Implement parameter validation for RSA module
This commit is contained in:
Hanno Becker
parent
9a46777d66
commit
ddeeed7d1b
1 changed files with 170 additions and 25 deletions
195
library/rsa.c
195
library/rsa.c
|
|
@ -71,6 +71,12 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_RSA_ALT)
|
#if !defined(MBEDTLS_RSA_ALT)
|
||||||
|
|
||||||
|
/* Parameter validation macros */
|
||||||
|
#define RSA_VALIDATE_RET( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
|
||||||
|
#define RSA_VALIDATE( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
/* constant-time buffer comparison */
|
/* constant-time buffer comparison */
|
||||||
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||||
|
|
@ -93,6 +99,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
||||||
const mbedtls_mpi *D, const mbedtls_mpi *E )
|
const mbedtls_mpi *D, const mbedtls_mpi *E )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
|
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
|
||||||
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
|
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
|
||||||
|
|
@ -117,6 +124,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
|
||||||
unsigned char const *E, size_t E_len )
|
unsigned char const *E, size_t E_len )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( N != NULL )
|
if( N != NULL )
|
||||||
{
|
{
|
||||||
|
|
@ -240,12 +248,16 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
|
||||||
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
int have_N, have_P, have_Q, have_D, have_E;
|
||||||
|
int n_missing, pq_missing, d_missing, is_pub, is_priv;
|
||||||
|
|
||||||
const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
|
|
||||||
const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
|
have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
|
||||||
const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
|
||||||
const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
|
||||||
|
have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
||||||
|
have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check whether provided parameters are enough
|
* Check whether provided parameters are enough
|
||||||
|
|
@ -257,13 +269,13 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
const int n_missing = have_P && have_Q && have_D && have_E;
|
n_missing = have_P && have_Q && have_D && have_E;
|
||||||
const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
|
pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
|
||||||
const int d_missing = have_P && have_Q && !have_D && have_E;
|
d_missing = have_P && have_Q && !have_D && have_E;
|
||||||
const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
|
is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
|
||||||
|
|
||||||
/* These three alternatives are mutually exclusive */
|
/* These three alternatives are mutually exclusive */
|
||||||
const int is_priv = n_missing || pq_missing || d_missing;
|
is_priv = n_missing || pq_missing || d_missing;
|
||||||
|
|
||||||
if( !is_priv && !is_pub )
|
if( !is_priv && !is_pub )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
@ -336,9 +348,11 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
||||||
unsigned char *E, size_t E_len )
|
unsigned char *E, size_t E_len )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
int is_priv;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
/* Check if key is private or public */
|
/* Check if key is private or public */
|
||||||
const int is_priv =
|
is_priv =
|
||||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||||
|
|
@ -379,9 +393,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
||||||
mbedtls_mpi *D, mbedtls_mpi *E )
|
mbedtls_mpi *D, mbedtls_mpi *E )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
int is_priv;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
/* Check if key is private or public */
|
/* Check if key is private or public */
|
||||||
int is_priv =
|
is_priv =
|
||||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||||
|
|
@ -421,9 +437,11 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
|
||||||
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
|
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
int is_priv;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
/* Check if key is private or public */
|
/* Check if key is private or public */
|
||||||
int is_priv =
|
is_priv =
|
||||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||||
|
|
@ -459,6 +477,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
||||||
int padding,
|
int padding,
|
||||||
int hash_id )
|
int hash_id )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE( ctx != NULL );
|
||||||
|
RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
|
||||||
|
padding == MBEDTLS_RSA_PKCS_V21 );
|
||||||
|
|
||||||
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
|
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
|
||||||
|
|
||||||
mbedtls_rsa_set_padding( ctx, padding, hash_id );
|
mbedtls_rsa_set_padding( ctx, padding, hash_id );
|
||||||
|
|
@ -471,8 +493,13 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
||||||
/*
|
/*
|
||||||
* Set padding for an existing RSA context
|
* Set padding for an existing RSA context
|
||||||
*/
|
*/
|
||||||
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
|
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
|
||||||
|
int hash_id )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE( ctx != NULL );
|
||||||
|
RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
|
||||||
|
padding == MBEDTLS_RSA_PKCS_V21 );
|
||||||
|
|
||||||
ctx->padding = padding;
|
ctx->padding = padding;
|
||||||
ctx->hash_id = hash_id;
|
ctx->hash_id = hash_id;
|
||||||
}
|
}
|
||||||
|
|
@ -503,11 +530,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_mpi H, G, L;
|
mbedtls_mpi H, G, L;
|
||||||
int prime_quality = 0;
|
int prime_quality = 0;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( f_rng != NULL );
|
||||||
|
|
||||||
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
if( nbits % 2 )
|
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -612,6 +638,8 @@ cleanup:
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
|
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||||
|
|
||||||
|
|
@ -635,6 +663,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
|
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
|
||||||
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
|
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -664,6 +694,9 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||||
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
||||||
const mbedtls_rsa_context *prv )
|
const mbedtls_rsa_context *prv )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( pub != NULL );
|
||||||
|
RSA_VALIDATE_RET( prv != NULL );
|
||||||
|
|
||||||
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
||||||
mbedtls_rsa_check_privkey( prv ) != 0 )
|
mbedtls_rsa_check_privkey( prv ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -689,6 +722,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
size_t olen;
|
size_t olen;
|
||||||
mbedtls_mpi T;
|
mbedtls_mpi T;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
|
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
@ -831,6 +867,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||||
* checked result; should be the same in the end. */
|
* checked result; should be the same in the end. */
|
||||||
mbedtls_mpi I, C;
|
mbedtls_mpi I, C;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
if( rsa_check_context( ctx, 1 /* private key checks */,
|
if( rsa_check_context( ctx, 1 /* private key checks */,
|
||||||
f_rng != NULL /* blinding y/n */ ) != 0 )
|
f_rng != NULL /* blinding y/n */ ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -1091,6 +1131,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||||
|
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
|
@ -1167,6 +1214,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char *p = output;
|
unsigned char *p = output;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
|
@ -1229,6 +1282,12 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *input,
|
const unsigned char *input,
|
||||||
unsigned char *output )
|
unsigned char *output )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
|
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
|
@ -1271,6 +1330,14 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||||
|
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( olen != NULL );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parameters sanity checks
|
* Parameters sanity checks
|
||||||
*/
|
*/
|
||||||
|
|
@ -1490,11 +1557,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
size_t output_max_len )
|
size_t output_max_len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t ilen = ctx->len;
|
size_t ilen, i, plaintext_max_size;
|
||||||
size_t i;
|
|
||||||
size_t plaintext_max_size = ( output_max_len > ilen - 11 ?
|
|
||||||
ilen - 11 :
|
|
||||||
output_max_len );
|
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||||
/* The following variables take sensitive values: their value must
|
/* The following variables take sensitive values: their value must
|
||||||
* not leak into the observable behavior of the function other than
|
* not leak into the observable behavior of the function other than
|
||||||
|
|
@ -1512,6 +1575,18 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
size_t plaintext_size = 0;
|
size_t plaintext_size = 0;
|
||||||
unsigned output_too_large;
|
unsigned output_too_large;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( olen != NULL );
|
||||||
|
|
||||||
|
ilen = ctx->len;
|
||||||
|
plaintext_max_size = ( output_max_len > ilen - 11 ?
|
||||||
|
ilen - 11 :
|
||||||
|
output_max_len );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
|
@ -1647,6 +1722,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
||||||
unsigned char *output,
|
unsigned char *output,
|
||||||
size_t output_max_len)
|
size_t output_max_len)
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||||
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
RSA_VALIDATE_RET( olen != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
|
@ -1688,6 +1770,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||||
size_t msb;
|
size_t msb;
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
@ -1935,6 +2024,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char *sig_try = NULL, *verif = NULL;
|
unsigned char *sig_try = NULL, *verif = NULL;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
|
@ -2004,6 +2101,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
unsigned char *sig )
|
unsigned char *sig )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
|
@ -2050,6 +2155,14 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
|
@ -2178,7 +2291,16 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
const unsigned char *sig )
|
const unsigned char *sig )
|
||||||
{
|
{
|
||||||
mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
|
mbedtls_md_type_t mgf1_hash_id;
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
|
mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
|
||||||
? (mbedtls_md_type_t) ctx->hash_id
|
? (mbedtls_md_type_t) ctx->hash_id
|
||||||
: md_alg;
|
: md_alg;
|
||||||
|
|
||||||
|
|
@ -2204,9 +2326,19 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *sig )
|
const unsigned char *sig )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
const size_t sig_len = ctx->len;
|
size_t sig_len;
|
||||||
unsigned char *encoded = NULL, *encoded_expected = NULL;
|
unsigned char *encoded = NULL, *encoded_expected = NULL;
|
||||||
|
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
|
sig_len = ctx->len;
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
|
@ -2276,6 +2408,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
const unsigned char *sig )
|
const unsigned char *sig )
|
||||||
{
|
{
|
||||||
|
RSA_VALIDATE_RET( ctx != NULL );
|
||||||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
|
RSA_VALIDATE_RET( sig != NULL );
|
||||||
|
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||||
|
hashlen == 0 ) ||
|
||||||
|
hash != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
#if defined(MBEDTLS_PKCS1_V15)
|
||||||
|
|
@ -2301,6 +2441,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||||
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
RSA_VALIDATE_RET( dst != NULL );
|
||||||
|
RSA_VALIDATE_RET( src != NULL );
|
||||||
|
|
||||||
dst->ver = src->ver;
|
dst->ver = src->ver;
|
||||||
dst->len = src->len;
|
dst->len = src->len;
|
||||||
|
|
@ -2340,6 +2482,9 @@ cleanup:
|
||||||
*/
|
*/
|
||||||
void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
|
void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
|
||||||
{
|
{
|
||||||
|
if( ctx == NULL )
|
||||||
|
return;
|
||||||
|
|
||||||
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
|
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
|
||||||
mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D );
|
mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D );
|
||||||
mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P );
|
mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P );
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue