From c32e2b0921dafb07412628ca1460a2a5999608a1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 17:03:47 +0100 Subject: [PATCH 01/39] Removal and modification of tests Changes for tests involving mbedtls_rsa_pkcs1_encrypt. Removal of test in test_suite_rsa.function where invalid mode is used. Also modification of other tests to use the constant MBEDTLS_RSA_PUBLIC instead of the mode variable. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1182cc6e69..1eca3148a3 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -103,22 +103,17 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - invalid_mode, - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, NULL ) ); From 2177277ddab7896b295205ed5d5e15180b6aca08 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 17:30:32 +0100 Subject: [PATCH 02/39] Removes mode param from mbedtls_rsa_pkcs1_encrypt Removal of the mode parameter from mbedtls_rsa_pkcs1_encrypt function. This change is propagated throughout the codebase and to relevant tests. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 17 +++-------------- library/pk_wrap.c | 2 +- library/psa_crypto.c | 1 - library/rsa.c | 16 ++++++++-------- programs/pkey/rsa_encrypt.c | 3 +-- tests/suites/test_suite_pkcs1_v15.function | 4 ++-- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 11 ++++------- 8 files changed, 21 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a54ac4dd09..943321544a 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -571,12 +571,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * It is the generic wrapper for performing a PKCS#1 encryption - * operation using the \p mode from the context. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. + * operation. * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead @@ -584,16 +579,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * * \param ctx The initialized RSA context to use. * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding - * encoding, and for PKCS#1 v1.5 padding encoding when used - * with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5 - * padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE, - * it is used for blinding and should be provided in this - * case; see mbedtls_rsa_private() for more. + * encoding, and for PKCS#1 v1.5 padding encoding. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't * need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -608,7 +597,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 8e4f251231..e1ad50795d 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -149,7 +149,7 @@ static int rsa_encrypt_wrap( void *ctx, if( *olen > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); - return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, + return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, ilen, input, output ) ); } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 64ead5b6ed..c4354d7581 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3064,7 +3064,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_pkcs1_encrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, input_length, input, output ) ); diff --git a/library/rsa.c b/library/rsa.c index 6761fbdb79..5ecc778355 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1317,13 +1317,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -1331,14 +1329,16 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, - input, output ); + return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, + MBEDTLS_RSA_PUBLIC, ilen, + input, output ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, - ilen, input, output ); + return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, + MBEDTLS_RSA_PUBLIC, NULL, 0, + ilen, input, output ); #endif default: @@ -2691,7 +2691,7 @@ int mbedtls_rsa_self_test( int verbose ) memcpy( rsa_plaintext, RSA_PT, PT_LEN ); - if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, + if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, PT_LEN, rsa_plaintext, rsa_ciphertext ) != 0 ) { diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index ba01201729..6c654ad188 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -143,8 +143,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, MBEDTLS_RSA_PUBLIC, - strlen( argv[1] ), input, buf ); + &ctr_drbg, strlen( argv[1] ), input, buf ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index b03bddac68..878c414ad6 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -36,8 +36,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, message_str->x = NULL; TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 2e7f3399db..623f7bc552 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -35,8 +35,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E, message_str->x = NULL; TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1eca3148a3..c051ed3504 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -103,17 +103,14 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, - MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, NULL ) ); @@ -703,8 +700,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + &rnd_info, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { @@ -743,8 +740,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, - NULL, MBEDTLS_RSA_PUBLIC, - message_str->len, message_str->x, + NULL, message_str->len, + message_str->x, output ) == result ); if( result == 0 ) { From 69a8c3809e1a6b5fd2a234da2771a89210734180 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 17:59:50 +0100 Subject: [PATCH 03/39] Removes and modifies tests Removal and modification of tests relating to mbedtls_rsa_rsaes_pkcs1_v15_encrypt. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 40 +++------------------------- 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index c051ed3504..4a818c59a5 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -117,25 +117,19 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, NULL, - invalid_mode, - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, sizeof( buf ), buf, NULL ) ); @@ -605,34 +599,6 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, result_str->len ) == 0 ); -#if defined(MBEDTLS_PKCS1_V15) - /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ - if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) - { - int res; - memset( output, 0x00, sizeof( output) ); - - res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, - &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, hash_result->len, - hash_result->x, output ); - -#if !defined(MBEDTLS_RSA_ALT) - TEST_ASSERT( res == 0 ); -#else - TEST_ASSERT( ( res == 0 ) || - ( res == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) ); -#endif - - if( res == 0 ) - { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, - ctx.len, - result_str->len ) == 0 ); - } - } -#endif /* MBEDTLS_PKCS1_V15 */ - exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); From 53e4ac64b7dd34e537ddf7b203629dd4cde89eda Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 18:26:49 +0100 Subject: [PATCH 04/39] Removes mode param from mbedtls_rsa_rsaes_pkcs1_v15_encrypt Removal of mode parameter from mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit propagates the change to all relevant function calls and tests. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 14 ++------ library/rsa.c | 54 ++++++++++------------------ tests/suites/test_suite_rsa.function | 18 ++++------ 3 files changed, 26 insertions(+), 60 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 943321544a..47726ec72c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -605,25 +605,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. It is needed for padding generation - * if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is - * #MBEDTLS_RSA_PRIVATE (discouraged), it is used for - * blinding and should be provided; see mbedtls_rsa_private(). + * \param f_rng The RNG function to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng is \c NULL or if \p f_rng * doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -638,7 +628,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ); diff --git a/library/rsa.c b/library/rsa.c index 5ecc778355..6651c880a2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1244,8 +1244,7 @@ exit: */ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, + void *p_rng, size_t ilen, const unsigned char *input, unsigned char *output ) { @@ -1254,14 +1253,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, unsigned char *p = output; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - olen = ctx->len; /* first comparison checks for overflow */ @@ -1271,43 +1265,32 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, nb_pad = olen - 3 - ilen; *p++ = 0; - if( mode == MBEDTLS_RSA_PUBLIC ) + + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + *p++ = MBEDTLS_RSA_CRYPT; + + while( nb_pad-- > 0 ) { - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + int rng_dl = 100; - *p++ = MBEDTLS_RSA_CRYPT; + do { + ret = f_rng( p_rng, p, 1 ); + } while( *p == 0 && --rng_dl && ret == 0 ); - while( nb_pad-- > 0 ) - { - int rng_dl = 100; + /* Check if RNG failed to generate data */ + if( rng_dl == 0 || ret != 0 ) + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); - do { - ret = f_rng( p_rng, p, 1 ); - } while( *p == 0 && --rng_dl && ret == 0 ); - - /* Check if RNG failed to generate data */ - if( rng_dl == 0 || ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); - - p++; - } - } - else - { - *p++ = MBEDTLS_RSA_SIGN; - - while( nb_pad-- > 0 ) - *p++ = 0xFF; + p++; } *p++ = 0; if( ilen != 0 ) memcpy( p, input, ilen ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return( mbedtls_rsa_public( ctx, output, output ) ); } #endif /* MBEDTLS_PKCS1_V15 */ @@ -1330,8 +1313,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, - MBEDTLS_RSA_PUBLIC, ilen, - input, output ); + ilen, input, output ); #endif #if defined(MBEDTLS_PKCS1_V21) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 4a818c59a5..d3b65b2056 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -116,22 +116,16 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, - NULL, - MBEDTLS_RSA_PUBLIC, - sizeof( buf ), buf, - buf ) ); + NULL, sizeof( buf ), + buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - MBEDTLS_RSA_PUBLIC, - sizeof( buf ), NULL, - buf ) ); + NULL, sizeof( buf ), + NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, - MBEDTLS_RSA_PUBLIC, - sizeof( buf ), buf, - NULL ) ); + NULL, sizeof( buf ), + buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, From 3c487f4b8eefc20e6bda94ed4fd5dd1603a4ba89 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 18:45:01 +0100 Subject: [PATCH 05/39] Removes and modifies tests Removes and modifies tests for mbedtls_rsa_rsaes_oaep_encrypt. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d3b65b2056..6da946e0ca 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -129,31 +129,25 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - invalid_mode, - buf, sizeof( buf ), - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, NULL, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, NULL ) ); From 141700f0573fc2711709dfc05b97b1c44280545c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 13 May 2021 19:06:10 +0100 Subject: [PATCH 06/39] Removes mode param from mbedtls_rsa_rsaes_oaep_encrypt Removes mode parameter from mbedtls_rsa_rsaes_oaep_encrypt and propagates changes throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/psa_crypto.c | 1 - library/rsa.c | 13 ++----------- tests/suites/test_suite_rsa.function | 4 ---- 4 files changed, 2 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 47726ec72c..c250525d70 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -639,22 +639,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \note The output buffer must be as large as the size * of ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initnialized RSA context to use. * \param f_rng The RNG function to use. This is needed for padding * generation and must be provided. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -673,7 +662,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c4354d7581..098c4bba87 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3078,7 +3078,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_rsaes_oaep_encrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, salt, salt_length, input_length, input, diff --git a/library/rsa.c b/library/rsa.c index 6651c880a2..86bd71d47d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1156,7 +1156,6 @@ exit: int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, @@ -1170,15 +1169,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( ilen == 0 || input != NULL ); RSA_VALIDATE_RET( label_len == 0 || label != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1232,9 +1226,7 @@ exit: if( ret != 0 ) return( ret ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return( mbedtls_rsa_public( ctx, output, output ) ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1318,8 +1310,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, - MBEDTLS_RSA_PUBLIC, NULL, 0, + return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0, ilen, input, output ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 6da946e0ca..1bf1850027 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -129,25 +129,21 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, - MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, NULL, sizeof( buf ), sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, buf, sizeof( buf ), sizeof( buf ), buf, NULL ) ); From 11425347f0b40e7ce2225789a8619352d95aacba Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 11:57:05 +0100 Subject: [PATCH 07/39] Modifies tests in rsa test suite Modification of tests in test_suite_rsa.function to adept them for the removal of the mode param from mbedtls_rsa_pkcs1_sign function. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1bf1850027..f8bf859bf6 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -205,27 +205,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From fa1581ea03395212b9fef2b01ba957a0d26502ab Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 12:38:33 +0100 Subject: [PATCH 08/39] Modifies typedef of mbedtls_pk_rsa_alt_sign_func This commit modifies the typedef of mbedtls_pk_rsa_alt_sign_func and propagates the associated changes throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/pk.h | 2 +- library/pk_wrap.c | 2 +- tests/suites/test_suite_pk.function | 4 ++-- tests/suites/test_suite_x509write.function | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 093b3bc6d6..25f02ff69d 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -234,7 +234,7 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen, size_t output_max_len ); typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e1ad50795d..ec07c60246 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -770,7 +770,7 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, md_alg, (unsigned int) hash_len, hash, sig ) ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b81bd7be47..27d73ff9ad 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -70,13 +70,13 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { ((void) f_rng); ((void) p_rng); return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, mode, + mbedtls_test_rnd_std_rand, NULL, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 04ea69b1a6..a36fa43763 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -16,10 +16,10 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) From b9eaa7369ba7db91a1077634db3be1362ef6b361 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 15:42:16 +0100 Subject: [PATCH 09/39] Modifies tests in test suite RSA Modifies tests for mbedtls_rsa_rsassa_pkcs1_v15_sign function in test_suite_rsa.function Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f8bf859bf6..e70faac72b 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -227,27 +227,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 9a66d5c1817792e30d39911cd6781c21f8e0cc65 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 15:50:21 +0100 Subject: [PATCH 10/39] Modifies tests in RSA test suite Tests for mbedtls_rsa_rsassa_pss_sign in test_suite_rsa.function have been modified to allow for upcoming removal of mode param. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e70faac72b..7c7d8f9b69 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -249,27 +249,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 140184d0293bf14e004c78f6cc722d563f9b0079 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 16:04:07 +0100 Subject: [PATCH 11/39] Removes mode param from mbedtls_rsa_pkcs1_sign Commit removes the mode parameter from mbedtls_rsa_pkcs1_sign and progagates the change to all relevant parts of the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 21 ++++----------------- library/pk_wrap.c | 5 +++-- library/psa_crypto_rsa.c | 1 - library/rsa.c | 13 +++++-------- programs/pkey/dh_server.c | 2 +- programs/pkey/rsa_sign.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_pkcs1_v15.function | 4 ++-- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 12 ++++-------- tests/suites/test_suite_x509write.function | 4 ++-- 11 files changed, 25 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c250525d70..96548bd4df 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -790,7 +790,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * a message digest using PKCS#1. * * It is the generic wrapper for performing a PKCS#1 - * signature using the \p mode from the context. + * signature. * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. @@ -799,25 +799,13 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * mbedtls_rsa_rsassa_pss_sign() for details on * \p md_alg and \p hash_id. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1, - * this must be provided. If the padding mode is PKCS#1 v1.5 and - * \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding - * and should be provided; see mbedtls_rsa_private() for more - * more. It is ignored otherwise. + * this must be provided. If the padding mode is PKCS#1 v1.5 + * it is used for blinding and should be provided; + * see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -838,7 +826,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index ec07c60246..9f4c187b05 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -120,8 +120,9 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, *sig_len = mbedtls_rsa_get_len( rsa ); - return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, (unsigned int) hash_len, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, + md_alg, (unsigned int) hash_len, + hash, sig ) ); } static int rsa_decrypt_wrap( void *ctx, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 686f07d334..192f4a3971 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -419,7 +419,6 @@ static psa_status_t rsa_sign_hash( ret = mbedtls_rsa_pkcs1_sign( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, md_alg, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 86bd71d47d..22880a23d2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2129,15 +2129,12 @@ cleanup: int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); @@ -2147,14 +2144,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, hashlen, hash, sig ); #endif default: @@ -2714,7 +2711,7 @@ int mbedtls_rsa_self_test( int verbose ) } if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, + MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index dccf0951ca..63df77ee01 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -229,7 +229,7 @@ int main( void ) buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n + 1] = (unsigned char)( rsa.len ); - if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256, 0, hash, buf + n + 2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index c9522c8c26..1cfa0a8dd9 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -146,7 +146,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 27d73ff9ad..0038a58630 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -76,7 +76,7 @@ int mbedtls_rsa_sign_func( void *ctx, ((void) f_rng); ((void) p_rng); return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, MBEDTLS_RSA_PRIVATE, + mbedtls_test_rnd_std_rand, NULL, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 878c414ad6..0c2547d2e8 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -293,8 +293,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PRIVATE, digest, - 0, hash_result, output ) == result ); + &info, digest, 0, hash_result, + output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 623f7bc552..e64f22290f 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -148,8 +148,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q, if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY) { TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, - &info, MBEDTLS_RSA_PRIVATE, digest, 0, - hash_result, output ) == result ); + &info, digest, 0,hash_result, + output ) == result ); if( result == 0 ) { ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 7c7d8f9b69..e4f962562a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -205,22 +205,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -479,8 +475,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, digest, - 0, hash_result, output ) == result ); + &rnd_info, digest, 0, hash_result, + output ) == result ); if( result == 0 ) { @@ -560,8 +556,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, - MBEDTLS_MD_NONE, hash_result->len, + &rnd_info, MBEDTLS_MD_NONE, + hash_result->len, hash_result->x, output ) == 0 ); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index a36fa43763..44f846fd31 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -19,8 +19,8 @@ int mbedtls_rsa_sign_func( void *ctx, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, hashlen, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, + md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) { From 526549854c79c721d4eefcece6756102f125a6bb Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 16:54:00 +0100 Subject: [PATCH 12/39] Removes mode param from mbedtls_rsa_rsassa_pkcs1_v15_sign Commit removes the mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_sign and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 18 ++---------------- library/rsa.c | 18 +----------------- tests/suites/test_suite_rsa.function | 4 ---- 3 files changed, 3 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 96548bd4df..e7ab073b09 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -835,24 +835,11 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. If \p mode is - * #MBEDTLS_RSA_PUBLIC, it is ignored. + * \param f_rng The RNG function. This is used for blinding and should be + * provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng is \c NULL or doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -873,7 +860,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/rsa.c b/library/rsa.c index 22880a23d2..8129429b92 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2049,7 +2049,6 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2059,16 +2058,11 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, unsigned char *sig_try = NULL, *verif = NULL; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - /* * Prepare PKCS1-v1.5 encoding (padding and hash identifier) */ @@ -2077,16 +2071,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, ctx->len, sig ) ) != 0 ) return( ret ); - /* - * Call respective RSA primitive - */ - - if( mode == MBEDTLS_RSA_PUBLIC ) - { - /* Skip verification on a public key operation */ - return( mbedtls_rsa_public( ctx, sig, sig ) ); - } - /* Private key operation * * In order to prevent Lenstra's attack, make the signature in a @@ -2144,7 +2128,7 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e4f962562a..440c571742 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -223,22 +223,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From de9fdc4b12c2f83a32c3bc5e16148970d37c303a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 17:10:04 +0100 Subject: [PATCH 13/39] Removes mode param from mbedtls_rsa_rsassa_pss_sign Commit removes the mode param from mbedtls_rsa_rsassa_pss_sign and propagates the changes throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/psa_crypto_rsa.c | 1 - library/rsa.c | 7 +++---- tests/suites/test_suite_rsa.function | 4 ---- 4 files changed, 3 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e7ab073b09..103d6915f5 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -939,21 +939,10 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, * the key size in bytes), this function returns * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function. It must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -974,7 +963,6 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 192f4a3971..4f41596543 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -433,7 +433,6 @@ static psa_status_t rsa_sign_hash( ret = mbedtls_rsa_rsassa_pss_sign( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 8129429b92..b241b8fee3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1897,13 +1897,12 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2134,8 +2133,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, + hashlen, hash, sig ); #endif default: diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 440c571742..814385baa4 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -241,22 +241,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 28b55850bdf836d83fe240a455c819a7f3bd7174 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 18:30:00 +0100 Subject: [PATCH 14/39] Modifies tests for verify functions Relevant tests have been modified and in some cases removed in preparation for removal of mode parameter from verify functions. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 55 ++++++++-------------------- 1 file changed, 16 insertions(+), 39 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 814385baa4..96a8cbf022 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -281,118 +281,95 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - invalid_mode, - 0, sizeof( buf ), - buf, - 0, 0, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, - valid_mode, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, 0, 0, From ac1331211e9f9c9d371a8e327c2fc8a95e90b239 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 19:26:39 +0100 Subject: [PATCH 15/39] Removes f_rng parameter from mbedtls_rsa_pkcs1_verify Commit removes f_rng parameter from mbedtls_rsa_pkcs1_verify as a prerequisite to removing the mode parameter. f_rng no longer has relevance in this function if mode is removed. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/pk_wrap.c | 2 +- library/psa_crypto_rsa.c | 1 - library/rsa.c | 7 +++---- programs/pkey/dh_client.c | 2 +- programs/pkey/rsa_verify.c | 2 +- tests/suites/test_suite_pkcs1_v15.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 12 ++++++------ 9 files changed, 15 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 103d6915f5..f4e7d965fd 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -989,9 +989,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either @@ -1013,7 +1010,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9f4c187b05..fbcfdb1579 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,7 +90,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 4f41596543..1ab57c61a3 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_RSA_PUBLIC, md_alg, diff --git a/library/rsa.c b/library/rsa.c index b241b8fee3..7545a799ad 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2414,7 +2414,6 @@ cleanup: * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, @@ -2434,13 +2433,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, p_rng, mode, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, p_rng, mode, md_alg, hashlen, hash, sig ); #endif @@ -2707,7 +2706,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, + if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index d6e4990a9b..eb21566f64 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,7 +220,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index fbc0779b2c..60e1377bca 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,7 +140,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 0c2547d2e8..83604285c2 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index e64f22290f..f291a5fbb6 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,7 +244,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, result_str->x ) == result_simple ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 96a8cbf022..873ce8a478 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -280,22 +280,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, + mbedtls_rsa_pkcs1_verify( NULL, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -485,7 +485,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -564,7 +564,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); From 613d1a4fb7ce0a4c172b5f30e0b1220594ca0a9b Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 19:34:03 +0100 Subject: [PATCH 16/39] Removes p_rng param from mbedtls_rsa_pkcs1_verify Commit removes p_rng from mbedtls_rsa_pkcs1_verify since p_rng has no relevance following the removal of f_rng from this function. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/pk_wrap.c | 6 +++--- library/psa_crypto_rsa.c | 1 - library/rsa.c | 7 +++---- programs/pkey/dh_client.c | 2 +- programs/pkey/rsa_verify.c | 2 +- tests/suites/test_suite_pkcs1_v15.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 12 ++++++------ 9 files changed, 17 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index f4e7d965fd..b41af89a24 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -989,8 +989,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1010,7 +1008,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index fbcfdb1579..b536b6615e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,9 +90,9 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, - MBEDTLS_RSA_PUBLIC, md_alg, - (unsigned int) hash_len, hash, sig ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, MBEDTLS_RSA_PUBLIC, + md_alg, (unsigned int) hash_len, + hash, sig ) ) != 0 ) return( ret ); /* The buffer contains a valid signature followed by extra data. diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 1ab57c61a3..25157d2611 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_length, diff --git a/library/rsa.c b/library/rsa.c index 7545a799ad..ba164ffa98 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2414,7 +2414,6 @@ cleanup: * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2433,13 +2432,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, mode, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, mode, md_alg, hashlen, hash, sig ); #endif @@ -2706,7 +2705,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, + if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index eb21566f64..bdbabb620e 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,7 +220,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 60e1377bca..8f207c78b5 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,7 +140,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC, + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 83604285c2..2e22bdd33e 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index f291a5fbb6..ad8f319e4e 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,7 +244,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, result_str->x ) == result_simple ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 873ce8a478..764d21a95a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -280,22 +280,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( NULL, NULL, + mbedtls_rsa_pkcs1_verify( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, NULL, + mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -485,7 +485,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -564,7 +564,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); From 68d9cbca97aa9aaf495318904096f8a2a15e90cd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 May 2021 18:45:09 +0100 Subject: [PATCH 17/39] Removes mode param from mbedtls_rsa_pkcs1_verify Commit removes mode parameter from mbedtls_rsa_pkcs1_verify and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 14 +------------- library/pk_wrap.c | 4 ++-- library/psa_crypto_rsa.c | 1 - library/rsa.c | 10 +++------- programs/pkey/dh_client.c | 4 ++-- programs/pkey/rsa_verify.c | 4 ++-- tests/suites/test_suite_pkcs1_v15.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 8 ++++---- tests/suites/test_suite_rsa.function | 8 ++------ 9 files changed, 17 insertions(+), 38 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index b41af89a24..f1696c2ebb 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -973,24 +973,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * the message digest. * * This is the generic wrapper for performing a PKCS#1 - * verification using the mode from the context. + * verification. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and * \p hash_id. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1008,7 +997,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index b536b6615e..c351113e04 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,8 +90,8 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg, + (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 25157d2611..11c9ab29c3 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index ba164ffa98..4619f0207d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2414,15 +2414,12 @@ cleanup: * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2432,13 +2429,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif @@ -2705,8 +2702,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index bdbabb620e..c6b3132005 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,8 +220,8 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); goto exit; diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 8f207c78b5..6aca17134a 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,8 +140,8 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); goto exit; diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 2e22bdd33e..d1c0fc1292 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index ad8f319e4e..0983a4232d 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,9 +244,9 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - result_str->x ) == result_simple ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id, + hash_len, hash_result, + result_str->x ) == result_simple ); TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 764d21a95a..112c4fc7b6 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -281,22 +281,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -485,7 +481,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -564,7 +560,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); From cbc088f5d0c522ecf3fb6b9cab370ee7e3bef42c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:39:58 +0100 Subject: [PATCH 18/39] Removes p_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify Commit removes p_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify function in preparation of removal of mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 4 ---- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index f1696c2ebb..37fddddee9 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1019,8 +1019,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, * this is used for blinding and should be provided; see * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1041,7 +1039,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/rsa.c b/library/rsa.c index 4619f0207d..9e2d054b86 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2332,7 +2332,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2377,7 +2376,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); + : mbedtls_rsa_private( ctx, f_rng, NULL, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2429,7 +2428,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 112c4fc7b6..a529c55ce9 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -298,25 +298,21 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, - NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, - NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 475053df2c9188ae8ead34de32e620451d4e8d07 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:44:27 +0100 Subject: [PATCH 19/39] Removes f_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify Commit performs removal of f_rng parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify function in preparation for removal of mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 8 ++++---- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 37fddddee9..6a0309af07 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1016,9 +1016,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1038,7 +1035,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/rsa.c b/library/rsa.c index 9e2d054b86..4d569704a9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2331,7 +2331,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2376,7 +2375,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, f_rng, NULL, sig, encoded ); + : mbedtls_rsa_private( ctx, NULL, NULL, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2428,7 +2427,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a529c55ce9..8f952b38f8 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -297,22 +297,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 2e1262517cb7e11e508c5cf20b49dfd399d77410 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:48:53 +0100 Subject: [PATCH 20/39] Removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify Commit removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/rsa.c | 14 +++----------- tests/suites/test_suite_rsa.function | 4 ---- 3 files changed, 3 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6a0309af07..869bfd923d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1006,18 +1006,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1035,7 +1024,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/rsa.c b/library/rsa.c index 4d569704a9..bdb2b7ef37 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2331,7 +2331,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2342,8 +2341,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, unsigned char *encoded = NULL, *encoded_expected = NULL; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2351,9 +2348,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, sig_len = ctx->len; - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - /* * Prepare expected PKCS1 v1.5 encoding of hash. */ @@ -2373,9 +2367,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, NULL, NULL, sig, encoded ); + ret = mbedtls_rsa_public( ctx, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2427,8 +2419,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg, + hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8f952b38f8..f6aaa7a025 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -298,22 +298,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 08f4c9c571685bd44dfd5ad5c6a916e2589cedfc Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:56:02 +0100 Subject: [PATCH 21/39] Removes p_rng param from mbedtls_rsa_rsassa_pss_verify Commit removes p_rng parameter from mbedtls_rsa_rsassa_pss_verify function as preparation for removing the mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/psa_crypto_rsa.c | 1 - library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 8 ++++---- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 869bfd923d..a89c1f59bf 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1057,8 +1057,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, * this is used for blinding and should be provided; see * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1079,7 +1077,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 11c9ab29c3..464e027d72 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -503,7 +503,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); ret = mbedtls_rsa_rsassa_pss_verify( rsa, mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, (unsigned int) hash_length, diff --git a/library/rsa.c b/library/rsa.c index bdb2b7ef37..333747e494 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2298,7 +2298,6 @@ exit: */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2318,7 +2317,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, NULL, mode, md_alg, hashlen, hash, mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, sig ) ); @@ -2425,7 +2424,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f6aaa7a025..41cef93832 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -315,22 +315,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( NULL, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 718a53db2c5bf4d615ce8e73aed3ba68fb1a8b9e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:01:35 +0100 Subject: [PATCH 22/39] Removed f_rng param from mbedtls_rsa_rsassa_pss_verify Commit removes f_rng parameter from mbedtls_rsa_rsassa_pss_verify function in preparation of mode parameter removal. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/psa_crypto_rsa.c | 1 - library/rsa.c | 5 ++--- tests/suites/test_suite_rsa.function | 8 ++++---- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a89c1f59bf..ab2d5a53b1 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1054,9 +1054,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. @@ -1076,7 +1073,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 464e027d72..4108703909 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -502,7 +502,6 @@ static psa_status_t rsa_verify_hash( { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); ret = mbedtls_rsa_rsassa_pss_verify( rsa, - mbedtls_psa_get_random, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, (unsigned int) hash_length, diff --git a/library/rsa.c b/library/rsa.c index 333747e494..99a56b799f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2297,7 +2297,6 @@ exit: * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2317,7 +2316,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, NULL, mode, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, mode, md_alg, hashlen, hash, mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, sig ) ); @@ -2424,7 +2423,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 41cef93832..b9d7b59004 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -315,22 +315,22 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( NULL, NULL, + mbedtls_rsa_rsassa_pss_verify( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 5ee4cc031c590df8fb4e5c36c2652af9d9d80e34 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:07:42 +0100 Subject: [PATCH 23/39] Removes mode param from mbedtls_rsa_rsassa_pss_verify Commit removes the mode parameter from the mbedtls_rsa_rsassa_pss_verify function and propagates the change throughout the process. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/psa_crypto_rsa.c | 1 - library/rsa.c | 17 ++++++++--------- tests/suites/test_suite_rsa.function | 4 ---- 4 files changed, 8 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index ab2d5a53b1..0b53eb7a07 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1044,18 +1044,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * same. If \p hash_id in the RSA context is unset, * the \p md_alg from the function call is used. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1073,7 +1062,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 4108703909..10ce30e380 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -502,7 +502,6 @@ static psa_status_t rsa_verify_hash( { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); ret = mbedtls_rsa_rsassa_pss_verify( rsa, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 99a56b799f..d3b4bf0fcc 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2297,7 +2297,6 @@ exit: * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2305,8 +2304,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, { mbedtls_md_type_t mgf1_hash_id; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2316,10 +2313,12 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, mode, - md_alg, hashlen, hash, - mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, - sig ) ); + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, + MBEDTLS_RSA_PUBLIC, + md_alg, hashlen, hash, + mgf1_hash_id, + MBEDTLS_RSA_SALT_LEN_ANY, + sig ) ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2423,8 +2422,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg, + hashlen, hash, sig ); #endif default: diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index b9d7b59004..8475036817 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -316,22 +316,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); From 578e9abcbda986bcdc48fb76a010f12278a874b7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:14:57 +0100 Subject: [PATCH 24/39] Removes p_rng param from mbedtls_rsa_rsassa_pss_verify_ext Commit removes p_rng parameter from the mbedtls_rsa_rsassa_pss_verify_ext function in preparation for removal of the mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/pk.c | 2 +- library/rsa.c | 5 ++--- tests/suites/test_suite_pkcs1_v21.function | 2 +- tests/suites/test_suite_rsa.function | 8 ++++---- 5 files changed, 8 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0b53eb7a07..0fde575f4d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1083,8 +1083,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, * this is used for blinding and should be provided; see * mbedtls_rsa_private() for more. Otherwise, it is ignored. - * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. @@ -1108,7 +1106,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/pk.c b/library/pk.c index 6d296638d8..e0dedecc37 100644 --- a/library/pk.c +++ b/library/pk.c @@ -367,7 +367,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - NULL, NULL, MBEDTLS_RSA_PUBLIC, + NULL, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, pss_opts->mgf1_hash_id, pss_opts->expected_salt_len, diff --git a/library/rsa.c b/library/rsa.c index d3b4bf0fcc..6b18fe7cf3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2148,7 +2148,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2187,7 +2186,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); + : mbedtls_rsa_private( ctx, f_rng, NULL, sig, buf ); if( ret != 0 ) return( ret ); @@ -2313,7 +2312,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, mgf1_hash_id, diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 0983a4232d..82f33d610e 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -248,7 +248,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len, hash_result, result_str->x ) == result_simple ); - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, mgf_hash, salt_len, result_str->x ) == result_full ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8475036817..05886ffba8 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -333,26 +333,26 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 9e65f791b56634e1bc4fd0b2edebd50cc1beab46 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:18:58 +0100 Subject: [PATCH 25/39] Removes f_rng param from mbedtls_rsa_rsassa_pss_verify_ext Commit removes the f_rng parameter from the mbedtls_rsa_rsassa_pss_verify_ext function. This is in preparation for the removal of the mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 4 ---- library/pk.c | 2 +- library/rsa.c | 5 ++--- tests/suites/test_suite_pkcs1_v21.function | 2 +- tests/suites/test_suite_rsa.function | 8 ++++---- 5 files changed, 8 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0fde575f4d..3f453f684e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1080,9 +1080,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \note The \p hash_id in the RSA context is ignored. * * \param ctx The initialized RSA public key context to use. - * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. Otherwise, it is ignored. * \param mode The mode of operation. This must be either * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. @@ -1105,7 +1102,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/library/pk.c b/library/pk.c index e0dedecc37..65a4d0c0f4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -367,7 +367,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - NULL, MBEDTLS_RSA_PUBLIC, + MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, pss_opts->mgf1_hash_id, pss_opts->expected_salt_len, diff --git a/library/rsa.c b/library/rsa.c index 6b18fe7cf3..db684c8faa 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2147,7 +2147,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -2186,7 +2185,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, ret = ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, NULL, sig, buf ); + : mbedtls_rsa_private( ctx, NULL, NULL, sig, buf ); if( ret != 0 ) return( ret ); @@ -2312,7 +2311,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, mgf1_hash_id, diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 82f33d610e..c52edcb891 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -248,7 +248,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len, hash_result, result_str->x ) == result_simple ); - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, MBEDTLS_RSA_PUBLIC, + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, mgf_hash, salt_len, result_str->x ) == result_full ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 05886ffba8..b822ed9ead 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -333,26 +333,26 @@ void rsa_invalid_param( ) buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( NULL, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, + mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, From 782a7f5bd6f40ec919baba159661e1977f562ccf Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:27:35 +0100 Subject: [PATCH 26/39] Removes mode param from mbedtls_rsa_rsassa_pss_verify_ext Commit removes the mode parameter from the mbedtls_rsa_rsassa_pss_verify_ext function. This change is propagated throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 3 --- library/pk.c | 9 ++++----- library/rsa.c | 11 +---------- tests/suites/test_suite_pkcs1_v21.function | 7 +++---- tests/suites/test_suite_rsa.function | 4 ---- 5 files changed, 8 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 3f453f684e..2c2af3f96e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1080,8 +1080,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \note The \p hash_id in the RSA context is ignored. * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1102,7 +1100,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk.c b/library/pk.c index 65a4d0c0f4..06021e26c0 100644 --- a/library/pk.c +++ b/library/pk.c @@ -367,11 +367,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, hash, - pss_opts->mgf1_hash_id, - pss_opts->expected_salt_len, - sig ); + md_alg, (unsigned int) hash_len, hash, + pss_opts->mgf1_hash_id, + pss_opts->expected_salt_len, + sig ); if( ret != 0 ) return( ret ); diff --git a/library/rsa.c b/library/rsa.c index db684c8faa..14eb9205c7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2147,7 +2147,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2168,24 +2167,17 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - siglen = ctx->len; if( siglen < 16 || siglen > sizeof( buf ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, NULL, NULL, sig, buf ); + ret = mbedtls_rsa_public( ctx, sig, buf ); if( ret != 0 ) return( ret ); @@ -2312,7 +2304,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, : md_alg; return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, - MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c52edcb891..8f22f20943 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -248,10 +248,9 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len, hash_result, result_str->x ) == result_simple ); - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - mgf_hash, salt_len, - result_str->x ) == result_full ); + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_len, + hash_result, mgf_hash, salt_len, + result_str->x ) == result_full ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index b822ed9ead..442e857ed7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -334,26 +334,22 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, 0, 0, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, 0, 0, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, 0, 0, From 10bc18e3b417632878613648bbd4194e50c1d1a0 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 12:40:20 +0100 Subject: [PATCH 27/39] Corrects outstanding documentation issues Commit removes any remaining superfluous documentation that was not yet removed. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 2c2af3f96e..dda0a61b83 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -573,10 +573,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 encryption * operation. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding * encoding, and for PKCS#1 v1.5 padding encoding. @@ -605,10 +601,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may From cad59ed48e4e6bb1fa0f8f25c5e9b25f79eda527 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 15:04:08 +0100 Subject: [PATCH 28/39] Removes mode param from rsa_rsassa_pss_sign Commit removes the mode parameter from the internal function rsa_rsassa_pss_sign. Signed-off-by: Thomas Daubney --- library/rsa.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 14eb9205c7..2f9438ad08 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1744,7 +1744,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -1760,16 +1759,11 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1868,9 +1862,7 @@ exit: if( ret != 0 ) return( ret ); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, sig ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); + return mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ); } /* @@ -1886,7 +1878,7 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int saltlen, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen, sig ); } @@ -1902,7 +1894,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig ); } #endif /* MBEDTLS_PKCS1_V21 */ From 41e4ce4884a95235b04f1ef899de7881dba55310 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 15:10:05 +0100 Subject: [PATCH 29/39] Removes RSA constants This commit removes the RSA constants MBEDTLS_RSA_PUBLIC and MBEDTLS_RSA_PRIVATE because they are now superfluous given that the mode parameter has been removed. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 2 -- library/rsa.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index dda0a61b83..ecf345e64a 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -57,8 +57,6 @@ /* * RSA constants */ -#define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */ -#define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */ #define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ #define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ diff --git a/library/rsa.c b/library/rsa.c index 2f9438ad08..c3b54afda2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2345,7 +2345,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = mbedtls_rsa_public( ctx, sig, encoded ); + ret = mbedtls_rsa_public( ctx, sig, encoded ); if( ret != 0 ) goto cleanup; From f505b0e30717172ec1abcebcf4c4eeadfa9e8878 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 20 May 2021 12:20:55 +0100 Subject: [PATCH 30/39] Removes unused variables in test_suite_rsa.function CI was failing on check_params due to MBEDTLS_RSA_PRIVATE being assigned to a now superfluous variable. The variable has been as well as another superfluous variable. This should correct the CI issue. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_rsa.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 442e857ed7..efea5c169a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -23,8 +23,6 @@ void rsa_invalid_param( ) mbedtls_rsa_context ctx; const int valid_padding = MBEDTLS_RSA_PKCS_V21; const int invalid_padding = 42; - const int valid_mode = MBEDTLS_RSA_PRIVATE; - const int invalid_mode = 42; unsigned char buf[42] = { 0 }; size_t olen; From 03412787e16c1e248501286764b4f690ef21d6cf Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 20 May 2021 15:31:17 +0100 Subject: [PATCH 31/39] Modifies documentation in rsa.h Changes to documentation to show that f_rng is no longer going to be optional in 3.0. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index ecf345e64a..9b5c1db1a5 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -542,11 +542,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * of a PRNG. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function, used for blinding. It is discouraged - * and deprecated to pass \c NULL here, in which case - * blinding will be omitted. + * \param f_rng The RNG function, used for blinding. * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or if \p f_rng doesn't need a context. + * if \p f_rng doesn't need a context. * \param input The input buffer. This must be a readable buffer * of length \c ctx->len Bytes. For example, \c 256 Bytes * for an 2048-bit RSA modulus. @@ -572,11 +570,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding - * encoding, and for PKCS#1 v1.5 padding encoding. + * \param f_rng The RNG to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. May be - * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't - * need a context argument. + * \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -602,8 +598,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \param ctx The initialized RSA context to use. * \param f_rng The RNG function to use. It is needed for padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may - * be \c NULL if \p f_rng is \c NULL or if \p f_rng - * doesn't need a context argument. + * be \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. * \param input The input data to encrypt. This must be a readable * buffer of size \p ilen Bytes. It may be \c NULL if @@ -675,7 +670,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \param f_rng The RNG function. This is used for blinding and should * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -711,7 +706,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \param f_rng The RNG function. This is used for blinding and should * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -746,10 +741,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding. * \param p_rng The RNG context to be passed to \p f_rng. This may be - * \c NULL if \p f_rng is \c NULL or doesn't need a context. + * \c NULL if \p f_rng doesn't need a context. * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -790,12 +784,9 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \p md_alg and \p hash_id. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1, - * this must be provided. If the padding mode is PKCS#1 v1.5 - * it is used for blinding and should be provided; - * see mbedtls_rsa_private() for more. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or doesn't need a context argument. + * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. From 2c65db96553e15438b8a7c43ea3d76aaa68f5643 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 10:58:28 +0100 Subject: [PATCH 32/39] Corrects documentation in rsa.h Some documentation in rsa.h was still incorrect regarding f_rng being mandatory. This has now been corrected. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 9b5c1db1a5..494e2f2c22 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -421,7 +421,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * * \param ctx The initialized RSA context used to hold the key. * \param f_rng The RNG function to be used for key generation. - * This must not be \c NULL. + * This is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. * This may be \c NULL if \p f_rng doesn't need a context. * \param nbits The size of the public key in bits. @@ -542,7 +542,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * of a PRNG. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function, used for blinding. + * \param f_rng The RNG function, used for blinding. It is mandatory. * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context. * \param input The input buffer. This must be a readable buffer @@ -570,7 +570,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It is needed for padding generation. + * \param f_rng The RNG to use. It used for padding generation + * and it is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. @@ -596,7 +597,8 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * (RSAES-PKCS1-v1_5-ENCRYPT). * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. It is needed for padding generation. + * \param f_rng The RNG function to use. It is mandatory and used for + * padding generation. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng doesn't need a context argument. * \param ilen The length of the plaintext in Bytes. @@ -626,7 +628,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * * \param ctx The initnialized RSA context to use. * \param f_rng The RNG function to use. This is needed for padding - * generation and must be provided. + * generation and is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. This may * be \c NULL if \p f_rng doesn't need a context argument. * \param label The buffer holding the custom label to use. @@ -667,8 +669,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of @@ -703,8 +705,8 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should - * be provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context. * \param olen The address at which to store the length of @@ -741,7 +743,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context. * \param label The buffer holding the custom label to use. @@ -784,7 +787,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \p md_alg and \p hash_id. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function to use. This must not be \c NULL. + * \param f_rng The RNG function to use. This is mandatory and + * must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. @@ -817,10 +821,10 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * operation (RSASSA-PKCS1-v1_5-SIGN). * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. This is used for blinding and should be - * provided; see mbedtls_rsa_private() for more. + * \param f_rng The RNG function. This is used for blinding and is + * mandatory; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL - * if \p f_rng is \c NULL or doesn't need a context argument. + * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -865,7 +869,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It must not be \c NULL. + * \param f_rng The RNG function. It is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. @@ -921,7 +925,7 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. It must not be \c NULL. + * \param f_rng The RNG function. It is mandatory and must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. * \param md_alg The message-digest algorithm used to hash the original data. From d58ed587fda2059fc30a56e140de2d654b4d5637 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 11:50:39 +0100 Subject: [PATCH 33/39] Restores erroneously removed checks Some padding checks in rsa.c were erroneously removed in a previous commit and are restored in this commit. Signed-off-by: Thomas Daubney --- library/rsa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index c3b54afda2..36424bd193 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1764,6 +1764,9 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); + if( ctx->padding != MBEDTLS_RSA_PKCS_V21 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -2054,6 +2057,9 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); + if( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + /* * Prepare PKCS1-v1.5 encoding (padding and hash identifier) */ From 62b0d1dbc83fa49d8b84f9eeacd37d6f637093b1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 16:55:03 +0100 Subject: [PATCH 34/39] Adds ChangeLog and Migration guide entry Commit adds relevant entry to the ChangeLog and to the Migration guide. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 6 ++++++ .../remove-rsa-mode-parameter.md | 20 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 ChangeLog.d/remove-rsa-mode-parameter.txt create mode 100644 docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt new file mode 100644 index 0000000000..7ee3adb957 --- /dev/null +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -0,0 +1,6 @@ +API changes + * Remove mode parameter from RSA functions. All encryption, + decryption, sign and verify functions are affected. Also + removes the RNG parameters from the RSA verify functions. + Existing user code which utilises these RSA functions must + remove the mode parameter. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md new file mode 100644 index 0000000000..61100d3f30 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -0,0 +1,20 @@ +Remove the mode parameter from RSA functions +-------------------------------------------- + +This affects all users who use the RSA encryption, decryption, sign and +verify APIs. + +If you were using the mode parameter to specify the wrong mode then +this behaviour is no longer supported. You must delete the mode +parameter from your RSA function calls. + + +Remove the RNG parameter from RSA functions +-------------------------------------------- + +This affects all users who use the RSA verify functions. + +If you were using the RNG parameters then you must remove +them from your function calls. Since usiong the wrong mode +is no longer supported, the RNG parameters namely f_rng +and p_rng are no longer needed. From f54c5c5547483789f06c6337b5f4f52dec76dc61 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 21 May 2021 17:00:30 +0100 Subject: [PATCH 35/39] Fixes typo Commit fixes typo in rsa.h found in review. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 494e2f2c22..ba00bff31b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -570,7 +570,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * operation. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG to use. It used for padding generation + * \param f_rng The RNG to use. It is used for padding generation * and it is mandatory. * \param p_rng The RNG context to be passed to \p f_rng. May be * \c NULL if \p f_rng doesn't need a context argument. From 2fbbe1d2fe395ff7d9aa20f7101168ffb9b82404 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 May 2021 10:53:57 +0100 Subject: [PATCH 36/39] Corrections to ChangeLog and Migration guide This commit fixes typos and re-words the migration guide. It also adds the issue number to the ChangeLog. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 2 +- .../remove-rsa-mode-parameter.md | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt index 7ee3adb957..b7c6f327f8 100644 --- a/ChangeLog.d/remove-rsa-mode-parameter.txt +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -3,4 +3,4 @@ API changes decryption, sign and verify functions are affected. Also removes the RNG parameters from the RSA verify functions. Existing user code which utilises these RSA functions must - remove the mode parameter. + remove the mode parameter. Fixes #4278. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md index 61100d3f30..406004f45d 100644 --- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -4,10 +4,13 @@ Remove the mode parameter from RSA functions This affects all users who use the RSA encryption, decryption, sign and verify APIs. -If you were using the mode parameter to specify the wrong mode then -this behaviour is no longer supported. You must delete the mode -parameter from your RSA function calls. - +You must delete the mode parameter from your RSA function calls. +Using the correct modes are now the default and only behaviour, and this +cannot be changed. If you were using the mode parameter to specify the +wrong mode then this behaviour is no longer supported. For reference the +correct, supported modes are: Public keys for encryption and verification +functions and private keys for decryption and signing functions, but the +user does not have to specify this. Remove the RNG parameter from RSA functions -------------------------------------------- @@ -15,6 +18,6 @@ Remove the RNG parameter from RSA functions This affects all users who use the RSA verify functions. If you were using the RNG parameters then you must remove -them from your function calls. Since usiong the wrong mode +them from your function calls. Since using the wrong mode is no longer supported, the RNG parameters namely f_rng and p_rng are no longer needed. From 3ca92b182ce46c630304aafa1448a6863ac0ccb7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 May 2021 14:11:39 +0100 Subject: [PATCH 37/39] Re-wording of Migration guide entry Commit re-words the migration guide entry as requested in review. Signed-off-by: Thomas Daubney --- .../remove-rsa-mode-parameter.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md index 406004f45d..2a849a30c7 100644 --- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -5,12 +5,12 @@ This affects all users who use the RSA encryption, decryption, sign and verify APIs. You must delete the mode parameter from your RSA function calls. -Using the correct modes are now the default and only behaviour, and this -cannot be changed. If you were using the mode parameter to specify the -wrong mode then this behaviour is no longer supported. For reference the -correct, supported modes are: Public keys for encryption and verification -functions and private keys for decryption and signing functions, but the -user does not have to specify this. +Using the correct mode is now the default behaviour. Encryption +and verification functions are now equivalent to their 2.x +counterparts with mode=MBEDTLS_RSA_PUBLIC. Decryption and signing +functions are now equivalent to their 2.x counterparts with +mode=MBEDTLS_RSA_PRIVATE. Note that the constants +MBEDTLS_RSA_PUBLIC and MBEDTLS_RSA_PRIVATE have been removed in 3.0. Remove the RNG parameter from RSA functions -------------------------------------------- From 6f966112c7c90c461cc6646305ef74ebd4c06cfd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 May 2021 15:00:19 +0100 Subject: [PATCH 38/39] Corrections to ChangeLog and Migration guide Corrections to address wording of ChangeLog and Migration guide. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 11 +++++- .../remove-rsa-mode-parameter.md | 34 +++++++++++-------- 2 files changed, 30 insertions(+), 15 deletions(-) diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt index b7c6f327f8..6b32f65506 100644 --- a/ChangeLog.d/remove-rsa-mode-parameter.txt +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -1,6 +1,15 @@ +Removals + * The RSA module no longer supports private-key operations with the public + key and vice versa. This change only affects applications which use the + wrong mode. In this case the wrong mode is to use mode=MBEDTLS_RSA_PUBLIC + with decryption and signing functions and mode=MBEDTLS_RSA_PRIVATE with + encryption and verification functions. Addresses issue #4278. API changes * Remove mode parameter from RSA functions. All encryption, decryption, sign and verify functions are affected. Also removes the RNG parameters from the RSA verify functions. Existing user code which utilises these RSA functions must - remove the mode parameter. Fixes #4278. + remove the mode parameter. + * RNG is now mandatory for all private-key RSA operations. Existing user code + which does not use an RNG with private-key RSA functions must now be + updated to do so. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md index 2a849a30c7..e400650dd0 100644 --- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -4,20 +4,26 @@ Remove the mode parameter from RSA functions This affects all users who use the RSA encryption, decryption, sign and verify APIs. -You must delete the mode parameter from your RSA function calls. -Using the correct mode is now the default behaviour. Encryption -and verification functions are now equivalent to their 2.x -counterparts with mode=MBEDTLS_RSA_PUBLIC. Decryption and signing -functions are now equivalent to their 2.x counterparts with -mode=MBEDTLS_RSA_PRIVATE. Note that the constants -MBEDTLS_RSA_PUBLIC and MBEDTLS_RSA_PRIVATE have been removed in 3.0. +The RSA module no longer supports private-key operations with the public key or +vice versa. As a consequence, RSA operation functions no longer have a mode +parameter. If you were calling RSA operations with the normal mode (public key +for verification or encryption, private key for signature or decryption), remove +the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling +RSA operations with the wrong mode, which rarely makes sense from a security +perspective, this is no longer supported. -Remove the RNG parameter from RSA functions --------------------------------------------- +Remove the RNG parameter from RSA verify functions +-------------------------------------------------- -This affects all users who use the RSA verify functions. +RSA verification functions also no longer take random generator arguments (this +was only needed when using a private key). This affects all applications using +the RSA verify functions. -If you were using the RNG parameters then you must remove -them from your function calls. Since using the wrong mode -is no longer supported, the RNG parameters namely f_rng -and p_rng are no longer needed. +RNG is now mandatory in all RSA private key operations +------------------------------------------------------ + +The random generator is now mandatory for blinding in all RSA private-key +operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`, +`mbedtls_rsa_xxx_decrypt`) as well as for encryption +(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer +supported. From 731b952b692564c23b69ab9284e4981daf222334 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 May 2021 16:26:24 +0100 Subject: [PATCH 39/39] Additional corrections to ChangeLog Commit makes further corrections to the wording in the ChangeLog entry. Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-rsa-mode-parameter.txt | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt index 6b32f65506..854dda34b2 100644 --- a/ChangeLog.d/remove-rsa-mode-parameter.txt +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -1,15 +1,9 @@ Removals * The RSA module no longer supports private-key operations with the public - key and vice versa. This change only affects applications which use the - wrong mode. In this case the wrong mode is to use mode=MBEDTLS_RSA_PUBLIC - with decryption and signing functions and mode=MBEDTLS_RSA_PRIVATE with - encryption and verification functions. Addresses issue #4278. + key and vice versa. API changes - * Remove mode parameter from RSA functions. All encryption, - decryption, sign and verify functions are affected. Also - removes the RNG parameters from the RSA verify functions. - Existing user code which utilises these RSA functions must - remove the mode parameter. - * RNG is now mandatory for all private-key RSA operations. Existing user code - which does not use an RNG with private-key RSA functions must now be - updated to do so. + * Remove the mode parameter from RSA operation functions. Signature and + decryption functions now always use the private key and verification and + encryption use the public key. Verification functions also no longer have + RNG parameters. + * The RNG is now mandatory for all private-key RSA operations.