eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'restricted/pr/397' into development

Browse source 
* restricted/pr/397:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
This commit is contained in:
Manuel Pégourié-Gonnard 2017-12-19 11:27:22 +01:00
commit 4712119687
5 changed files with 168 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -60,6 +60,10 @@ Changes
and the message digest. Further, allow enabling/disabling of authority and the message digest. Further, allow enabling/disabling of authority
identifier, subject identifier and basic constraints extensions. identifier, subject identifier and basic constraints extensions.
New deprecations
* Deprecate usage of RSA primitives with non-matching key-type
(e.g., signing with a public key).
= mbed TLS 2.6.0 branch released 2017-08-10 = mbed TLS 2.6.0 branch released 2017-08-10
Security Security

2
include/mbedtls/error.h
View file

@ -75,7 +75,7 @@
* PKCS5 2 4 (Started from top) * PKCS5 2 4 (Started from top)
* DHM 3 9 * DHM 3 9
* PK 3 14 (Started from top) * PK 3 14 (Started from top)
* RSA 4 9 * RSA 4 10
* ECP 4 8 (Started from top) * ECP 4 8 (Started from top)
* MD 5 4 * MD 5 4
* CIPHER 6 6 * CIPHER 6 6

109
include/mbedtls/rsa.h
View file

@ -48,6 +48,7 @@
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */
/* /*
* RSA constants * RSA constants
@ -250,6 +251,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted * \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext * \param output buffer that will hold the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
@ -273,6 +283,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted * \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext * \param output buffer that will hold the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
@ -299,6 +318,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted * \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext * \param output buffer that will hold the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
@ -327,6 +355,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext * \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer * \param output_max_len maximum length of the output buffer
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer length \c output_max_len should be * \note The output buffer length \c output_max_len should be
@ -359,6 +396,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext * \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer * \param output_max_len maximum length of the output buffer
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer length \c output_max_len should be * \note The output buffer length \c output_max_len should be
@ -393,6 +439,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext * \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer * \param output_max_len maximum length of the output buffer
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
* *
* \note The output buffer length \c output_max_len should be * \note The output buffer length \c output_max_len should be
@ -430,6 +485,15 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful, * \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code * or an MBEDTLS_ERR_RSA_XXX error code
* *
@ -460,6 +524,15 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful, * \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code * or an MBEDTLS_ERR_RSA_XXX error code
* *
@ -488,6 +561,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful, * \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code * or an MBEDTLS_ERR_RSA_XXX error code
* *
@ -522,6 +604,15 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext * \param sig buffer holding the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful, * \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code * or an MBEDTLS_ERR_RSA_XXX error code
* *
@ -552,6 +643,15 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext * \param sig buffer holding the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful, * \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code * or an MBEDTLS_ERR_RSA_XXX error code
* *
@ -580,6 +680,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext * \param sig buffer holding the ciphertext
* *
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful, * \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code * or an MBEDTLS_ERR_RSA_XXX error code
* *

2
library/error.c
View file

@ -331,6 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) )
mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" );
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_TLS_C)

53
tests/suites/test_suite_rsa.function
View file

@ -60,9 +60,12 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
msg_len = unhexify( message_str, message_hex_string ); msg_len = unhexify( message_str, message_hex_string );
if( mbedtls_md_info_from_type( digest ) != NULL ) if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
message_str, msg_len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PRIVATE, digest, 0,
hash_result, output ) == result );
if( result == 0 ) if( result == 0 )
{ {
hexify( output_str, output, ctx.len ); hexify( output_str, output, ctx.len );
@ -71,7 +74,8 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
} }
exit: exit:
mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 );
mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx );
} }
/* END_CASE */ /* END_CASE */
@ -119,6 +123,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
char *input_N, int radix_E, char *input_E, char *input_N, int radix_E, char *input_E,
char *result_hex_str ) char *result_hex_str )
{ {
int res;
unsigned char message_str[1000]; unsigned char message_str[1000];
unsigned char hash_result[1000]; unsigned char hash_result[1000];
unsigned char output[1000]; unsigned char output[1000];
@ -157,7 +162,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
unhexify( message_str, message_hex_string ); unhexify( message_str, message_hex_string );
hash_len = unhexify( hash_result, hash_result_string ); hash_len = unhexify( hash_result, hash_result_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_len, hash_result, output ) == 0 ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
hash_len, hash_result, output ) == 0 );
hexify( output_str, output, ctx.len ); hexify( output_str, output, ctx.len );
@ -169,14 +176,23 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
memset( output, 0x00, 1000 ); memset( output, 0x00, 1000 );
memset( output_str, 0x00, 1000 ); memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
&rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
hash_len, hash_result, output ) == 0 ); hash_len, hash_result, output );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
#else
TEST_ASSERT( ( res == 0 ) ||
( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
#endif
if( res == 0 )
{
hexify( output_str, output, ctx.len ); hexify( output_str, output, ctx.len );
TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
} }
}
exit: exit:
mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
@ -190,6 +206,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
char *input_N, int radix_E, char *input_E, char *input_N, int radix_E, char *input_E,
char *result_hex_str, int correct ) char *result_hex_str, int correct )
{ {
int res;
unsigned char message_str[1000]; unsigned char message_str[1000];
unsigned char hash_result[1000]; unsigned char hash_result[1000];
unsigned char result_str[1000]; unsigned char result_str[1000];
@ -220,16 +237,26 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
{ {
int ok; int ok;
TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
NULL, NULL, MBEDTLS_RSA_PUBLIC, NULL, NULL, MBEDTLS_RSA_PUBLIC,
&olen, result_str, output, sizeof( output ) ) == 0 ); &olen, result_str, output, sizeof( output ) );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
#else
TEST_ASSERT( ( res == 0 ) ||
( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
#endif
if( res == 0 )
{
ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0; ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
if( correct == 0 ) if( correct == 0 )
TEST_ASSERT( ok == 1 ); TEST_ASSERT( ok == 1 );
else else
TEST_ASSERT( ok == 0 ); TEST_ASSERT( ok == 0 );
} }
}
exit: exit:
mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx );
@ -263,7 +290,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int
msg_len = unhexify( message_str, message_hex_string ); msg_len = unhexify( message_str, message_hex_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PUBLIC, msg_len,
message_str, output ) == result );
if( result == 0 ) if( result == 0 )
{ {
hexify( output_str, output, ctx.len ); hexify( output_str, output, ctx.len );
@ -301,7 +330,9 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
msg_len = unhexify( message_str, message_hex_string ); msg_len = unhexify( message_str, message_hex_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
MBEDTLS_RSA_PUBLIC, msg_len,
message_str, output ) == result );
if( result == 0 ) if( result == 0 )
{ {
hexify( output_str, output, ctx.len ); hexify( output_str, output, ctx.len );