Merge remote-tracking branch 'public/pr/2288' into development
This commit is contained in:
commit
12b4240300
4 changed files with 946 additions and 242 deletions
|
@ -158,15 +158,16 @@ mbedtls_rsa_context;
|
||||||
* making signatures, but can be overriden for verifying them.
|
* making signatures, but can be overriden for verifying them.
|
||||||
* If set to #MBEDTLS_MD_NONE, it is always overriden.
|
* If set to #MBEDTLS_MD_NONE, it is always overriden.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context to initialize.
|
* \param ctx The RSA context to initialize. This must not be \c NULL.
|
||||||
* \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
|
* \param padding The padding mode to use. This must be either
|
||||||
* #MBEDTLS_RSA_PKCS_V21.
|
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
|
||||||
* \param hash_id The hash identifier of #mbedtls_md_type_t type, if
|
* \param hash_id The hash identifier of ::mbedtls_md_type_t type, if
|
||||||
* \p padding is #MBEDTLS_RSA_PKCS_V21.
|
* \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
|
||||||
|
* otherwise.
|
||||||
*/
|
*/
|
||||||
void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
||||||
int padding,
|
int padding,
|
||||||
int hash_id);
|
int hash_id );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief This function imports a set of core parameters into an
|
* \brief This function imports a set of core parameters into an
|
||||||
|
@ -188,11 +189,11 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
||||||
* for the lifetime of the RSA context being set up.
|
* for the lifetime of the RSA context being set up.
|
||||||
*
|
*
|
||||||
* \param ctx The initialized RSA context to store the parameters in.
|
* \param ctx The initialized RSA context to store the parameters in.
|
||||||
* \param N The RSA modulus, or NULL.
|
* \param N The RSA modulus. This may be \c NULL.
|
||||||
* \param P The first prime factor of \p N, or NULL.
|
* \param P The first prime factor of \p N. This may be \c NULL.
|
||||||
* \param Q The second prime factor of \p N, or NULL.
|
* \param Q The second prime factor of \p N. This may be \c NULL.
|
||||||
* \param D The private exponent, or NULL.
|
* \param D The private exponent. This may be \c NULL.
|
||||||
* \param E The public exponent, or NULL.
|
* \param E The public exponent. This may be \c NULL.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return A non-zero error code on failure.
|
* \return A non-zero error code on failure.
|
||||||
|
@ -222,16 +223,16 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
||||||
* for the lifetime of the RSA context being set up.
|
* for the lifetime of the RSA context being set up.
|
||||||
*
|
*
|
||||||
* \param ctx The initialized RSA context to store the parameters in.
|
* \param ctx The initialized RSA context to store the parameters in.
|
||||||
* \param N The RSA modulus, or NULL.
|
* \param N The RSA modulus. This may be \c NULL.
|
||||||
* \param N_len The Byte length of \p N, ignored if \p N == NULL.
|
* \param N_len The Byte length of \p N; it is ignored if \p N == NULL.
|
||||||
* \param P The first prime factor of \p N, or NULL.
|
* \param P The first prime factor of \p N. This may be \c NULL.
|
||||||
* \param P_len The Byte length of \p P, ignored if \p P == NULL.
|
* \param P_len The Byte length of \p P; it ns ignored if \p P == NULL.
|
||||||
* \param Q The second prime factor of \p N, or NULL.
|
* \param Q The second prime factor of \p N. This may be \c NULL.
|
||||||
* \param Q_len The Byte length of \p Q, ignored if \p Q == NULL.
|
* \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL.
|
||||||
* \param D The private exponent, or NULL.
|
* \param D The private exponent. This may be \c NULL.
|
||||||
* \param D_len The Byte length of \p D, ignored if \p D == NULL.
|
* \param D_len The Byte length of \p D; it is ignored if \p D == NULL.
|
||||||
* \param E The public exponent, or NULL.
|
* \param E The public exponent. This may be \c NULL.
|
||||||
* \param E_len The Byte length of \p E, ignored if \p E == NULL.
|
* \param E_len The Byte length of \p E; it is ignored if \p E == NULL.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return A non-zero error code on failure.
|
* \return A non-zero error code on failure.
|
||||||
|
@ -299,11 +300,16 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
|
||||||
* the RSA context stays intact and remains usable.
|
* the RSA context stays intact and remains usable.
|
||||||
*
|
*
|
||||||
* \param ctx The initialized RSA context.
|
* \param ctx The initialized RSA context.
|
||||||
* \param N The MPI to hold the RSA modulus, or NULL.
|
* \param N The MPI to hold the RSA modulus.
|
||||||
* \param P The MPI to hold the first prime factor of \p N, or NULL.
|
* This may be \c NULL if this field need not be exported.
|
||||||
* \param Q The MPI to hold the second prime factor of \p N, or NULL.
|
* \param P The MPI to hold the first prime factor of \p N.
|
||||||
* \param D The MPI to hold the private exponent, or NULL.
|
* This may be \c NULL if this field need not be exported.
|
||||||
* \param E The MPI to hold the public exponent, or NULL.
|
* \param Q The MPI to hold the second prime factor of \p N.
|
||||||
|
* This may be \c NULL if this field need not be exported.
|
||||||
|
* \param D The MPI to hold the private exponent.
|
||||||
|
* This may be \c NULL if this field need not be exported.
|
||||||
|
* \param E The MPI to hold the public exponent.
|
||||||
|
* This may be \c NULL if this field need not be exported.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
|
* \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
|
||||||
|
@ -341,17 +347,20 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
||||||
* buffer pointers are NULL.
|
* buffer pointers are NULL.
|
||||||
*
|
*
|
||||||
* \param ctx The initialized RSA context.
|
* \param ctx The initialized RSA context.
|
||||||
* \param N The Byte array to store the RSA modulus, or NULL.
|
* \param N The Byte array to store the RSA modulus,
|
||||||
|
* or \c NULL if this field need not be exported.
|
||||||
* \param N_len The size of the buffer for the modulus.
|
* \param N_len The size of the buffer for the modulus.
|
||||||
* \param P The Byte array to hold the first prime factor of \p N, or
|
* \param P The Byte array to hold the first prime factor of \p N,
|
||||||
* NULL.
|
* or \c NULL if this field need not be exported.
|
||||||
* \param P_len The size of the buffer for the first prime factor.
|
* \param P_len The size of the buffer for the first prime factor.
|
||||||
* \param Q The Byte array to hold the second prime factor of \p N, or
|
* \param Q The Byte array to hold the second prime factor of \p N,
|
||||||
* NULL.
|
* or \c NULL if this field need not be exported.
|
||||||
* \param Q_len The size of the buffer for the second prime factor.
|
* \param Q_len The size of the buffer for the second prime factor.
|
||||||
* \param D The Byte array to hold the private exponent, or NULL.
|
* \param D The Byte array to hold the private exponent,
|
||||||
|
* or \c NULL if this field need not be exported.
|
||||||
* \param D_len The size of the buffer for the private exponent.
|
* \param D_len The size of the buffer for the private exponent.
|
||||||
* \param E The Byte array to hold the public exponent, or NULL.
|
* \param E The Byte array to hold the public exponent,
|
||||||
|
* or \c NULL if this field need not be exported.
|
||||||
* \param E_len The size of the buffer for the public exponent.
|
* \param E_len The size of the buffer for the public exponent.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
|
@ -375,9 +384,12 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
||||||
* mbedtls_rsa_deduce_opt().
|
* mbedtls_rsa_deduce_opt().
|
||||||
*
|
*
|
||||||
* \param ctx The initialized RSA context.
|
* \param ctx The initialized RSA context.
|
||||||
* \param DP The MPI to hold D modulo P-1, or NULL.
|
* \param DP The MPI to hold \c D modulo `P-1`,
|
||||||
* \param DQ The MPI to hold D modulo Q-1, or NULL.
|
* or \c NULL if it need not be exported.
|
||||||
* \param QP The MPI to hold modular inverse of Q modulo P, or NULL.
|
* \param DQ The MPI to hold \c D modulo `Q-1`,
|
||||||
|
* or \c NULL if it need not be exported.
|
||||||
|
* \param QP The MPI to hold modular inverse of \c Q modulo \c P,
|
||||||
|
* or \c NULL if it need not be exported.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return A non-zero error code on failure.
|
* \return A non-zero error code on failure.
|
||||||
|
@ -390,13 +402,13 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
|
||||||
* \brief This function sets padding for an already initialized RSA
|
* \brief This function sets padding for an already initialized RSA
|
||||||
* context. See mbedtls_rsa_init() for details.
|
* context. See mbedtls_rsa_init() for details.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context to be set.
|
* \param ctx The initialized RSA context to be configured.
|
||||||
* \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
|
* \param padding The padding mode to use. This must be either
|
||||||
* #MBEDTLS_RSA_PKCS_V21.
|
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
|
||||||
* \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
|
* \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
|
||||||
*/
|
*/
|
||||||
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
|
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
|
||||||
int hash_id);
|
int hash_id );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief This function retrieves the length of RSA modulus in Bytes.
|
* \brief This function retrieves the length of RSA modulus in Bytes.
|
||||||
|
@ -414,11 +426,14 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
|
||||||
* \note mbedtls_rsa_init() must be called before this function,
|
* \note mbedtls_rsa_init() must be called before this function,
|
||||||
* to set up the RSA context.
|
* to set up the RSA context.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context used to hold the key.
|
* \param ctx The initialized RSA context used to hold the key.
|
||||||
* \param f_rng The RNG function.
|
* \param f_rng The RNG function to be used for key generation.
|
||||||
* \param p_rng The RNG context.
|
* This must not be \c NULL.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng.
|
||||||
|
* This may be \c NULL if \p f_rng doesn't need a context.
|
||||||
* \param nbits The size of the public key in bits.
|
* \param nbits The size of the public key in bits.
|
||||||
* \param exponent The public exponent. For example, 65537.
|
* \param exponent The public exponent to use. For example, \c 65537.
|
||||||
|
* This must be odd and greater than \c 1.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -436,7 +451,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||||
* enough information is present to perform an RSA public key
|
* enough information is present to perform an RSA public key
|
||||||
* operation using mbedtls_rsa_public().
|
* operation using mbedtls_rsa_public().
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context to check.
|
* \param ctx The initialized RSA context to check.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -475,7 +490,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
|
||||||
* parameters, which goes beyond what is effectively checkable
|
* parameters, which goes beyond what is effectively checkable
|
||||||
* by the library.</li></ul>
|
* by the library.</li></ul>
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context to check.
|
* \param ctx The initialized RSA context to check.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -487,8 +502,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
|
||||||
*
|
*
|
||||||
* It checks each of the contexts, and makes sure they match.
|
* It checks each of the contexts, and makes sure they match.
|
||||||
*
|
*
|
||||||
* \param pub The RSA context holding the public key.
|
* \param pub The initialized RSA context holding the public key.
|
||||||
* \param prv The RSA context holding the private key.
|
* \param prv The initialized RSA context holding the private key.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -499,18 +514,19 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
||||||
/**
|
/**
|
||||||
* \brief This function performs an RSA public key operation.
|
* \brief This function performs an RSA public key operation.
|
||||||
*
|
*
|
||||||
|
* \param ctx The initialized RSA context to use.
|
||||||
|
* \param input The input buffer. This must be a readable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
|
* \param output The output buffer. This must be a writable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
|
*
|
||||||
* \note This function does not handle message padding.
|
* \note This function does not handle message padding.
|
||||||
*
|
*
|
||||||
* \note Make sure to set \p input[0] = 0 or ensure that
|
* \note Make sure to set \p input[0] = 0 or ensure that
|
||||||
* input is smaller than \p N.
