yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-29 14:54:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change RSA to use new MD API and check return code

Browse Source
This commit is contained in:
Andres Amaya Garcia 2017-06-28 11:46:46 +01:00
parent 8d8204fc6f
commit 698089e07e
1 changed files with 91 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
library/rsa.c
View File

@ -566,7 +566,7 @@ cleanup:
* \param slen length of the source buffer * \param slen length of the source buffer
* \param md_ctx message digest context to use * \param md_ctx message digest context to use
*/ */
static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
size_t slen, mbedtls_md_context_t *md_ctx ) size_t slen, mbedtls_md_context_t *md_ctx )
{ {
unsigned char mask[MBEDTLS_MD_MAX_SIZE]; unsigned char mask[MBEDTLS_MD_MAX_SIZE];
@ -574,6 +574,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
unsigned char *p; unsigned char *p;
unsigned int hlen; unsigned int hlen;
size_t i, use_len; size_t i, use_len;
int ret;
memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
memset( counter, 0, 4 ); memset( counter, 0, 4 );
@ -589,10 +590,14 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
if( dlen < hlen ) if( dlen < hlen )
use_len = dlen; use_len = dlen;
mbedtls_md_starts( md_ctx ); if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 )
mbedtls_md_update( md_ctx, src, slen ); goto exit;
mbedtls_md_update( md_ctx, counter, 4 ); if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 )
mbedtls_md_finish( md_ctx, mask ); goto exit;
if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 )
goto exit;
if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 )
goto exit;
for( i = 0; i < use_len; ++i ) for( i = 0; i < use_len; ++i )
*p++ ^= mask[i]; *p++ ^= mask[i];
@ -602,7 +607,10 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
dlen -= use_len; dlen -= use_len;
} }
exit:
mbedtls_zeroize( mask, sizeof( mask ) ); mbedtls_zeroize( mask, sizeof( mask ) );
return( ret );
} }
#endif /* MBEDTLS_PKCS1_V21 */ #endif /* MBEDTLS_PKCS1_V21 */
@ -654,7 +662,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
p += hlen; p += hlen;
/* Construct DB */ /* Construct DB */
mbedtls_md( md_info, label, label_len, p ); if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 )
return( ret );
p += hlen; p += hlen;
p += olen - 2 * hlen - 2 - ilen; p += olen - 2 * hlen - 2 - ilen;
*p++ = 1; *p++ = 1;
@ -662,21 +671,24 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
mbedtls_md_init( &md_ctx ); mbedtls_md_init( &md_ctx );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
{ goto exit;
mbedtls_md_free( &md_ctx );
return( ret );
}
/* maskedDB: Apply dbMask to DB */ /* maskedDB: Apply dbMask to DB */
mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
&md_ctx ); &md_ctx ) ) != 0 )
goto exit;
/* maskedSeed: Apply seedMask to seed */ /* maskedSeed: Apply seedMask to seed */
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
&md_ctx ); &md_ctx ) ) != 0 )
goto exit;
exit:
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
if( ret != 0 )
return( ret );
return( ( mode == MBEDTLS_RSA_PUBLIC ) return( ( mode == MBEDTLS_RSA_PUBLIC )
? mbedtls_rsa_public( ctx, output, output ) ? mbedtls_rsa_public( ctx, output, output )
: mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
@ -843,20 +855,23 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
goto cleanup; goto cleanup;
} }
/* Generate lHash */
mbedtls_md( md_info, label, label_len, lhash );
/* seed: Apply seedMask to maskedSeed */ /* seed: Apply seedMask to maskedSeed */
mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
&md_ctx ); &md_ctx ) ) != 0 ||
/* DB: Apply dbMask to maskedDB */ /* DB: Apply dbMask to maskedDB */
mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
&md_ctx ); &md_ctx ) ) != 0 )
{
mbedtls_md_free( &md_ctx );
goto cleanup;
}
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
/* Generate lHash */
if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 )
goto cleanup;
/* /*
* Check contents, in "constant-time" * Check contents, in "constant-time"
*/ */
@ -1107,28 +1122,28 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
mbedtls_md_init( &md_ctx ); mbedtls_md_init( &md_ctx );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
{ goto exit;
mbedtls_md_free( &md_ctx );
/* No need to zeroize salt: we didn't use it. */
return( ret );
}
/* Generate H = Hash( M' ) */ /* Generate H = Hash( M' ) */
mbedtls_md_starts( &md_ctx ); if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
mbedtls_md_update( &md_ctx, p, 8 ); goto exit;
mbedtls_md_update( &md_ctx, hash, hashlen ); if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 )
mbedtls_md_update( &md_ctx, salt, slen ); goto exit;
mbedtls_md_finish( &md_ctx, p ); if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 )
mbedtls_zeroize( salt, sizeof( salt ) ); goto exit;
if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 )
goto exit;
if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 )
goto exit;
/* Compensate for boundary condition when applying mask */ /* Compensate for boundary condition when applying mask */
if( msb % 8 == 0 ) if( msb % 8 == 0 )
offset = 1; offset = 1;
/* maskedDB: Apply dbMask to DB */ /* maskedDB: Apply dbMask to DB */
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen,
&md_ctx ) ) != 0 )
mbedtls_md_free( &md_ctx ); goto exit;
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
sig[0] &= 0xFF >> ( olen * 8 - msb ); sig[0] &= 0xFF >> ( olen * 8 - msb );
@ -1136,6 +1151,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
p += hlen; p += hlen;
*p++ = 0xBC; *p++ = 0xBC;
mbedtls_zeroize( salt, sizeof( salt ) );
exit:
mbedtls_md_free( &md_ctx );
if( ret != 0 )
return( ret );
return( ( mode == MBEDTLS_RSA_PUBLIC ) return( ( mode == MBEDTLS_RSA_PUBLIC )
? mbedtls_rsa_public( ctx, sig, sig ) ? mbedtls_rsa_public( ctx, sig, sig )
: mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
@ -1382,23 +1405,21 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
mbedtls_md_init( &md_ctx ); mbedtls_md_init( &md_ctx );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
{ goto exit;
mbedtls_md_free( &md_ctx );
return( ret );
}
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); if( ( ret = mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen,
&md_ctx ) ) != 0 )
goto exit;
buf[0] &= 0xFF >> ( siglen * 8 - msb ); buf[0] &= 0xFF >> ( siglen * 8 - msb );
while( p < buf + siglen && *p == 0 ) while( p < buf + siglen && *p == 0 )
p++; p++;
if( p == buf + siglen || if( p == buf + siglen || *p++ != 0x01 )
*p++ != 0x01 )
{ {
mbedtls_md_free( &md_ctx ); ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
return( MBEDTLS_ERR_RSA_INVALID_PADDING ); goto exit;
} }
/* Actual salt len */ /* Actual salt len */
@ -1407,25 +1428,31 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
slen != (size_t) expected_salt_len ) slen != (size_t) expected_salt_len )
{ {
mbedtls_md_free( &md_ctx ); ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
return( MBEDTLS_ERR_RSA_INVALID_PADDING ); goto exit;
} }
/* /*
* Generate H = Hash( M' ) * Generate H = Hash( M' )
*/ */
mbedtls_md_starts( &md_ctx ); if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
mbedtls_md_update( &md_ctx, zeros, 8 ); goto exit;
mbedtls_md_update( &md_ctx, hash, hashlen ); if( ( ret = mbedtls_md_update( &md_ctx, zeros, 8 ) ) != 0 )
mbedtls_md_update( &md_ctx, p, slen ); goto exit;
mbedtls_md_finish( &md_ctx, result ); if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 )
goto exit;
if( ( ret = mbedtls_md_update( &md_ctx, p, slen ) ) != 0 )
goto exit;
if( ( ret = mbedtls_md_finish( &md_ctx, result ) ) != 0 )
goto exit;
if( ( ret = memcmp( p + slen, result, hlen ) ) != 0 )
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
exit:
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
if( memcmp( p + slen, result, hlen ) == 0 ) return( ret );
return( 0 );
else
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
} }
/* /*
@ -1829,7 +1856,13 @@ int mbedtls_rsa_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " PKCS#1 data sign : " ); mbedtls_printf( " PKCS#1 data sign : " );
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); if( mbedtls_sha1_ext( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( 1 );
}
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 ) sha1sum, rsa_ciphertext ) != 0 )