Adapt rsa_check_privkey to deal with NO_CRT option

This commit is contained in:
Hanno Becker 2017-08-23 06:59:48 +01:00
parent bee3aaeb50
commit 6345dd33b9

View file

@ -1025,9 +1025,10 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
if( !ctx->P.p || !ctx->Q.p || !ctx->D.p ) if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 );
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I );
mbedtls_mpi_init( &L1 ); mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); mbedtls_mpi_init( &L1 );
mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ );
mbedtls_mpi_init( &QP ); mbedtls_mpi_init( &QP );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
@ -1041,27 +1042,33 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) );
#if !defined(MBEDTLS_RSA_NO_CRT)
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) );
#endif
/* /*
* Check for a valid PKCS1v2 private key * Check for a valid PKCS1v2 private key
*/ */
if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 || if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
#if !defined(MBEDTLS_RSA_NO_CRT)
mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 || mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 ||
mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 || mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 ||
mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 || mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 ||
#endif
mbedtls_mpi_cmp_int( &L2, 0 ) != 0 || mbedtls_mpi_cmp_int( &L2, 0 ) != 0 ||
mbedtls_mpi_cmp_int( &I, 1 ) != 0 || mbedtls_mpi_cmp_int( &I, 1 ) != 0 ||
mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
{ {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
} }
cleanup: cleanup:
mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 );
mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I );
mbedtls_mpi_free( &L1 ); mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); mbedtls_mpi_free( &L1 );
mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ );
mbedtls_mpi_free( &QP ); mbedtls_mpi_free( &QP );
if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )