Deprecate usage of RSA primitives with wrong key type

Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those
may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
This commit is contained in:
Hanno Becker 2017-10-05 10:09:31 +01:00
parent 01692531c6
commit 3cdc711972
2 changed files with 115 additions and 4 deletions

View file

@ -48,6 +48,7 @@
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't provide the requested operation. */
/*
* RSA constants
@ -250,6 +251,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
@ -273,6 +283,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
@ -299,6 +318,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
@ -327,13 +355,22 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
* the decryption of the particular ciphertext provided,
* the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
@ -359,13 +396,22 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
* the decryption of the particular ciphertext provided,
* the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
@ -393,16 +439,25 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
* the decryption of the particular ciphertext provided,
* the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
* \note The input buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
@ -430,6 +485,15 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -460,6 +524,15 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -488,6 +561,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -522,6 +604,15 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -552,6 +643,15 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -580,6 +680,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*

View file

@ -331,6 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) )
mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't provide the requested operation" );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_SSL_TLS_C)