|
* input is smaller than \p N.
|
||||||
*
|
*
|
||||||
* \note The input and output buffers must be large
|
|
||||||
* enough. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \param ctx The RSA context.
|
|
||||||
* \param input The input buffer.
|
|
||||||
* \param output The output buffer.
|
|
||||||
*
|
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
*/
|
*/
|
||||||
|
@ -521,9 +537,6 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
||||||
/**
|
/**
|
||||||
* \brief This function performs an RSA private key operation.
|
* \brief This function performs an RSA private key operation.
|
||||||
*
|
*
|
||||||
* \note The input and output buffers must be large
|
|
||||||
* enough. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \note Blinding is used if and only if a PRNG is provided.
|
* \note Blinding is used if and only if a PRNG is provided.
|
||||||
*
|
*
|
||||||
* \note If blinding is used, both the base of exponentation
|
* \note If blinding is used, both the base of exponentation
|
||||||
|
@ -535,11 +548,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
||||||
* Future versions of the library may enforce the presence
|
* Future versions of the library may enforce the presence
|
||||||
* of a PRNG.
|
* of a PRNG.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Needed for blinding.
|
* \param f_rng The RNG function, used for blinding. It is discouraged
|
||||||
* \param p_rng The RNG context.
|
* and deprecated to pass \c NULL here, in which case
|
||||||
* \param input The input buffer.
|
* blinding will be omitted.
|
||||||
* \param output The output buffer.
|
* \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
|
||||||
|
* if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
|
||||||
|
* \param input The input buffer. This must be a readable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
|
* \param output The output buffer. This must be a writable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -558,9 +578,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||||
* It is the generic wrapper for performing a PKCS#1 encryption
|
* It is the generic wrapper for performing a PKCS#1 encryption
|
||||||
* operation using the \p mode from the context.
|
* operation using the \p mode from the context.
|
||||||
*
|
*
|
||||||
* \note The input and output buffers must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \deprecated It is deprecated and discouraged to call this function
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||||
* are likely to remove the \p mode argument and have it
|
* are likely to remove the \p mode argument and have it
|
||||||
|
@ -570,14 +587,24 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1
|
* \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding
|
||||||
* encoding, and #MBEDTLS_RSA_PRIVATE.
|
* encoding, and for PKCS#1 v1.5 padding encoding when used
|
||||||
* \param p_rng The RNG context.
|
* with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param ilen The length of the plaintext.
|
* it is used for blinding and should be provided in this
|
||||||
* \param input The buffer holding the data to encrypt.
|
* case; see mbedtls_rsa_private() for more.
|
||||||
* \param output The buffer used to hold the ciphertext.
|
* \param p_rng The RNG context to be passed to \p f_rng. May be
|
||||||
|
* \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
|
||||||
|
* need a context argument.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
|
* \param ilen The length of the plaintext in Bytes.
|
||||||
|
* \param input The input data to encrypt. This must be a readable
|
||||||
|
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||||
|
* \param output The output buffer. This must be a writable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -593,9 +620,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* \brief This function performs a PKCS#1 v1.5 encryption operation
|
* \brief This function performs a PKCS#1 v1.5 encryption operation
|
||||||
* (RSAES-PKCS1-v1_5-ENCRYPT).
|
* (RSAES-PKCS1-v1_5-ENCRYPT).
|
||||||
*
|
*
|
||||||
* \note The output buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \deprecated It is deprecated and discouraged to call this function
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||||
* are likely to remove the \p mode argument and have it
|
* are likely to remove the \p mode argument and have it
|
||||||
|
@ -605,14 +629,22 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Needed for padding and
|
* \param f_rng The RNG function to use. It is needed for padding generation
|
||||||
* #MBEDTLS_RSA_PRIVATE.
|
* if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
|
||||||
* \param p_rng The RNG context.
|
* #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* blinding and should be provided; see mbedtls_rsa_private().
|
||||||
* \param ilen The length of the plaintext.
|
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||||
* \param input The buffer holding the data to encrypt.
|
* be \c NULL if \p f_rng is \c NULL or if \p f_rng
|
||||||
* \param output The buffer used to hold the ciphertext.
|
* doesn't need a context argument.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
|
* \param ilen The length of the plaintext in Bytes.
|
||||||
|
* \param input The input data to encrypt. This must be a readable
|
||||||
|
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||||
|
* \param output The output buffer. This must be a writable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -640,16 +672,23 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initnialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1
|
* \param f_rng The RNG function to use. This is needed for padding
|
||||||
* encoding and #MBEDTLS_RSA_PRIVATE.
|
* generation and must be provided.
|
||||||
* \param p_rng The RNG context.
|
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* be \c NULL if \p f_rng doesn't need a context argument.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
* \param label The buffer holding the custom label to use.
|
* \param label The buffer holding the custom label to use.
|
||||||
* \param label_len The length of the label.
|
* This must be a readable buffer of length \p label_len
|
||||||
* \param ilen The length of the plaintext.
|
* Bytes. It may be \c NULL if \p label_len is \c 0.
|
||||||
* \param input The buffer holding the data to encrypt.
|
* \param label_len The length of the label in Bytes.
|
||||||
* \param output The buffer used to hold the ciphertext.
|
* \param ilen The length of the plaintext buffer \p input in Bytes.
|
||||||
|
* \param input The input data to encrypt. This must be a readable
|
||||||
|
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||||
|
* \param output The output buffer. This must be a writable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -677,9 +716,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* hold the decryption of the particular ciphertext provided,
|
* hold the decryption of the particular ciphertext provided,
|
||||||
* the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
* the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||||
*
|
*
|
||||||
* \note The input buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \deprecated It is deprecated and discouraged to call this function
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||||
* are likely to remove the \p mode argument and have it
|
* are likely to remove the \p mode argument and have it
|
||||||
|
@ -689,14 +725,23 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. If \p mode is
|
||||||
* \param olen The length of the plaintext.
|
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||||
* \param input The buffer holding the encrypted data.
