( result == 0 )

4
tests/suites/test_suite_pkcs1_v21.function
View file

@ -35,8 +35,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E,
message_str->x = NULL; message_str->x = NULL;
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_buffer_rand, &mbedtls_test_rnd_buffer_rand,
&info, MBEDTLS_RSA_PUBLIC, &info, message_str->len,
message_str->len, message_str->x, message_str->x,
output ) == result ); output ) == result );
if( result == 0 ) if( result == 0 )
{ {

11
tests/suites/test_suite_rsa.function
View file

@ -103,17 +103,14 @@ void rsa_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
MBEDTLS_RSA_PUBLIC,
sizeof( buf ), buf, sizeof( buf ), buf,
buf ) ); buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
MBEDTLS_RSA_PUBLIC,
sizeof( buf ), NULL, sizeof( buf ), NULL,
buf ) ); buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
MBEDTLS_RSA_PUBLIC,
sizeof( buf ), buf, sizeof( buf ), buf,
NULL ) ); NULL ) );
@ -703,8 +700,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand, &mbedtls_test_rnd_pseudo_rand,
&rnd_info, MBEDTLS_RSA_PUBLIC, &rnd_info, message_str->len,
message_str->len, message_str->x, message_str->x,
output ) == result ); output ) == result );
if( result == 0 ) if( result == 0 )
{ {
@ -743,8 +740,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
NULL, MBEDTLS_RSA_PUBLIC, NULL, message_str->len,
message_str->len, message_str->x, message_str->x,
output ) == result ); output ) == result );
if( result == 0 ) if( result == 0 )
{ {