Merge pull request #5525 from superna9999/5161-pk-rsa-encryption
PK: RSA encryption
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
472044f21e
3 changed files with 126 additions and 11 deletions
|
|
@ -365,6 +365,73 @@ static int rsa_decrypt_wrap( void *ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
static int rsa_encrypt_wrap( void *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_status_t status;
|
||||
mbedtls_pk_context key;
|
||||
int key_len;
|
||||
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
||||
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
|
||||
#if !defined(MBEDTLS_RSA_ALT)
|
||||
if( rsa->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
|
||||
#endif
|
||||
|
||||
if( mbedtls_rsa_get_len( rsa ) > osize )
|
||||
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
|
||||
|
||||
/* mbedtls_pk_write_pubkey_der() expects a full PK context;
|
||||
* re-construct one to make it happy */
|
||||
key.pk_info = &mbedtls_rsa_info;
|
||||
key.pk_ctx = ctx;
|
||||
key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) );
|
||||
if( key_len <= 0 )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
|
||||
psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_CRYPT );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
|
||||
|
||||
status = psa_import_key( &attributes,
|
||||
buf + sizeof( buf ) - key_len, key_len,
|
||||
&key_id );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
ret = mbedtls_pk_error_from_psa( status );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
status = psa_asymmetric_encrypt( key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
input, ilen,
|
||||
NULL, 0,
|
||||
output, osize, olen );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
ret = mbedtls_pk_error_from_psa_rsa( status );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
status = psa_destroy_key( key_id );
|
||||
if( ret == 0 && status != PSA_SUCCESS )
|
||||
ret = mbedtls_pk_error_from_psa( status );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#else
|
||||
static int rsa_encrypt_wrap( void *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
|
|
@ -379,6 +446,7 @@ static int rsa_encrypt_wrap( void *ctx,
|
|||
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
|
||||
ilen, input, output ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
static int rsa_check_pair_wrap( const void *pub, const void *prv,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
|
@ -855,7 +923,10 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
|
|||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
psa_destroy_key( key_id );
|
||||
status = psa_destroy_key( key_id );
|
||||
if( ret == 0 && status != PSA_SUCCESS )
|
||||
ret = mbedtls_pk_error_from_psa( status );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
|
|
|||
|
|
@ -136,9 +136,9 @@ RSA sign-verify
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:512:0:0
|
||||
|
||||
RSA encrypt test vector
|
||||
RSA encrypt-decrypt test
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_encrypt_test_vec:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0
|
||||
pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":0
|
||||
|
||||
RSA decrypt test vector #1
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
|
|
|
|||
|
|
@ -710,24 +710,32 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||
void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
|
||||
char * input_N, int radix_E, char * input_E,
|
||||
data_t * result, int ret )
|
||||
void pk_rsa_encrypt_decrypt_test( data_t * message, int mod, int radix_P,
|
||||
char * input_P, int radix_Q, char * input_Q,
|
||||
int radix_N, char * input_N, int radix_E,
|
||||
char * input_E, int ret )
|
||||
{
|
||||
unsigned char output[300];
|
||||
unsigned char output[300], result[300];
|
||||
mbedtls_test_rnd_pseudo_info rnd_info;
|
||||
mbedtls_mpi N, P, Q, E;
|
||||
mbedtls_rsa_context *rsa;
|
||||
mbedtls_pk_context pk;
|
||||
size_t olen;
|
||||
size_t olen, rlen;
|
||||
|
||||
mbedtls_pk_init( &pk );
|
||||
|
||||
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
||||
memset( output, 0, sizeof( output ) );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
|
||||
mbedtls_pk_init( &pk );
|
||||
/* encryption test */
|
||||
|
||||
/* init pk-rsa context */
|
||||
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
||||
rsa = mbedtls_pk_rsa( pk );
|
||||
|
||||
/* load public key */
|
||||
rsa->len = mod / 8;
|
||||
TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
|
||||
TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
|
||||
|
|
@ -735,11 +743,44 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
|
|||
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
|
||||
output, &olen, sizeof( output ),
|
||||
mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
|
||||
TEST_ASSERT( olen == result->len );
|
||||
TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
|
||||
|
||||
/* decryption test */
|
||||
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
|
||||
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
|
||||
|
||||
/* init pk-rsa context */
|
||||
mbedtls_pk_free( &pk );
|
||||
TEST_ASSERT( mbedtls_pk_setup( &pk,
|
||||
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
||||
rsa = mbedtls_pk_rsa( pk );
|
||||
|
||||
/* load public key */
|
||||
TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
|
||||
TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
|
||||
|
||||
/* load private key */
|
||||
TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
|
||||
TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
|
||||
TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
|
||||
TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
|
||||
|
||||
memset( result, 0, sizeof( result ) );
|
||||
rlen = 0;
|
||||
TEST_ASSERT( mbedtls_pk_decrypt( &pk, output, olen,
|
||||
result, &rlen, sizeof( result ),
|
||||
mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
|
||||
if( ret == 0 )
|
||||
{
|
||||
TEST_ASSERT( rlen == message->len );
|
||||
TEST_ASSERT( memcmp( result, message->x, rlen ) == 0 );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
|
||||
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
|
||||
mbedtls_pk_free( &pk );
|
||||
USE_PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
|
@ -884,6 +925,8 @@ void pk_rsa_alt( )
|
|||
size_t sig_len, ciph_len, test_len;
|
||||
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
||||
|
||||
USE_PSA_INIT( );
|
||||
|
||||
mbedtls_rsa_init( &raw );
|
||||
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
|
||||
|
||||
|
|
@ -948,6 +991,7 @@ void pk_rsa_alt( )
|
|||
exit:
|
||||
mbedtls_rsa_free( &raw );
|
||||
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
|
||||
USE_PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue