mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 04:14:23 +01:00
PSA RSA PSS: pass pre-hash algorithm to Mbed TLS
PSA Crypto always passed MBEDTLS_MD_NONE to Mbed TLS, which worked well as Mbed TLS does not use this parameter for anything beyond determining the input lengths. Some alternative implementations however check the consistency of the algorithm used for pre-hash and for other uses in verification (verify operation and mask generation) and fail if they don't match. This makes all such verifications fail. Furthermore, the PSA Crypto API mandates that the pre-hash and internal uses are aligned as well. Fixes #3990. Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
parent
456d7e055f
commit
b23b5745b5
@ -360,27 +360,19 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
|
|||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
/* For signatures using a hash, the hash length must be correct. */
|
||||||
/* For PKCS#1 v1.5 signature, if using a hash, the hash length
|
if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
|
||||||
* must be correct. */
|
|
||||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
|
|
||||||
alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
|
|
||||||
{
|
{
|
||||||
if( md_info == NULL )
|
if( md_info == NULL )
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
if( mbedtls_md_get_size( md_info ) != hash_length )
|
if( mbedtls_md_get_size( md_info ) != hash_length )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
|
else
|
||||||
|
|
||||||
#if defined(BUILTIN_ALG_RSA_PSS)
|
|
||||||
/* PSS requires a hash internally. */
|
|
||||||
if( PSA_ALG_IS_RSA_PSS( alg ) )
|
|
||||||
{
|
{
|
||||||
if( md_info == NULL )
|
if( hash_alg != 0 )
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
#endif /* BUILTIN_ALG_RSA_PSS */
|
|
||||||
|
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
@ -512,7 +504,7 @@ static psa_status_t rsa_verify_hash(
|
|||||||
mbedtls_psa_get_random,
|
mbedtls_psa_get_random,
|
||||||
MBEDTLS_PSA_RANDOM_STATE,
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
MBEDTLS_RSA_PUBLIC,
|
MBEDTLS_RSA_PUBLIC,
|
||||||
MBEDTLS_MD_NONE,
|
md_alg,
|
||||||
(unsigned int) hash_length,
|
(unsigned int) hash_length,
|
||||||
hash,
|
hash,
|
||||||
signature );
|
signature );
|
||||||
|
Loading…
Reference in New Issue
Block a user