yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-22 10:50:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'restricted/pr/397' into development

Browse source 
* restricted/pr/397:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
This commit is contained in:
Manuel Pégourié-Gonnard 2017-12-19 11:27:22 +01:00
parent 535553e7d8 1434a365a6
commit 4712119687
5 changed files with 168 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -60,6 +60,10 @@ Changes
and the message digest. Further, allow enabling/disabling of authority
identifier, subject identifier and basic constraints extensions.
New deprecations
* Deprecate usage of RSA primitives with non-matching key-type
(e.g., signing with a public key).
= mbed TLS 2.6.0 branch released 2017-08-10
Security

2
include/mbedtls/error.h
View file

@ -75,7 +75,7 @@
* PKCS5 2 4 (Started from top)
* DHM 3 9
* PK 3 14 (Started from top)
* RSA 4 9
* RSA 4 10
* ECP 4 8 (Started from top)
* MD 5 4
* CIPHER 6 6

117
include/mbedtls/rsa.h
View file

@ -48,6 +48,7 @@
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */
/*
* RSA constants
@ -250,6 +251,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
@ -273,6 +283,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
@ -299,6 +318,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
@ -327,13 +355,22 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
* the decryption of the particular ciphertext provided,
* the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
@ -359,13 +396,22 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
* the decryption of the particular ciphertext provided,
* the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
@ -393,16 +439,25 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer length \c output_max_len should be
* as large as the size ctx->len of ctx->N (eg. 128 bytes
* if RSA-1024 is used) to be able to hold an arbitrary
* decrypted message. If it is not large enough to hold
* the decryption of the particular ciphertext provided,
* the decryption of the particular ciphertext provided,
* the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \note The input buffer must be as large as the size
* \note The input buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
@ -430,6 +485,15 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -460,6 +524,15 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -488,6 +561,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the signing operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -522,6 +604,15 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -552,6 +643,15 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*
@ -580,6 +680,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \deprecated It is deprecated and discouraged to call this function
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
* are likely to remove the mode argument and have it implicitly
* set to MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \return 0 if the verify operation was successful,
* or an MBEDTLS_ERR_RSA_XXX error code
*

2
library/error.c
View file

@ -331,6 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) )
mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_SSL_TLS_C)

65
tests/suites/test_suite_rsa.function
View file

@ -60,9 +60,12 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
msg_len = unhexify( message_str, message_hex_string );
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
message_str, msg_len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PRIVATE, digest, 0,
hash_result, output ) == result );
if( result == 0 )
{
hexify( output_str, output, ctx.len );
@ -71,7 +74,8 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
}
exit:
mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 );
mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
mbedtls_rsa_free( &ctx );
}
/* END_CASE */
@ -119,6 +123,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
char *input_N, int radix_E, char *input_E,
char *result_hex_str )
{
int res;
unsigned char message_str[1000];
unsigned char hash_result[1000];
unsigned char output[1000];
@ -157,7 +162,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
unhexify( message_str, message_hex_string );
hash_len = unhexify( hash_result, hash_result_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_len, hash_result, output ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
hash_len, hash_result, output ) == 0 );
hexify( output_str, output, ctx.len );
@ -169,13 +176,22 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
memset( output, 0x00, 1000 );
memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
&rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
hash_len, hash_result, output ) == 0 );
hash_len, hash_result, output );
hexify( output_str, output, ctx.len );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
#else
TEST_ASSERT( ( res == 0 ) ||
( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
#endif
TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
if( res == 0 )
{
hexify( output_str, output, ctx.len );
TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
}
}
exit:
@ -190,6 +206,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
char *input_N, int radix_E, char *input_E,
char *result_hex_str, int correct )
{
int res;
unsigned char message_str[1000];
unsigned char hash_result[1000];
unsigned char result_str[1000];
@ -220,15 +237,25 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
{
int ok;
TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
NULL, NULL, MBEDTLS_RSA_PUBLIC,
&olen, result_str, output, sizeof( output ) ) == 0 );
&olen, result_str, output, sizeof( output ) );
ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
if( correct == 0 )
TEST_ASSERT( ok == 1 );
else
TEST_ASSERT( ok == 0 );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
#else
TEST_ASSERT( ( res == 0 ) ||
( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) );
#endif
if( res == 0 )
{
ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
if( correct == 0 )
TEST_ASSERT( ok == 1 );
else
TEST_ASSERT( ok == 0 );
}
}
exit:
@ -263,7 +290,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int
msg_len = unhexify( message_str, message_hex_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PUBLIC, msg_len,
message_str, output ) == result );
if( result == 0 )
{
hexify( output_str, output, ctx.len );
@ -301,7 +330,9 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
msg_len = unhexify( message_str, message_hex_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
MBEDTLS_RSA_PUBLIC, msg_len,
message_str, output ) == result );
if( result == 0 )
{
hexify( output_str, output, ctx.len );