Commit Graph

312 Commits

Author SHA1 Message Date
Gilles Peskine
6e3187b212 RSA: Use hashlen as the hash input size as documented
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.

Adapt the existing tests accordingly. Adapt the sample programs accordingly.

This commit does not add any negative testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:53 +02:00
Ronald Cron
3a0375fff4 Fail if a padding disabled by the build-time configuration is selected
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:57 +02:00
Ronald Cron
c1905a1c3d Change mbedtls_rsa_init() signature
Remove padding parameters as mbedtls_rsa_init()
cannot return an error code when padding
parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:10 +02:00
Thomas Daubney
d58ed587fd Restores erroneously removed checks
Some padding checks in rsa.c were
erroneously removed in a previous
commit and are restored in this
commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-21 11:50:39 +01:00
Thomas Daubney
41e4ce4884 Removes RSA constants
This commit removes the RSA
constants MBEDTLS_RSA_PUBLIC
and MBEDTLS_RSA_PRIVATE because
they are now superfluous given
that the mode parameter has been
removed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 15:10:05 +01:00
Thomas Daubney
cad59ed48e Removes mode param from rsa_rsassa_pss_sign
Commit removes the mode parameter
from the internal function
rsa_rsassa_pss_sign.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 15:04:08 +01:00
Thomas Daubney
782a7f5bd6 Removes mode param from mbedtls_rsa_rsassa_pss_verify_ext
Commit removes the mode parameter
from the mbedtls_rsa_rsassa_pss_verify_ext
function. This change is propagated
throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 12:27:35 +01:00
Thomas Daubney
9e65f791b5 Removes f_rng param from mbedtls_rsa_rsassa_pss_verify_ext
Commit removes the f_rng parameter from
the mbedtls_rsa_rsassa_pss_verify_ext
function. This is in preparation for
the removal of the mode parameter.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 12:18:58 +01:00
Thomas Daubney
578e9abcbd Removes p_rng param from mbedtls_rsa_rsassa_pss_verify_ext
Commit removes p_rng parameter from the
mbedtls_rsa_rsassa_pss_verify_ext function
in preparation for removal of the mode
parameter.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 12:14:57 +01:00
Thomas Daubney
5ee4cc031c Removes mode param from mbedtls_rsa_rsassa_pss_verify
Commit removes the mode parameter
from the mbedtls_rsa_rsassa_pss_verify
function and propagates the change
throughout the process.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 12:07:42 +01:00
Thomas Daubney
718a53db2c Removed f_rng param from mbedtls_rsa_rsassa_pss_verify
Commit removes f_rng parameter from
mbedtls_rsa_rsassa_pss_verify function in
preparation of mode parameter removal.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 12:01:35 +01:00
Thomas Daubney
08f4c9c571 Removes p_rng param from mbedtls_rsa_rsassa_pss_verify
Commit removes p_rng parameter from
mbedtls_rsa_rsassa_pss_verify function
as preparation for removing the mode
parameter.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 11:56:02 +01:00
Thomas Daubney
2e1262517c Removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify
Commit removes mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_verify and
propagates the change throughout the
codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 11:48:53 +01:00
Thomas Daubney
475053df2c Removes f_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify
Commit performs removal of f_rng parameter
from mbedtls_rsa_rsassa_pkcs1_v15_verify
function in preparation for removal of mode
parameter.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 11:44:27 +01:00
Thomas Daubney
cbc088f5d0 Removes p_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify
Commit removes p_rng from
mbedtls_rsa_rsassa_pkcs1_v15_verify function in
preparation of removal of mode parameter.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 11:39:58 +01:00
Thomas Daubney
68d9cbca97 Removes mode param from mbedtls_rsa_pkcs1_verify
Commit removes mode parameter from
mbedtls_rsa_pkcs1_verify and propagates the
change throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:14:32 +01:00
Thomas Daubney
613d1a4fb7 Removes p_rng param from mbedtls_rsa_pkcs1_verify
Commit removes p_rng from mbedtls_rsa_pkcs1_verify
since p_rng has no relevance following the removal
of f_rng from this function.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
ac1331211e Removes f_rng parameter from mbedtls_rsa_pkcs1_verify
Commit removes f_rng parameter from
mbedtls_rsa_pkcs1_verify as a prerequisite
to removing the mode parameter. f_rng no
longer has relevance in this function if
mode is removed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
de9fdc4b12 Removes mode param from mbedtls_rsa_rsassa_pss_sign
Commit removes the mode param from
mbedtls_rsa_rsassa_pss_sign and propagates
the changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
526549854c Removes mode param from mbedtls_rsa_rsassa_pkcs1_v15_sign
Commit removes the mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_sign and
propagates the change throughout the
codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:05 +01:00
Thomas Daubney
140184d029 Removes mode param from mbedtls_rsa_pkcs1_sign
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 18:02:24 +01:00
Thomas Daubney
141700f057 Removes mode param from mbedtls_rsa_rsaes_oaep_encrypt
Removes mode parameter from
mbedtls_rsa_rsaes_oaep_encrypt and propagates
changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
53e4ac64b7 Removes mode param from mbedtls_rsa_rsaes_pkcs1_v15_encrypt
Removal of mode parameter from
mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit
propagates the change to all relevant function calls
and tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
2177277dda Removes mode param from mbedtls_rsa_pkcs1_encrypt
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
3473308b5d Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt
Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt
and also modify and remove relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:55:58 +01:00
Thomas Daubney
d21e0b780a Remove mode parameter from mbedtls_rsa_rsaes_oaep_decrypt function
Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt
function. The change is progagated to all function calls, including in
test suite .function files. Additionally fully removing one test
where the wrong mode was being tested.

