Minor improvements
This commit is contained in:
parent
3f3ae85e11
commit
98838b04af
2 changed files with 38 additions and 22 deletions
|
@ -383,7 +383,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
|
||||||
* must have been imported.
|
* must have been imported.
|
||||||
*
|
*
|
||||||
* - To setup an RSA private key, enough information must be
|
* - To setup an RSA private key, enough information must be
|
||||||
* present for the other parameters to be efficiently derivable.
|
* present for the other parameters to be derivable.
|
||||||
*
|
*
|
||||||
* The default implementation supports the following:
|
* The default implementation supports the following:
|
||||||
* - Derive P, Q from N, D, E
|
* - Derive P, Q from N, D, E
|
||||||
|
@ -629,7 +629,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
|
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
||||||
|
const mbedtls_rsa_context *prv );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Do an RSA public key operation
|
* \brief Do an RSA public key operation
|
||||||
|
|
|
@ -310,7 +310,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||||
mbedtls_mpi_init( &K );
|
mbedtls_mpi_init( &K );
|
||||||
mbedtls_mpi_init( &L );
|
mbedtls_mpi_init( &L );
|
||||||
|
|
||||||
/* Check that DP - P == 0 mod P - 1 */
|
/* Check that DP - D == 0 mod P - 1 */
|
||||||
if( DP != NULL )
|
if( DP != NULL )
|
||||||
{
|
{
|
||||||
if( P == NULL )
|
if( P == NULL )
|
||||||
|
@ -329,7 +329,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check that DQ - Q == 0 mod Q - 1 */
|
/* Check that DQ - D == 0 mod Q - 1 */
|
||||||
if( DQ != NULL )
|
if( DQ != NULL )
|
||||||
{
|
{
|
||||||
if( Q == NULL )
|
if( Q == NULL )
|
||||||
|
@ -348,7 +348,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check that QP * P - 1 == 0 mod P */
|
/* Check that QP * Q - 1 == 0 mod P */
|
||||||
if( QP != NULL )
|
if( QP != NULL )
|
||||||
{
|
{
|
||||||
if( P == NULL || Q == NULL )
|
if( P == NULL || Q == NULL )
|
||||||
|
@ -689,7 +689,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx,
|
||||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Step 3: Double check
|
* Step 3: Basic sanity check
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if( is_priv )
|
if( is_priv )
|
||||||
|
@ -1009,23 +1009,32 @@ cleanup:
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
if( !ctx->N.p || !ctx->E.p )
|
if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 ||
|
||||||
|
mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 )
|
||||||
|
{
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
if( ctx->len != mbedtls_mpi_size( &ctx->N ) )
|
if( ctx->len != mbedtls_mpi_size( &ctx->N ) )
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
|
||||||
if( ( ctx->N.p[0] & 1 ) == 0 ||
|
if( mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 ||
|
||||||
( ctx->E.p[0] & 1 ) == 0 )
|
mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 )
|
||||||
|
{
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ||
|
if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ||
|
||||||
mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS )
|
mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS )
|
||||||
|
{
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
if( mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
|
if( mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
|
||||||
mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
|
mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
|
||||||
|
{
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -1035,8 +1044,10 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
|
if( mbedtls_rsa_check_pubkey( ctx ) != 0 )
|
||||||
mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
|
||||||
|
if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
|
||||||
&ctx->D, &ctx->E, NULL, NULL ) != 0 )
|
&ctx->D, &ctx->E, NULL, NULL ) != 0 )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
@ -1055,9 +1066,10 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||||
/*
|
/*
|
||||||
* Check if contexts holding a public and private key match
|
* Check if contexts holding a public and private key match
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv )
|
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
||||||
|
const mbedtls_rsa_context *prv )
|
||||||
{
|
{
|
||||||
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
||||||
mbedtls_rsa_check_privkey( prv ) != 0 )
|
mbedtls_rsa_check_privkey( prv ) != 0 )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
@ -2621,8 +2633,9 @@ int mbedtls_rsa_self_test( int verbose )
|
||||||
|
|
||||||
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
|
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
|
||||||
|
|
||||||
if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, PT_LEN,
|
if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
|
||||||
rsa_plaintext, rsa_ciphertext ) != 0 )
|
PT_LEN, rsa_plaintext,
|
||||||
|
rsa_ciphertext ) != 0 )
|
||||||
{
|
{
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
mbedtls_printf( "failed\n" );
|
mbedtls_printf( "failed\n" );
|
||||||
|
@ -2633,9 +2646,9 @@ int mbedtls_rsa_self_test( int verbose )
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
mbedtls_printf( "passed\n PKCS#1 decryption : " );
|
mbedtls_printf( "passed\n PKCS#1 decryption : " );
|
||||||
|
|
||||||
if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, &len,
|
if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE,
|
||||||
rsa_ciphertext, rsa_decrypted,
|
&len, rsa_ciphertext, rsa_decrypted,
|
||||||
sizeof(rsa_decrypted) ) != 0 )
|
sizeof(rsa_decrypted) ) != 0 )
|
||||||
{
|
{
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
mbedtls_printf( "failed\n" );
|
mbedtls_printf( "failed\n" );
|
||||||
|
@ -2660,8 +2673,9 @@ int mbedtls_rsa_self_test( int verbose )
|
||||||
|
|
||||||
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
|
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
|
||||||
|
|
||||||
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
|
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
|
||||||
sha1sum, rsa_ciphertext ) != 0 )
|
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
|
||||||
|
sha1sum, rsa_ciphertext ) != 0 )
|
||||||
{
|
{
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
mbedtls_printf( "failed\n" );
|
mbedtls_printf( "failed\n" );
|
||||||
|
@ -2672,8 +2686,9 @@ int mbedtls_rsa_self_test( int verbose )
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
|
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
|
||||||
|
|
||||||
if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
|
if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL,
|
||||||
sha1sum, rsa_ciphertext ) != 0 )
|
MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
|
||||||
|
sha1sum, rsa_ciphertext ) != 0 )
|
||||||
{
|
{
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
mbedtls_printf( "failed\n" );
|
mbedtls_printf( "failed\n" );
|
||||||
|
|
Loading…
Reference in a new issue