eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

RSA: always use MD light

Browse source 
Note: already auto-enabled in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-03-16 10:47:59 +01:00
parent 52d02a85d3
commit fb8d90a2db
5 changed files with 22 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

5
include/mbedtls/check_config.h
View file

@ -174,11 +174,6 @@
#error "MBEDTLS_PKCS5_C defined, but not all prerequisites" #error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_PKCS1_V21) && \
!( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) )
#error "MBEDTLS_PKCS1_V21 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
!defined(MBEDTLS_SHA256_C)) !defined(MBEDTLS_SHA256_C))
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"

11
include/mbedtls/mbedtls_config.h
View file

@ -1180,15 +1180,10 @@
* *
* Enable support for PKCS#1 v2.1 encoding. * Enable support for PKCS#1 v2.1 encoding.
* *
* Requires: MBEDTLS_RSA_C and (MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C). * Requires: MBEDTLS_RSA_C
* *
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() * \warning If using a hash that is only provided by PSA drivers, you must
* before doing any PKCS#1 v2.1 operation. * call psa_crypto_init() before doing any PKCS#1 v2.1 operation.
*
* \warning When building with MBEDTLS_MD_C, all hashes used with this
* need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
* etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
* this module in builds where MBEDTLS_MD_C is disabled.
* *
* This enables support for RSAES-OAEP and RSASSA-PSS operations. * This enables support for RSAES-OAEP and RSASSA-PSS operations.
*/ */

84
library/rsa.c
View file

@ -54,18 +54,6 @@
#include <stdlib.h> #include <stdlib.h>
#endif #endif
/* We use MD first if it's available (for compatibility reasons)
* and "fall back" to PSA otherwise (which needs psa_crypto_init()). */
#if defined(MBEDTLS_PKCS1_V21)
#if !defined(MBEDTLS_MD_C)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_md_errors, \
psa_generic_status_to_mbedtls)
#endif /* !MBEDTLS_MD_C */
#endif /* MBEDTLS_PKCS1_V21 */
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#if !defined(MBEDTLS_RSA_ALT) #if !defined(MBEDTLS_RSA_ALT)
@ -1089,7 +1077,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
unsigned int hlen; unsigned int hlen;
size_t i, use_len; size_t i, use_len;
unsigned char mask[MBEDTLS_HASH_MAX_SIZE]; unsigned char mask[MBEDTLS_HASH_MAX_SIZE];
#if defined(MBEDTLS_MD_C)
int ret = 0; int ret = 0;
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx; mbedtls_md_context_t md_ctx;
@ -1106,14 +1093,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
} }
hlen = mbedtls_md_get_size(md_info); hlen = mbedtls_md_get_size(md_info);
#else
psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg);
psa_status_t status = PSA_SUCCESS;
size_t out_len;
hlen = PSA_HASH_LENGTH(alg);
#endif
memset(mask, 0, sizeof(mask)); memset(mask, 0, sizeof(mask));
memset(counter, 0, 4); memset(counter, 0, 4);
@ -1127,7 +1106,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
use_len = dlen; use_len = dlen;
} }
#if defined(MBEDTLS_MD_C)
if ((ret = mbedtls_md_starts(&md_ctx)) != 0) { if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
goto exit; goto exit;
} }
@ -1140,21 +1118,6 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
if ((ret = mbedtls_md_finish(&md_ctx, mask)) != 0) { if ((ret = mbedtls_md_finish(&md_ctx, mask)) != 0) {
goto exit; goto exit;
} }
#else
if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&op, src, slen)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&op, counter, 4)) != PSA_SUCCESS) {
goto exit;
}
status = psa_hash_finish(&op, mask, sizeof(mask), &out_len);
if (status != PSA_SUCCESS) {
goto exit;
}
#endif
for (i = 0; i < use_len; ++i) { for (i = 0; i < use_len; ++i) {
*p++ ^= mask[i]; *p++ ^= mask[i];
@ -1167,15 +1130,9 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
exit: exit:
mbedtls_platform_zeroize(mask, sizeof(mask)); mbedtls_platform_zeroize(mask, sizeof(mask));
#if defined(MBEDTLS_MD_C)
mbedtls_md_free(&md_ctx); mbedtls_md_free(&md_ctx);
return ret; return ret;
#else
psa_hash_abort(&op);
return PSA_TO_MBEDTLS_ERR(status);
#endif
} }
/** /**
@ -1194,7 +1151,6 @@ static int hash_mprime(const unsigned char *hash, size_t hlen,
{ {
const unsigned char zeros[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; const unsigned char zeros[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
#if defined(MBEDTLS_MD_C)
mbedtls_md_context_t md_ctx; mbedtls_md_context_t md_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1227,35 +1183,6 @@ exit:
mbedtls_md_free(&md_ctx); mbedtls_md_free(&md_ctx);
return ret; return ret;
#else
psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg);
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t out_size = PSA_HASH_LENGTH(alg);
size_t out_len;
if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&op, zeros, sizeof(zeros))) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&op, hash, hlen)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&op, salt, slen)) != PSA_SUCCESS) {
goto exit;
}
status = psa_hash_finish(&op, out, out_size, &out_len);
if (status != PSA_SUCCESS) {
goto exit;
}
exit:
psa_hash_abort(&op);
return PSA_TO_MBEDTLS_ERR(status);
#endif /* !MBEDTLS_MD_C */
} }
/** /**
@ -1270,7 +1197,6 @@ static int compute_hash(mbedtls_md_type_t md_alg,
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char *output) unsigned char *output)
{ {
#if defined(MBEDTLS_MD_C)
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type(md_alg); md_info = mbedtls_md_info_from_type(md_alg);
@ -1279,16 +1205,6 @@ static int compute_hash(mbedtls_md_type_t md_alg,
} }
return mbedtls_md(md_info, input, ilen, output); return mbedtls_md(md_info, input, ilen, output);
#else
psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg);
psa_status_t status;
size_t out_size = PSA_HASH_LENGTH(alg);
size_t out_len;
status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
return PSA_TO_MBEDTLS_ERR(status);
#endif /* !MBEDTLS_MD_C */
} }
#endif /* MBEDTLS_PKCS1_V21 */ #endif /* MBEDTLS_PKCS1_V21 */

15
tests/suites/test_suite_pkcs1_v21.function
View file

@ -18,6 +18,8 @@ void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E,
mbedtls_test_rnd_buf_info info; mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E; mbedtls_mpi N, E;
MD_PSA_INIT();
info.fallback_f_rng = mbedtls_test_rnd_std_rand; info.fallback_f_rng = mbedtls_test_rnd_std_rand;
info.fallback_p_rng = NULL; info.fallback_p_rng = NULL;
info.buf = rnd_buf->x; info.buf = rnd_buf->x;
@ -53,6 +55,7 @@ void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E,
exit: exit:
mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */
@ -69,6 +72,8 @@ void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q,
mbedtls_mpi N, P, Q, E; mbedtls_mpi N, P, Q, E;
((void) seed); ((void) seed);
MD_PSA_INIT();
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
@ -114,6 +119,7 @@ exit:
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */
@ -129,6 +135,8 @@ void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q,
mbedtls_test_rnd_buf_info info; mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, P, Q, E; mbedtls_mpi N, P, Q, E;
MD_PSA_INIT();
info.fallback_f_rng = mbedtls_test_rnd_std_rand; info.fallback_f_rng = mbedtls_test_rnd_std_rand;
info.fallback_p_rng = NULL; info.fallback_p_rng = NULL;
info.buf = rnd_buf->x; info.buf = rnd_buf->x;
@ -179,6 +187,7 @@ exit:
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */
@ -191,6 +200,8 @@ void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E,
mbedtls_mpi N, E; mbedtls_mpi N, E;
((void) salt); ((void) salt);
MD_PSA_INIT();
mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
mbedtls_rsa_init(&ctx); mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
@ -213,6 +224,7 @@ void pkcs1_rsassa_pss_verify(int mod, data_t *input_N, data_t *input_E,
exit: exit:
mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */
@ -227,6 +239,8 @@ void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E,
mbedtls_rsa_context ctx; mbedtls_rsa_context ctx;
mbedtls_mpi N, E; mbedtls_mpi N, E;
MD_PSA_INIT();
mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
mbedtls_rsa_init(&ctx); mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx, TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
@ -254,5 +268,6 @@ void pkcs1_rsassa_pss_verify_ext(int mod, data_t *input_N, data_t *input_E,
exit: exit:
mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */

4
tests/suites/test_suite_rsa.function
View file

@ -1376,6 +1376,10 @@ exit:
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void rsa_selftest() void rsa_selftest()
{ {
MD_PSA_INIT();
TEST_ASSERT(mbedtls_rsa_self_test(1) == 0); TEST_ASSERT(mbedtls_rsa_self_test(1) == 0);
exit:
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */