yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Removes mode param from mbedtls_rsa_pkcs1_verify

Browse source 
Commit removes mode parameter from
mbedtls_rsa_pkcs1_verify and propagates the
change throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit is contained in:
Thomas Daubney 2021-05-18 18:45:09 +01:00
parent 613d1a4fb7
commit 68d9cbca97
9 changed files with 17 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
include/mbedtls/rsa.h
View file

@ -973,24 +973,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
* the message digest.
*
* This is the generic wrapper for performing a PKCS#1
* verification using the mode from the context.
* verification.
*
* \note For PKCS#1 v2.1 encoding, see comments on
* mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
* \p hash_id.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* set to #MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA public key context to use.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@ -1008,7 +997,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,

4
library/pk_wrap.c
View file

@ -90,8 +90,8 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
if( sig_len < rsa_len )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, MBEDTLS_RSA_PUBLIC,
md_alg, (unsigned int) hash_len,
if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg,
(unsigned int) hash_len,
hash, sig ) ) != 0 )
return( ret );

1
library/psa_crypto_rsa.c
View file

@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash(
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
MBEDTLS_MD_NONE );
ret = mbedtls_rsa_pkcs1_verify( rsa,
MBEDTLS_RSA_PUBLIC,
md_alg,
(unsigned int) hash_length,
hash,

10
library/rsa.c
View file

@ -2414,15 +2414,12 @@ cleanup:
* Do an RSA operation and check the message digest
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig )
{
RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
@ -2432,13 +2429,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, mode, md_alg,
return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg,
hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, mode, md_alg,
return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg,
hashlen, hash, sig );
#endif
@ -2705,8 +2702,7 @@ int mbedtls_rsa_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
if( mbedtls_rsa_pkcs1_verify( &rsa,
MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )

4
programs/pkey/dh_client.c
View file

@ -220,8 +220,8 @@ int main( void )
goto exit;
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
0, hash, p ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;

4
programs/pkey/rsa_verify.c
View file

@ -140,8 +140,8 @@ int main( int argc, char *argv[] )
goto exit;
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
20, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
goto exit;

2
tests/suites/test_suite_pkcs1_v15.function
View file

@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );

8
tests/suites/test_suite_pkcs1_v21.function
View file

@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E,
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@ -244,9 +244,9 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E,
hash_len = message_str->len;
}
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC,
msg_digest_id, hash_len, hash_result,
result_str->x ) == result_simple );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id,
hash_len, hash_result,
result_str->x ) == result_simple );
TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
msg_digest_id, hash_len, hash_result,

8
tests/suites/test_suite_rsa.function
View file

@ -281,22 +281,18 @@ void rsa_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_verify( NULL,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_verify( &ctx,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_verify( &ctx,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_verify( &ctx,
MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA1, 0, NULL,
buf ) );
@ -485,7 +481,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@ -564,7 +560,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result,
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );