Clarify guarantees made by rsa_deduce_moduli/private/crt

2017-10-02 12:24:50 +01:00 · 2017-10-02 12:24:50 +01:00 · 1b831fe1c5
commit 1b831fe1c5
parent bdefff1dde
1 changed files with 9 additions and 2 deletions
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -99,6 +99,10 @@ extern "C" {
 *                   factorization of N.
 *                 - A non-zero error code otherwise.
 *
+ * \note           It is neither checked that P, Q are prime nor that
+ *                 D, E are modular inverses wrt. P-1 and Q-1. For that,
+ *                 use the helper function \c mbedtls_rsa_validate_params.
+ *
 */
 int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D,
            mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t),
@ -117,13 +121,13 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D,
 * \param E        RSA public exponent
 * \param D        Pointer to MPI holding the private exponent on success.
 *
- * \note           This function does not check whether P and Q are primes.
- *
 * \return
 *                 - 0 if successful. In this case, D is set to a simultaneous
 *                   modular inverse of E modulo both P-1 and Q-1.
 *                 - A non-zero error code otherwise.
 *
+ * \note           This function does not check whether P and Q are primes.
+ *
 */
 int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q,
                                mbedtls_mpi const *E, mbedtls_mpi *D );
@ -145,6 +149,9 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q,
 *
 * \return         0 on success, non-zero error code otherwise.
 *
+ * \note           This function does not check whether P, Q are
+ *                 prime and whether D is a valid private exponent.
+ *
 */
 int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
                            const mbedtls_mpi *D, mbedtls_mpi *DP,