Merge pull request #4618 from ronald-cron-arm/rsa-padding
Remove mbedtls_rsa_init() padding parameters
diff --git a/ChangeLog.d/rsa-padding.txt b/ChangeLog.d/rsa-padding.txt
new file mode 100644
index 0000000..5f9c11f
--- /dev/null
+++ b/ChangeLog.d/rsa-padding.txt
@@ -0,0 +1,5 @@
+API changes
+ * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA
+ key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
+ after initializing the context. mbedtls_rsa_set_padding() now returns an
+ error if its parameters are invalid.
diff --git a/docs/3.0-migration-guide.d/rsa-padding.md b/docs/3.0-migration-guide.d/rsa-padding.md
new file mode 100644
index 0000000..f10ece6
--- /dev/null
+++ b/docs/3.0-migration-guide.d/rsa-padding.md
@@ -0,0 +1,29 @@
+Remove the padding parameters from mbedtls_rsa_init()
+-----------------------------------------------------
+
+This affects all users who use the RSA encryption, decryption, sign and
+verify APIs.
+
+The function mbedtls_rsa_init() no longer supports selecting the PKCS#1 v2.1
+encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If
+you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call
+to mbedtls_rsa_init(), to call mbedtls_rsa_set_padding() to set it.
+
+To choose the padding type when initializing a context, instead of
+```C
+ mbedtls_rsa_init(ctx, padding, hash_id);
+```
+, use
+```C
+ mbedtls_rsa_init(ctx);
+ mbedtls_rsa_set_padding(ctx, padding, hash_id);
+```
+
+To use PKCS#1 v1.5 padding, instead of
+```C
+ mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, <ignored>);
+```
+, just use
+```C
+ mbedtls_rsa_init(ctx);
+```
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index ba00bff..34174b6 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -134,33 +134,51 @@
/**
* \brief This function initializes an RSA context.
*
+ * \note This function initializes the padding and the hash
+ * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
+ * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
+ * information about those parameters.
+ *
+ * \param ctx The RSA context to initialize. This must not be \c NULL.
+ */
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
+
+/**
+ * \brief This function sets padding for an already initialized RSA
+ * context.
+ *
* \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
* encryption scheme and the RSASSA-PSS signature scheme.
*
* \note The \p hash_id parameter is ignored when using
* #MBEDTLS_RSA_PKCS_V15 padding.
*
- * \note The choice of padding mode is strictly enforced for private key
- * operations, since there might be security concerns in
+ * \note The choice of padding mode is strictly enforced for private
+ * key operations, since there might be security concerns in
* mixing padding modes. For public key operations it is
* a default value, which can be overridden by calling specific
- * \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
+ * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
+ * functions.
*
* \note The hash selected in \p hash_id is always used for OEAP
* encryption. For PSS signatures, it is always used for
* making signatures, but can be overridden for verifying them.
* If set to #MBEDTLS_MD_NONE, it is always overridden.
*
- * \param ctx The RSA context to initialize. This must not be \c NULL.
+ * \param ctx The initialized RSA context to be configured.
* \param padding The padding mode to use. This must be either
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier of ::mbedtls_md_type_t type, if
- * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
- * otherwise.
+ * \param hash_id The hash identifier for PSS or OAEP, if \p padding is
+ * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
+ * function but may be not suitable for some operations.
+ * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
+ * \p padding or \p hash_id is invalid.
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id );
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ mbedtls_md_type_t hash_id );
/**
* \brief This function imports a set of core parameters into an
@@ -392,18 +410,6 @@
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
/**
- * \brief This function sets padding for an already initialized RSA
- * context. See mbedtls_rsa_init() for details.
- *
- * \param ctx The initialized RSA context to be configured.
- * \param padding The padding mode to use. This must be either
- * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id );
-
-/**
* \brief This function retrieves the length of RSA modulus in Bytes.
*
* \param ctx The initialized RSA context.