Signed-off-by: Tom Daubney <Thomas.Daubney@arm.com>
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:49:41 +01:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
Gilles Peskine
e67665ca20
Merge pull request #4006 from chris-jones-arm/development
Add macro to check error code additions/combinations
2021-04-28 16:47:29 +02:00
Chris Jones
b7d02e0f15 Fix misc issues with unused parameters and check-names.sh
Fix unused parameter warnings when MBEDTLS_TEST_HOOKS is not enabled.

A few issues were caught by check-names.sh namely:

- mbedtls_error_add was not capitalised.
- mbedtls_test_hook_error_add was being defined multiple times as the
  definition was in a header.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:26:59 +01:00
Chris Jones
7439209bcc Rewrite error addition interface
The previous implementation of the error addition interface did not comply
with the invasive testing architecture guidelines. This commit fixes that
by:

- Renaming functions/macros/variables to follow the mbedtls_error_xxx or
  mbedtls_test_hook_xxx convention.

- Making mbedtls_test_hook_error_add a global variable that can be set
  by the testing code.

- Using a static inline function call, as opposed to macro, to keep
  discrepancies between debug and production version to a minimum.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:24:25 +01:00
Chris Jones
713e4e77b4 Expand use of MBEDTLS_ERR_ADD to the rest of rsa.c
All occurences of manual error code addition/combination, in `rsa.c`, have
been replaced with the `MBEDTLS_ERR_ADD` macro.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:35 +01:00
Chris Jones
96ae73b0ea Add macro for error code addition
Adds a macro (`MBEDTLS_ERR_ADD`) to add error codes together and check that the
result will not be corrupted. This additional check is only enabled during
testing when `MBEDTLS_TEST_HOOKS` is defined.

Also includes a reference usage example in `rsa.c` where two high-level error
codes could be incorrectly added together under the right conditions. This now
ensures that when this error occurs during testing it will be correctly
reported.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:12:02 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
Chris Jones
66a4cd46fd Rename rsa_internal.* to rsa_alt_helpers.*
Rename both `rsa_internal.h` and `rsa_internal.c` to more descriptive
names: `rsa_alt_helpers.h` and `rsa_alt_helpers.c`.

Also re-orders `rsa_internal.c` to match the order in `rsa_internal.h`

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
7b9f33cc8c Move include/mbedtls/rsa_internal.h to library/rsa_internal.h
Only move `rsa_internal.h` for now to test dependancies. Other internal
headers will be moved in following commits.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:45:52 +00:00
Gilles Peskine
5e40a7cfa0 Fix mutex leak in RSA
mbedtls_rsa_gen_key() was not freeing the RSA object, and specifically
not freeing the mutex, in some error cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
eb94059edd Fix mutex double-free in RSA
When MBEDTLS_THREADING_C is enabled, RSA code protects the use of the
key with a mutex. mbedtls_rsa_free() frees this mutex by calling
mbedtls_mutex_free(). This does not match the usage of
mbedtls_mutex_free(), which in general can only be done once.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Cédric Meuter
46bad3375f Added more negative test cases for pkcs1_rsassa_pss_sign
- removed the check on saltlen > 0 and added tests
  positive test cases for this.
- added negative test cases when even saltlen == 0
  is not enough. This allowed to uncover an underflow bu
  in the slen check (when olen-slen-2 is negative)
- fixed the saltlen check to avoid underflow
- added more test cases where saltlen is the maximum
  possible value and one above the maximum possible value
  (different hash, different key size)

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2021-01-10 13:20:35 +01:00
Gilles Peskine
ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Cédric Meuter
2ee085002b Restored check on salt length to the original
Following code review by Manuel Pégourié-Gonnard

Signed-off-by: Cédric Meuter <cedric.meuter@worldline.com>
2020-12-28 14:38:59 +01:00
Cédric Meuter
668a78d952 Added sppecific test cases for mbedtls_rsa_rsassa_pss_sign_ext()
- all positibe test cases were sampled from the CAVP test suite
  (SigGenPSS_186-2.txt, SigGenPSS_186-3.txt)
  Only kept one representative for each triple (modlen, sha, saltlen)
- two extra test cases were added to cover the maximum salt length
  (slen=olen-slen-2 and slen=(olen-slen-2)-1)
- in rsa.c, the salt intermediate buffer was too small to cover cases
  where slen > hlen. So reworked the code to generate the salt in the
  encoded message directly. This has the advantage to remove a memcpy
  and a memset.

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 11:30:08 +01:00
Cédric Meuter
a05cbecc90 Added tests for mbedtls_rsa_rsassa_pss_sign_ext()
- added some invalid param tests in test_suite_rsa
- added functional tests in test_suite_pkcs1_v21

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 10:07:41 +01:00
Cédric Meuter
f3fab33147 Removed the mode argument from mbedtls_rsa_rsassa_pss_sign_ext()
- This mode argument was deprecated in the original function.

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 09:54:10 +01:00
Cédric Meuter
010ddc2b62 Integrated feedback of first code review
- Fixed code style.
- Clarified the documentation of what happens when saltlen is set to
  MBEDTLS_RSA_SALT_LEN_ANY.
- Added range check on saltlen to reject out of range values.

(Code review done by @gilles-peskine-arm)

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 09:53:04 +01:00
Cedric Meuter
8aa4d75ec9 Introduced mbedtls_rsa_rsassa_pss_sign_ext(..., saltlen, ...)
extension of mbedtls_rsa_rsassa_pss_sign() with an extra argument
'saltlen' which allows to inject the length of the salt to the function,
as opposed to the original function which internally computes the
maximum possible salt length. If MBEDTLS_RSA_SALT_LEN_ANY is passed
the function falls back to the the original behaviour. The original
function mbedtls_rsa_rsassa_pss_sign() can simply defer to it.

This allows to make some CAVP PSS generation tests that require the use
of a salt length which is smaller that the hash length.

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 09:51:47 +01:00
Peter Kolbus
ca8b8e7c31 Restore retry in rsa_prepare_blinding()
Starting with commit 49e94e3, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.

Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.

Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-25 08:43:57 -05:00
Dan Handley
abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00