eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removes mode param from mbedtls_rsa_rsassa_pkcs1_v15_sign

Browse source 
Commit removes the mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_sign and
propagates the change throughout the
codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit is contained in:
Thomas Daubney 2021-05-18 16:54:00 +01:00
parent 140184d029
commit 526549854c
3 changed files with 3 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

18
include/mbedtls/rsa.h
View file

@ -835,24 +835,11 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
* \brief This function performs a PKCS#1 v1.5 signature * \brief This function performs a PKCS#1 v1.5 signature
* operation (RSASSA-PKCS1-v1_5-SIGN). * operation (RSASSA-PKCS1-v1_5-SIGN).
* *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* implicitly set to #MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA context to use. * \param ctx The initialized RSA context to use.
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, * \param f_rng The RNG function. This is used for blinding and should be
* this is used for blinding and should be provided; see * provided; see mbedtls_rsa_private() for more.
* mbedtls_rsa_private() for more. If \p mode is
* #MBEDTLS_RSA_PUBLIC, it is ignored.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
* if \p f_rng is \c NULL or doesn't need a context argument. * if \p f_rng is \c NULL or doesn't need a context argument.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data. * \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data. * Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest. * \param hashlen The length of the message digest.
@ -873,7 +860,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,

18
library/rsa.c
View file

@ -2049,7 +2049,6 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
@ -2059,16 +2058,11 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
unsigned char *sig_try = NULL, *verif = NULL; unsigned char *sig_try = NULL, *verif = NULL;
RSA_VALIDATE_RET( ctx != NULL ); RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) || hashlen == 0 ) ||
hash != NULL ); hash != NULL );
RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( sig != NULL );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
/* /*
* Prepare PKCS1-v1.5 encoding (padding and hash identifier) * Prepare PKCS1-v1.5 encoding (padding and hash identifier)
*/ */
@ -2077,16 +2071,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
ctx->len, sig ) ) != 0 ) ctx->len, sig ) ) != 0 )
return( ret ); return( ret );
/*
* Call respective RSA primitive
*/
if( mode == MBEDTLS_RSA_PUBLIC )
{
/* Skip verification on a public key operation */
return( mbedtls_rsa_public( ctx, sig, sig ) );
}
/* Private key operation /* Private key operation
* *
* In order to prevent Lenstra's attack, make the signature in a * In order to prevent Lenstra's attack, make the signature in a
@ -2144,7 +2128,7 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
{ {
#if defined(MBEDTLS_PKCS1_V15) #if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15: case MBEDTLS_RSA_PKCS_V15:
return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng,
md_alg, hashlen, hash, sig ); md_alg, hashlen, hash, sig );
#endif #endif

4
tests/suites/test_suite_rsa.function
View file

@ -223,22 +223,18 @@ void rsa_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), buf, 0, sizeof( buf ), buf,
buf ) ); buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), NULL, 0, sizeof( buf ), NULL,
buf ) ); buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), buf, 0, sizeof( buf ), buf,
NULL ) ); NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
MBEDTLS_RSA_PRIVATE,
MBEDTLS_MD_SHA1, MBEDTLS_MD_SHA1,
0, NULL, 0, NULL,
buf ) ); buf ) );