yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Check that 1 < D, E < N in mbedtls_rsa_validate_params

Browse source
This commit is contained in:
Hanno Becker 2017-10-02 13:01:43 +01:00
parent c6fc878eda
commit b5beaa8995
2 changed files with 26 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
include/mbedtls/rsa.h
View file

@ -174,12 +174,13 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
* \param p_rng PRNG context for f_rng, or NULL * \param p_rng PRNG context for f_rng, or NULL
* *
* \return * \return
* - 0 if the following conditions are satisfied: * - 0 if the following conditions are satisfied
* - N = PQ if N,P,Q != NULL * if all relevant parameters are provided:
* - P prime if f_rng != NULL
* - Q prime if f_rng != NULL
* - 1 < N = PQ
* - 1 < D, E < N
* - D and E are modular inverses modulo P-1 and Q-1 * - D and E are modular inverses modulo P-1 and Q-1
* if D,E,P,Q != NULL
* - P prime if f_rng, P != NULL
* - Q prime if f_rng, Q != NULL
* - A non-zero error code otherwise. * - A non-zero error code otherwise.
* *
* \note The function can be used with a restricted set of arguments * \note The function can be used with a restricted set of arguments

26
library/rsa.c
View file

@ -422,13 +422,13 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
#endif /* MBEDTLS_GENPRIME */ #endif /* MBEDTLS_GENPRIME */
/* /*
* Step 2: Check that N = PQ * Step 2: Check that 1 < N = PQ
*/ */
if( P != NULL && Q != NULL && N != NULL ) if( P != NULL && Q != NULL && N != NULL )
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) );
if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ||
mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) mbedtls_mpi_cmp_mpi( &K, N ) != 0 )
{ {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
@ -437,15 +437,29 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
} }
/* /*
* Step 3: Check that D, E are inverse modulo P-1 and Q-1 * Step 3: Check and 1 < D, E < N if present.
*/
if( N != NULL && D != NULL && E != NULL )
{
if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
{
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
}
/*
* Step 4: Check that D, E are inverse modulo P-1 and Q-1
*/ */
if( P != NULL && Q != NULL && D != NULL && E != NULL ) if( P != NULL && Q != NULL && D != NULL && E != NULL )
{ {
if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || mbedtls_mpi_cmp_int( Q, 1 ) <= 0 )
mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
mbedtls_mpi_cmp_int( E, 1 ) <= 0 )
{ {
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup; goto cleanup;