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c351113..ec0ff45 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -165,7 +165,7 @@
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
if( ctx != NULL )
- mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
+ mbedtls_rsa_init( (mbedtls_rsa_context *) ctx );
return( ctx );
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 214c405..7921eb2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2838,13 +2838,14 @@
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
- mbedtls_rsa_context *rsa )
+static int psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa )
{
psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+
+ return( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
@@ -2917,7 +2918,11 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_encrypt( rsa,
mbedtls_psa_get_random,
@@ -3023,7 +3028,11 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_decrypt( rsa,
mbedtls_psa_get_random,
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index b5aec20..f2e9a1c 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -317,7 +317,7 @@
if( status != PSA_SUCCESS )
return( status );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ mbedtls_rsa_init( &rsa );
ret = mbedtls_rsa_gen_key( &rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
@@ -416,29 +416,36 @@
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_pkcs1_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_rsassa_pss_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
@@ -489,25 +496,31 @@
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_verify( rsa,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_pkcs1_verify( rsa,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_verify( rsa,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_rsassa_pss_verify( rsa,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
diff --git a/library/rsa.c b/library/rsa.c
index 36424bd..a788337 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -477,17 +477,14 @@
/*
* Initialize an RSA context
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id )
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
{
RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
- mbedtls_rsa_set_padding( ctx, padding, hash_id );
+ ctx->padding = MBEDTLS_RSA_PKCS_V15;
+ ctx->hash_id = MBEDTLS_MD_NONE;
#if defined(MBEDTLS_THREADING_C)
/* Set ctx->ver to nonzero to indicate that the mutex has been
@@ -500,15 +497,38 @@
/*
* Set padding for an existing RSA context
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id )
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ mbedtls_md_type_t hash_id )
{
- RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
+ switch( padding )
+ {
+#if defined(MBEDTLS_PKCS1_V15)
+ case MBEDTLS_RSA_PKCS_V15:
+ break;
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+ case MBEDTLS_RSA_PKCS_V21:
+ break;
+#endif
+ default:
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ }
+
+ if( ( padding == MBEDTLS_RSA_PKCS_V21 ) &&
+ ( hash_id != MBEDTLS_MD_NONE ) )
+ {
+ const mbedtls_md_info_t *md_info;
+
+ md_info = mbedtls_md_info_from_type( hash_id );
+ if( md_info == NULL )
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ }
ctx->padding = padding;
ctx->hash_id = hash_id;
+
+ return( 0 );
}
/*
@@ -2580,7 +2600,7 @@
mbedtls_mpi K;
mbedtls_mpi_init( &K );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) );
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index c6b3132..3abf49e 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -92,7 +92,6 @@
mbedtls_aes_context aes;
mbedtls_net_init( &server_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@@ -125,7 +124,7 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 63df77e..d87f75a 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -95,7 +95,6 @@
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@@ -131,7 +130,7 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 1ba8c73..88b80d1 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -90,7 +90,7 @@
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 6c654ad..1113622 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -87,7 +87,7 @@
fflush( stdout );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 26a8925..1dcfc52 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -75,7 +75,7 @@
const char *pers = "rsa_genkey";
mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 1cfa0a8..427554f 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -67,7 +67,7 @@
char filename[512];
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 9d5053a..26056dd 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -115,7 +115,13 @@
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Padding not supported\n" );
+ goto exit;
+ }
/*
* Compute the SHA-256 hash of the input file,
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 6aca171..0cd17b0 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -66,7 +66,7 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
if( argc != 2 )
{
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 81b0fd6..527d799 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -98,7 +98,13 @@
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Invalid padding\n" );
+ goto exit;
+ }
/*
* Extract the RSA signature from the file
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index e123453..5aa31f7 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -786,7 +786,7 @@
{
mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );
TIME_PUBLIC( title, " public",
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 2e24aec..573c9d4 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -863,7 +863,7 @@
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
- mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ mbedtls_rsa_init( &raw );
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
memset( hash, 0x2a, sizeof hash );
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index a7fb2a5..d78ee88 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -25,7 +25,9 @@
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -71,7 +73,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -193,7 +197,7 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
@@ -277,7 +281,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
@@ -325,7 +331,9 @@
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index f7e1e24..ec5591f 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -24,7 +24,9 @@
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
@@ -67,7 +69,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -131,7 +135,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
@@ -189,7 +195,9 @@
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
@@ -225,7 +233,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, ctx_hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 2512ef2..cc5a047 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -1,3 +1,6 @@
+RSA parameter validation
+rsa_invalid_param:
+
RSA init-free-free
rsa_init_free:0
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 9cf2fcf..14b4afc 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -18,6 +18,44 @@
*/
/* BEGIN_CASE */
+void rsa_invalid_param( )
+{
+ mbedtls_rsa_context ctx;
+ const int invalid_padding = 42;
+ const int invalid_hash_id = 0xff;
+
+ mbedtls_rsa_init( &ctx );
+
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ invalid_padding,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21,
+ invalid_hash_id ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+
+#if !defined(MBEDTLS_PKCS1_V15)
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
+
+#if !defined(MBEDTLS_PKCS1_V21)
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
+
+exit:
+ mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void rsa_init_free( int reinit )
{
mbedtls_rsa_context ctx;
@@ -27,11 +65,11 @@
* unconditionally on an error path without checking whether it has
* already been called in the success path. */
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_rsa_free( &ctx );
if( reinit )
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_rsa_free( &ctx );
/* This test case always succeeds, functionally speaking. A plausible
@@ -55,7 +93,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
@@ -104,7 +144,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -138,7 +180,9 @@
mbedtls_mpi N, P, Q, E;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
@@ -185,7 +229,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -219,7 +265,9 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -260,7 +308,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -305,7 +355,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -353,8 +405,8 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
+ mbedtls_rsa_init( &ctx2 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -411,8 +463,8 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
+ mbedtls_rsa_init( &ctx2 );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -488,7 +540,7 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
if( strlen( input_N ) )
{
@@ -519,7 +571,7 @@
{
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
ctx.len = mod / 8;
if( strlen( input_P ) )
@@ -580,8 +632,8 @@
{
mbedtls_rsa_context pub, prv;
- mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &pub );
+ mbedtls_rsa_init( &prv );
pub.len = mod / 8;
prv.len = mod / 8;
@@ -652,7 +704,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init ( &ctx, 0, 0 );
+ mbedtls_rsa_init ( &ctx );
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
@@ -804,7 +856,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_mpi_init( &N );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -945,7 +997,7 @@
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_mpi_init( &N );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -1125,7 +1177,7 @@
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
/* Setup RSA context */
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
@@ -1227,7 +1279,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,