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||||
* \param output The buffer used to hold the plaintext.
|
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||||
* \param output_max_len The maximum length of the output buffer.
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||||
|
* \param olen The address at which to store the length of
|
||||||
|
* the plaintext. This must not be \c NULL.
|
||||||
|
* \param input The ciphertext buffer. This must be a readable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
|
* \param output The buffer used to hold the plaintext. This must
|
||||||
|
* be a writable buffer of length \p output_max_len Bytes.
|
||||||
|
* \param output_max_len The length in Bytes of the output buffer \p output.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -720,9 +765,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* hold the decryption of the particular ciphertext provided,
|
* hold the decryption of the particular ciphertext provided,
|
||||||
* the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
* the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||||
*
|
*
|
||||||
* \note The input buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \deprecated It is deprecated and discouraged to call this function
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||||
* are likely to remove the \p mode argument and have it
|
* are likely to remove the \p mode argument and have it
|
||||||
|
@ -732,14 +774,23 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. If \p mode is
|
||||||
* \param olen The length of the plaintext.
|
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||||
* \param input The buffer holding the encrypted data.
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||||
* \param output The buffer to hold the plaintext.
|
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||||
* \param output_max_len The maximum length of the output buffer.
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||||
|
* \param olen The address at which to store the length of
|
||||||
|
* the plaintext. This must not be \c NULL.
|
||||||
|
* \param input The ciphertext buffer. This must be a readable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
|
* \param output The buffer used to hold the plaintext. This must
|
||||||
|
* be a writable buffer of length \p output_max_len Bytes.
|
||||||
|
* \param output_max_len The length in Bytes of the output buffer \p output.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -765,9 +816,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* ciphertext provided, the function returns
|
* ciphertext provided, the function returns
|
||||||
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||||
*
|
*
|
||||||
* \note The input buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \deprecated It is deprecated and discouraged to call this function
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||||
* are likely to remove the \p mode argument and have it
|
* are likely to remove the \p mode argument and have it
|
||||||
|
@ -777,16 +825,27 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. If \p mode is
|
||||||
|
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||||
|
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||||
* \param label The buffer holding the custom label to use.
|
* \param label The buffer holding the custom label to use.
|
||||||
* \param label_len The length of the label.
|
* This must be a readable buffer of length \p label_len
|
||||||
* \param olen The length of the plaintext.
|
* Bytes. It may be \c NULL if \p label_len is \c 0.
|
||||||
* \param input The buffer holding the encrypted data.
|
* \param label_len The length of the label in Bytes.
|
||||||
* \param output The buffer to hold the plaintext.
|
* \param olen The address at which to store the length of
|
||||||
* \param output_max_len The maximum length of the output buffer.
|
* the plaintext. This must not be \c NULL.
|
||||||
|
* \param input The ciphertext buffer. This must be a readable buffer
|
||||||
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
|
* \param output The buffer used to hold the plaintext. This must
|
||||||
|
* be a writable buffer of length \p output_max_len Bytes.
|
||||||
|
* \param output_max_len The length in Bytes of the output buffer \p output.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -824,16 +883,28 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
|
* \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1,
|
||||||
* #MBEDTLS_RSA_PRIVATE.
|
* this must be provided. If the padding mode is PKCS#1 v1.5 and
|
||||||
* \param p_rng The RNG context.
|
* \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* and should be provided; see mbedtls_rsa_private() for more
|
||||||
|
* more. It is ignored otherwise.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||||
|
* if \p f_rng is \c NULL or doesn't need a context argument.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
* \param hashlen The length of the message digest.
|
||||||
* \param hash The buffer holding the message digest.
|
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||||
* \param sig The buffer to hold the ciphertext.
|
* \param hash The buffer holding the message digest or raw data.
|
||||||
|
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||||
|
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||||
|
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||||
|
* the size of the hash corresponding to \p md_alg.
|
||||||
|
* \param sig The buffer to hold the signature. This must be a writable
|
||||||
|
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the signing operation was successful.
|
* \return \c 0 if the signing operation was successful.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -851,9 +922,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
||||||
* \brief This function performs a PKCS#1 v1.5 signature
|
* \brief This function performs a PKCS#1 v1.5 signature
|
||||||
* operation (RSASSA-PKCS1-v1_5-SIGN).
|
* operation (RSASSA-PKCS1-v1_5-SIGN).
|
||||||
*
|
*
|
||||||
* \note The \p sig buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \deprecated It is deprecated and discouraged to call this function
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||||
* are likely to remove the \p mode argument and have it
|
* are likely to remove the \p mode argument and have it
|
||||||
|
@ -863,15 +931,27 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. If \p mode is
|
||||||
|
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||||
|
* if \p f_rng is \c NULL or doesn't need a context argument.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
* \param hashlen The length of the message digest.
|
||||||
* \param hash The buffer holding the message digest.
|
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||||
* \param sig The buffer to hold the ciphertext.
|
* \param hash The buffer holding the message digest or raw data.
|
||||||
|
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||||
|
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||||
|
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||||
|
* the size of the hash corresponding to \p md_alg.
|
||||||
|
* \param sig The buffer to hold the signature. This must be a writable
|
||||||
|
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the signing operation was successful.
|
* \return \c 0 if the signing operation was successful.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -889,9 +969,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||||
* \brief This function performs a PKCS#1 v2.1 PSS signature
|
* \brief This function performs a PKCS#1 v2.1 PSS signature
|
||||||
* operation (RSASSA-PSS-SIGN).
|
* operation (RSASSA-PSS-SIGN).
|
||||||
*
|
*
|
||||||
* \note The \p sig buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \note The \p hash_id in the RSA context is the one used for the
|
* \note The \p hash_id in the RSA context is the one used for the
|
||||||
* encoding. \p md_alg in the function call is the type of hash
|
* encoding. \p md_alg in the function call is the type of hash
|
||||||
* that is encoded. According to <em>RFC-3447: Public-Key
|
* that is encoded. According to <em>RFC-3447: Public-Key
|
||||||
|
@ -918,16 +995,24 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA context.
|
* \param ctx The initialized RSA context to use.
|
||||||
* \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
|
* \param f_rng The RNG function. It must not be \c NULL.
|
||||||
* #MBEDTLS_RSA_PRIVATE.
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||||
* \param p_rng The RNG context.
|
* if \p f_rng doesn't need a context argument.
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
* \param hashlen The length of the message digest.
|
||||||
* \param hash The buffer holding the message digest.
|
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||||
* \param sig The buffer to hold the ciphertext.
|
* \param hash The buffer holding the message digest or raw data.
|
||||||
|
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||||
|
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||||
|
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||||
|
* the size of the hash corresponding to \p md_alg.
|
||||||
|
* \param sig The buffer to hold the signature. This must be a writable
|
||||||
|
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the signing operation was successful.
|
* \return \c 0 if the signing operation was successful.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -948,9 +1033,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||||
* This is the generic wrapper for performing a PKCS#1
|
* This is the generic wrapper for performing a PKCS#1
|
||||||
* verification using the mode from the context.
|
* verification using the mode from the context.
|
||||||
*
|
*
|
||||||
* \note The \p sig buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \note For PKCS#1 v2.1 encoding, see comments on
|
* \note For PKCS#1 v2.1 encoding, see comments on
|
||||||
* mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
|
* mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
|
||||||
* \p hash_id.
|
* \p hash_id.
|
||||||
|
@ -964,15 +1046,26 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA public key context.
|
* \param ctx The initialized RSA public key context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||||
|
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
* \param hashlen The length of the message digest.
|
||||||
* \param hash The buffer holding the message digest.
|
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||||
* \param sig The buffer holding the ciphertext.
|
* \param hash The buffer holding the message digest or raw data.
|
||||||
|
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||||
|
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||||
|
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||||
|
* the size of the hash corresponding to \p md_alg.
|
||||||
|
* \param sig The buffer holding the signature. This must be a readable
|
||||||
|
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the verify operation was successful.
|
* \return \c 0 if the verify operation was successful.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -990,9 +1083,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||||
* \brief This function performs a PKCS#1 v1.5 verification
|
* \brief This function performs a PKCS#1 v1.5 verification
|
||||||
* operation (RSASSA-PKCS1-v1_5-VERIFY).
|
* operation (RSASSA-PKCS1-v1_5-VERIFY).
|
||||||
*
|
*
|
||||||
* \note The \p sig buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \deprecated It is deprecated and discouraged to call this function
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||||
* are likely to remove the \p mode argument and have it
|
* are likely to remove the \p mode argument and have it
|
||||||
|
@ -1002,15 +1092,26 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA public key context.
|
* \param ctx The initialized RSA public key context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||||
|
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
* \param hashlen The length of the message digest.
|
||||||
* \param hash The buffer holding the message digest.
|
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||||
* \param sig The buffer holding the ciphertext.
|
* \param hash The buffer holding the message digest or raw data.
|
||||||
|
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||||
|
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||||
|
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||||
|
* the size of the hash corresponding to \p md_alg.
|
||||||
|
* \param sig The buffer holding the signature. This must be a readable
|
||||||
|
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the verify operation was successful.
|
* \return \c 0 if the verify operation was successful.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -1031,9 +1132,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||||
* The hash function for the MGF mask generating function
|
* The hash function for the MGF mask generating function
|
||||||
* is that specified in the RSA context.
|
* is that specified in the RSA context.
|
||||||
*
|
*
|
||||||
* \note The \p sig buffer must be as large as the size
|
|
||||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
|
||||||
*
|
|
||||||
* \note The \p hash_id in the RSA context is the one used for the
|
* \note The \p hash_id in the RSA context is the one used for the
|
||||||
* verification. \p md_alg in the function call is the type of
|
* verification. \p md_alg in the function call is the type of
|
||||||
* hash that is verified. According to <em>RFC-3447: Public-Key
|
* hash that is verified. According to <em>RFC-3447: Public-Key
|
||||||
|
@ -1051,15 +1149,26 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA public key context.
|
* \param ctx The initialized RSA public key context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||||
|
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
* \param hashlen The length of the message digest.
|
||||||
* \param hash The buffer holding the message digest.
|
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||||
* \param sig The buffer holding the ciphertext.
|
* \param hash The buffer holding the message digest or raw data.
|
||||||
|
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||||
|
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||||
|
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||||
|
* the size of the hash corresponding to \p md_alg.
|
||||||
|
* \param sig The buffer holding the signature. This must be a readable
|
||||||
|
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the verify operation was successful.
|
* \return \c 0 if the verify operation was successful.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -1085,19 +1194,29 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
||||||
*
|
*
|
||||||
* \note The \p hash_id in the RSA context is ignored.
|
* \note The \p hash_id in the RSA context is ignored.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA public key context.
|
* \param ctx The initialized RSA public key context to use.
|
||||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||||
* \param p_rng The RNG context.
|
* this is used for blinding and should be provided; see
|
||||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||||
|
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||||
|
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||||
|
* \param mode The mode of operation. This must be either
|
||||||
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||||
* \param hashlen The length of the message digest. Only used if \p md_alg is
|
* \param hashlen The length of the message digest.
|
||||||
* #MBEDTLS_MD_NONE.
|
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||||
* \param hash The buffer holding the message digest.
|
* \param hash The buffer holding the message digest or raw data.
|
||||||
* \param mgf1_hash_id The message digest used for mask generation.
|
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||||
* \param expected_salt_len The length of the salt used in padding. Use
|
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||||
* #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
|
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||||
* \param sig The buffer holding the ciphertext.
|
* the size of the hash corresponding to \p md_alg.
|
||||||
|
* \param mgf1_hash_id The message digest used for mask generation.
|
||||||
|
* \param expected_salt_len The length of the salt used in padding. Use
|
||||||
|
* #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
|
||||||
|
* \param sig The buffer holding the signature. This must be a readable
|
||||||
|
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
|
* for an 2048-bit RSA modulus.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the verify operation was successful.
|
* \return \c 0 if the verify operation was successful.
|
||||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||||
|
@ -1116,8 +1235,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||||
/**
|
/**
|
||||||
* \brief This function copies the components of an RSA context.
|
* \brief This function copies the components of an RSA context.
|
||||||
*
|
*
|
||||||
* \param dst The destination context.
|
* \param dst The destination context. This must be initialized.
|
||||||
* \param src The source context.
|
* \param src The source context. This must be initialized.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
|
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
|
||||||
|
@ -1127,7 +1246,9 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
||||||
/**
|
/**
|
||||||
* \brief This function frees the components of an RSA key.
|
* \brief This function frees the components of an RSA key.
|
||||||
*
|
*
|
||||||
* \param ctx The RSA Context to free.
|
* \param ctx The RSA context to free. May be \c NULL, in which case
|
||||||
|
* this function is a no-op. If it is not \c NULL, it must
|
||||||
|
* point to an initialized RSA context.
|
||||||
*/
|
*/
|
||||||
void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
|
void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
|
||||||
|
|
||||||
|
|
202
library/rsa.c
202
library/rsa.c
|
@ -71,6 +71,12 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_RSA_ALT)
|
#if !defined(MBEDTLS_RSA_ALT)
|
||||||
|
|
||||||
|
/* Parameter validation macros */
|
||||||
|
#define RSA_VALIDATE_RET( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
|
||||||
|
#define RSA_VALIDATE( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
/* constant-time buffer comparison */
|
/* constant-time buffer comparison */
|
||||||
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||||
|
@ -93,6 +99,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
||||||
const mbedtls_mpi *D, const mbedtls_mpi *E )
|
const mbedtls_mpi *D, const mbedtls_mpi *E )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
|
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
|
||||||
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
|
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
|
||||||
|
@ -117,6 +124,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
|
||||||
unsigned char const *E, size_t E_len )
|
unsigned char const *E, size_t E_len )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( N != NULL )
|
if( N != NULL )
|
||||||
{
|
{
|
||||||
|
@ -240,12 +248,16 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
|
||||||
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
int have_N, have_P, have_Q, have_D, have_E;
|
||||||
|
int n_missing, pq_missing, d_missing, is_pub, is_priv;
|
||||||
|
|
||||||
const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
|
|
||||||
const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
|
have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
|
||||||
const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
|
||||||
const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
|
||||||
|
have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
||||||
|
have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check whether provided parameters are enough
|
* Check whether provided parameters are enough
|
||||||
|
@ -257,13 +269,13 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
const int n_missing = have_P && have_Q && have_D && have_E;
|
n_missing = have_P && have_Q && have_D && have_E;
|
||||||
const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
|
pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
|
||||||
const int d_missing = have_P && have_Q && !have_D && have_E;
|
d_missing = have_P && have_Q && !have_D && have_E;
|
||||||
const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
|
is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
|
||||||
|
|
||||||
/* These three alternatives are mutually exclusive */
|
/* These three alternatives are mutually exclusive */
|
||||||
const int is_priv = n_missing || pq_missing || d_missing;
|
is_priv = n_missing || pq_missing || d_missing;
|
||||||
|
|
||||||
if( !is_priv && !is_pub )
|
if( !is_priv && !is_pub )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
@ -336,9 +348,11 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
||||||
unsigned char *E, size_t E_len )
|
unsigned char *E, size_t E_len )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
int is_priv;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
/* Check if key is private or public */
|
/* Check if key is private or public */
|
||||||
const int is_priv =
|
is_priv =
|
||||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||||
|
@ -379,9 +393,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
||||||
mbedtls_mpi *D, mbedtls_mpi *E )
|
mbedtls_mpi *D, mbedtls_mpi *E )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
int is_priv;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
/* Check if key is private or public */
|
/* Check if key is private or public */
|
||||||
int is_priv =
|
is_priv =
|
||||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||||
|
@ -421,9 +437,11 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
|
||||||
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
|
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
int is_priv;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
/* Check if key is private or public */
|
/* Check if key is private or public */
|
||||||
int is_priv =
|
is_priv =
|
||||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||||
|
@ -459,6 +477,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
||||||
int padding,
|
int padding,
|
||||||
int hash_id )
|
int hash_id )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE( ctx != NULL );
|
||||||
|
RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
|
||||||
|
padding == MBEDTLS_RSA_PKCS_V21 );
|
||||||
|
|
||||||
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
|
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
|
||||||
|
|
||||||
mbedtls_rsa_set_padding( ctx, padding, hash_id );
|
mbedtls_rsa_set_padding( ctx, padding, hash_id );
|
||||||
|
@ -471,8 +493,13 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
||||||
/*
|
/*
|
||||||
* Set padding for an existing RSA context
|
* Set padding for an existing RSA context
|
||||||
*/
|
*/
|
||||||
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
|
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
|
||||||
|
int hash_id )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE( ctx != NULL );
|
||||||
|
RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
|
||||||
|
padding == MBEDTLS_RSA_PKCS_V21 );
|
||||||
|
|
||||||
ctx->padding = padding;
|
ctx->padding = padding;
|
||||||
ctx->hash_id = hash_id;
|
ctx->hash_id = hash_id;
|
||||||
}
|
}
|
||||||
|
@ -503,11 +530,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_mpi H, G, L;
|
mbedtls_mpi H, G, L;
|
||||||
int prime_quality = 0;
|
int prime_quality = 0;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( f_rng != NULL );
|
||||||
|
|
||||||
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
if( nbits % 2 )
|
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -612,6 +638,8 @@ cleanup:
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
|
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
|
||||||
|
@ -635,6 +663,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
|
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
|
||||||
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
|
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -664,6 +694,9 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||||
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
||||||
const mbedtls_rsa_context *prv )
|
const mbedtls_rsa_context *prv )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( pub != NULL );
|
||||||
|
RSA_VALIDATE_RET( prv != NULL );
|
||||||
|
|
||||||
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
||||||
mbedtls_rsa_check_privkey( prv ) != 0 )
|
mbedtls_rsa_check_privkey( prv ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -689,6 +722,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
size_t olen;
|
size_t olen;
|
||||||
mbedtls_mpi T;
|
mbedtls_mpi T;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
|
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
@ -831,6 +867,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||||
* checked result; should be the same in the end. */
|
* checked result; should be the same in the end. */
|
||||||
mbedtls_mpi I, C;
|
mbedtls_mpi I, C;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
if( rsa_check_context( ctx, 1 /* private key checks */,
|
if( rsa_check_context( ctx, 1 /* private key checks */,
|
||||||
f_rng != NULL /* blinding y/n */ ) != 0 )
|
f_rng != NULL /* blinding y/n */ ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -1091,6 +1131,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
@ -1167,11 +1214,13 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char *p = output;
|
unsigned char *p = output;
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
|
||||||
// We don't check p_rng because it won't be dereferenced here
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
if( f_rng == NULL || input == NULL || output == NULL )
|
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
olen = ctx->len;
|
olen = ctx->len;
|
||||||
|
@ -1185,6 +1234,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||||
*p++ = 0;
|
*p++ = 0;
|
||||||
if( mode == MBEDTLS_RSA_PUBLIC )
|
if( mode == MBEDTLS_RSA_PUBLIC )
|
||||||
{
|
{
|
||||||
|
if( f_rng == NULL )
|
||||||
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
*p++ = MBEDTLS_RSA_CRYPT;
|
*p++ = MBEDTLS_RSA_CRYPT;
|
||||||
|
|
||||||
while( nb_pad-- > 0 )
|
while( nb_pad-- > 0 )
|
||||||
|
@ -1229,6 +1281,12 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *input,
|
const unsigned char *input,
|
||||||
unsigned char *output )
|
unsigned char *output )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
@ -1271,6 +1329,14 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||||
|
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( olen != NULL );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parameters sanity checks
|
* Parameters sanity checks
|
||||||
*/
|
*/
|
||||||
|
@ -1490,11 +1556,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
size_t output_max_len )
|
size_t output_max_len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t ilen = ctx->len;
|
size_t ilen, i, plaintext_max_size;
|
||||||
size_t i;
|
|
||||||
size_t plaintext_max_size = ( output_max_len > ilen - 11 ?
|
|
||||||
ilen - 11 :
|
|
||||||
output_max_len );
|
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||||
/* The following variables take sensitive values: their value must
|
/* The following variables take sensitive values: their value must
|
||||||
* not leak into the observable behavior of the function other than
|
* not leak into the observable behavior of the function other than
|
||||||
|
@ -1512,6 +1574,18 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
size_t plaintext_size = 0;
|
size_t plaintext_size = 0;
|
||||||
unsigned output_too_large;
|
unsigned output_too_large;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( olen != NULL );
|
||||||
|
|
||||||
|
ilen = ctx->len;
|
||||||
|
plaintext_max_size = ( output_max_len > ilen - 11 ?
|
||||||
|
ilen - 11 :
|
||||||
|
output_max_len );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
@ -1647,6 +1721,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
||||||
unsigned char *output,
|
unsigned char *output,
|
||||||
size_t output_max_len)
|
size_t output_max_len)
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( olen != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
@ -1688,6 +1769,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||||
size_t msb;
|
size_t msb;
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
@ -1935,6 +2023,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char *sig_try = NULL, *verif = NULL;
|
unsigned char *sig_try = NULL, *verif = NULL;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
@ -2004,6 +2100,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
unsigned char *sig )
|
unsigned char *sig )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
@ -2050,6 +2154,14 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
@ -2178,7 +2290,16 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
const unsigned char *sig )
|
const unsigned char *sig )
|
||||||
{
|
{
|
||||||
mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
|
mbedtls_md_type_t mgf1_hash_id;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
|
mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
|
||||||
? (mbedtls_md_type_t) ctx->hash_id
|
? (mbedtls_md_type_t) ctx->hash_id
|
||||||
: md_alg;
|
: md_alg;
|
||||||
|
|
||||||
|
@ -2204,9 +2325,19 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *sig )
|
const unsigned char *sig )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
const size_t sig_len = ctx->len;
|
size_t sig_len;
|
||||||
unsigned char *encoded = NULL, *encoded_expected = NULL;
|
unsigned char *encoded = NULL, *encoded_expected = NULL;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
|
sig_len = ctx->len;
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
@ -2276,6 +2407,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
const unsigned char *sig )
|
const unsigned char *sig )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
@ -2301,6 +2440,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||||
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
RSA_VALIDATE_RET( dst != NULL );
|
||||||
|
RSA_VALIDATE_RET( src != NULL );
|
||||||
|
|
||||||
dst->ver = src->ver;
|
dst->ver = src->ver;
|
||||||
dst->len = src->len;
|
dst->len = src->len;
|
||||||
|
@ -2340,6 +2481,9 @@ cleanup:
|
||||||
*/
|
*/
|
||||||
void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
|
void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
|
if( ctx == NULL )
|
||||||
|
return;
|
||||||
|
|
||||||
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
|
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
|
||||||
mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D );
|
mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D );
|
||||||
mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P );
|
mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P );
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
RSA parameter validation
|
||||||
|
rsa_invalid_param:
|
||||||
|
|
||||||
RSA PKCS1 Verify v1.5 CAVS #1
|
RSA PKCS1 Verify v1.5 CAVS #1
|
||||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
|
||||||
# Good padding but wrong hash
|
# Good padding but wrong hash
|
||||||
|
@ -255,12 +258,6 @@ RSA PKCS1 Sign #9 Verify (Invalid Digest type)
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||||
|
|
||||||
RSA PKCS1 Sign #8 (Invalid padding type)
|
|
||||||
mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2:MBEDTLS_MD_MD5:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING
|
|
||||||
|
|
||||||
RSA PKCS1 Sign #8 Verify (Invalid padding type)
|
|
||||||
mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":1:MBEDTLS_MD_MD5:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING
|
|
||||||
|
|
||||||
RSA PKCS1 Encrypt #1
|
RSA PKCS1 Encrypt #1
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0
|
mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0
|
||||||
|
@ -277,12 +274,6 @@ RSA PKCS1 Decrypt #2 (Data too small)
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
RSA PKCS1 Encrypt #3 (Invalid padding mode)
|
|
||||||
mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_INVALID_PADDING
|
|
||||||
|
|
||||||
RSA PKCS1 Decrypt #3 (Invalid padding mode)
|
|
||||||
mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
|
|
||||||
|
|
||||||
RSA PKCS1 Decrypt #4 (Output buffer too small)
|
RSA PKCS1 Decrypt #4 (Output buffer too small)
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":15:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
|
mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":15:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
|
||||||
|
|
|
@ -17,6 +17,454 @@
|
||||||
* END_DEPENDENCIES
|
* END_DEPENDENCIES
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||||
|
void rsa_invalid_param( )
|
||||||
|
{
|
||||||
|
mbedtls_rsa_context ctx;
|
||||||
|
const int valid_padding = MBEDTLS_RSA_PKCS_V21;
|
||||||
|
const int invalid_padding = 42;
|
||||||
|
const int valid_mode = MBEDTLS_RSA_PRIVATE;
|
||||||
|
const int invalid_mode = 42;
|
||||||
|
unsigned char buf[42] = { 0 };
|
||||||
|
size_t olen;
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
|
||||||
|
TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
|
||||||
|
TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
|
||||||
|
|
||||||
|
/* No more variants because only the first argument must be non-NULL. */
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_import( NULL, NULL, NULL,
|
||||||
|
NULL, NULL, NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_import_raw( NULL,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0 ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_complete( NULL ) );
|
||||||
|
|
||||||
|
/* No more variants because only the first argument must be non-NULL. */
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_export( NULL, NULL, NULL,
|
||||||
|
NULL, NULL, NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_export_raw( NULL,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0,
|
||||||
|
NULL, 0 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
|
||||||
|
valid_padding, 0 ) );
|
||||||
|
TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
|
||||||
|
invalid_padding, 0 ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_gen_key( NULL, rnd_std_rand,
|
||||||
|
NULL, 0, 0 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_gen_key( &ctx, NULL,
|
||||||
|
NULL, 0, 0 ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_check_pubkey( NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_check_privkey( NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_public( NULL, buf, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_public( &ctx, NULL, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_public( &ctx, buf, NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_private( NULL, NULL, NULL,
|
||||||
|
buf, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_private( &ctx, NULL, NULL,
|
||||||
|
NULL, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_private( &ctx, NULL, NULL,
|
||||||
|
buf, NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
sizeof( buf ), NULL,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode,
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
invalid_mode,
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode,
|
||||||
|
sizeof( buf ), NULL,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode,
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
NULL, sizeof( buf ),
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
sizeof( buf ), NULL,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
|
||||||
|
valid_mode, &olen,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
|
||||||
|
invalid_mode, &olen,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode, NULL,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode, &olen,
|
||||||
|
NULL, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode, &olen,
|
||||||
|
buf, NULL, 42 ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode, &olen,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
invalid_mode, &olen,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode, NULL,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode, &olen,
|
||||||
|
NULL, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode, &olen,
|
||||||
|
buf, NULL, 42 ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
&olen,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
&olen,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
NULL, sizeof( buf ),
|
||||||
|
NULL,
|
||||||
|
buf, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
&olen,
|
||||||
|
NULL, buf, 42 ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
buf, sizeof( buf ),
|
||||||
|
&olen,
|
||||||
|
buf, NULL, 42 ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), NULL,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
0, NULL,
|
||||||
|
buf ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), NULL,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
0, NULL,
|
||||||
|
buf ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), NULL,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
0, NULL,
|
||||||
|
buf ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), NULL,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
MBEDTLS_MD_SHA1, 0, NULL,
|
||||||
|
buf ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
invalid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
NULL, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ), buf,
|
||||||
|
NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||||
|
NULL,
|
||||||
|
valid_mode,
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
0, NULL,
|
||||||
|
buf ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
buf, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
buf, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
NULL, buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
buf, NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
0, NULL,
|
||||||
|
buf ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
buf,
|
||||||
|
0, 0,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||||
|
invalid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
buf,
|
||||||
|
0, 0,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
NULL, 0, 0,
|
||||||
|
buf ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
0, sizeof( buf ),
|
||||||
|
buf, 0, 0,
|
||||||
|
NULL ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||||
|
valid_mode,
|
||||||
|
MBEDTLS_MD_SHA1,
|
||||||
|
0, NULL,
|
||||||
|
0, 0,
|
||||||
|
buf ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_copy( NULL, &ctx ) );
|
||||||
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
mbedtls_rsa_copy( &ctx, NULL ) );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
|
void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
|
||||||
int digest, int mod, int radix_P, char * input_P,
|
int digest, int mod, int radix_P, char * input_P,
|
||||||
|
|
Loading…
Reference in a new issue