From aac64a2839e32ec3e74590de3f958b4f3747e5b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Nov 2018 18:37:42 +0100 Subject: [PATCH 1/4] Remove support for non-byte-aligned RSA keys Remove the need for an extra function mbedtls_rsa_get_bitlen. Use mbedtls_rsa_get_len, which is only correct for keys whose size is a multiple of 8. Key sizes that aren't a multiple of 8 are extremely rarely used, so in practice this is not a problematic limitation. --- library/psa_crypto.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 87f9147a6..dc6f2da49 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -579,7 +579,11 @@ static psa_status_t psa_import_rsa_key( mbedtls_pk_context *pk, else { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *pk ); - size_t bits = mbedtls_rsa_get_bitlen( rsa ); + /* The size of an RSA key doesn't have to be a multiple of 8. + * Mbed TLS supports non-byte-aligned key sizes, but not well. + * For example, mbedtls_rsa_get_len() returns the key size in + * bytes, not in bits. */ + size_t bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) ); if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) return( PSA_ERROR_NOT_SUPPORTED ); *p_rsa = rsa; @@ -799,7 +803,7 @@ static size_t psa_get_key_bits( const key_slot_t *slot ) return( slot->data.raw.bytes * 8 ); #if defined(MBEDTLS_RSA_C) if( PSA_KEY_TYPE_IS_RSA( slot->type ) ) - return( mbedtls_rsa_get_bitlen( slot->data.rsa ) ); + return( PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) ) ); #endif /* defined(MBEDTLS_RSA_C) */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->type ) ) From 86a440b63864d61ba475548291a0bd4945ad2a22 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Nov 2018 18:39:40 +0100 Subject: [PATCH 2/4] Reject non-byte-aligned RSA keys On key import and key generation, for RSA, reject key sizes that are not a multiple of 8. Such keys are not well-supported in Mbed TLS and are hardly ever used in practice. The previous commit removed support for non-byte-aligned keys at the PSA level. This commit actively rejects such keys and adds corresponding tests (test keys generated with "openssl genrsa"). --- library/psa_crypto.c | 30 +++++++++++++++++++ tests/suites/test_suite_psa_crypto.data | 40 ++++++++++++++++++++++--- 2 files changed, 66 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dc6f2da49..4584f6bde 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -571,6 +571,28 @@ static psa_status_t prepare_raw_data_slot( psa_key_type_t type, } #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) +/* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes + * that are not a multiple of 8) well. For example, there is only + * mbedtls_rsa_get_len(), which returns a number of bytes, and no + * way to return the exact bit size of a key. + * To keep things simple, reject non-byte-aligned key sizes. */ +static psa_status_t psa_check_rsa_key_byte_aligned( + const mbedtls_rsa_context *rsa ) +{ + mbedtls_mpi n; + psa_status_t status; + mbedtls_mpi_init( &n ); + status = mbedtls_to_psa_error( + mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) ); + if( status == PSA_SUCCESS ) + { + if( mbedtls_mpi_bitlen( &n ) % 8 != 0 ) + status = PSA_ERROR_NOT_SUPPORTED; + } + mbedtls_mpi_free( &n ); + return( status ); +} + static psa_status_t psa_import_rsa_key( mbedtls_pk_context *pk, mbedtls_rsa_context **p_rsa ) { @@ -584,8 +606,12 @@ static psa_status_t psa_import_rsa_key( mbedtls_pk_context *pk, * For example, mbedtls_rsa_get_len() returns the key size in * bytes, not in bits. */ size_t bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) ); + psa_status_t status; if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) return( PSA_ERROR_NOT_SUPPORTED ); + status = psa_check_rsa_key_byte_aligned( rsa ); + if( status != PSA_SUCCESS ) + return( status ); *p_rsa = rsa; return( PSA_SUCCESS ); } @@ -3556,6 +3582,10 @@ psa_status_t psa_generate_key( psa_key_slot_t key, int exponent = 65537; if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) return( PSA_ERROR_NOT_SUPPORTED ); + /* Accept only byte-aligned keys, for the same reasons as + * in psa_import_rsa_key(). */ + if( bits % 8 != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); if( extra != NULL ) { const psa_generate_key_extra_rsa *p = extra; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4a9714a27..229fa81c5 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -150,10 +150,6 @@ PSA import RSA keypair: valid key but EC depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT -PSA import/export RSA keypair: good, 1023-bit -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C -import_export:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1023:0:PSA_SUCCESS:1 - PSA import/export-public RSA public key: good, 1024-bit depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C import_export_public_key:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" @@ -170,6 +166,30 @@ PSA import/export-public RSA keypair: buffer too small depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" +PSA import/export RSA public key: 1016-bit (good) +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +import_export:"30819e300d06092a864886f70d010101050003818c0030818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1016:0:PSA_SUCCESS:1 + +PSA import/export RSA keypair: 1016-bit (good) +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1016:0:PSA_SUCCESS:1 + +PSA import RSA public key: 1022-bit (not supported) +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +import:"30819e300d06092a864886f70d010101050003818c0030818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED + +PSA import RSA keypair: 1022-bit (not supported) +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +import:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED + +PSA import RSA public key: 1023-bit (not supported) +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +import:"30819e300d06092a864886f70d010101050003818c003081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED + +PSA import RSA keypair: 1023-bit (not supported) +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +import:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED + PSA import/export EC secp224r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:224:0:PSA_SUCCESS:1 @@ -1562,6 +1582,10 @@ PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS +PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS + PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS @@ -1574,6 +1598,14 @@ PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS +PSA generate key: RSA, 1022 bits: not supported +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED + +PSA generate key: RSA, 1023 bits: not supported +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED + PSA generate key: RSA, maximum size exceeded depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED From 64a43ce48e4885f329eecc0bfd8efa59777bd5a4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Nov 2018 18:42:28 +0100 Subject: [PATCH 3/4] Revert "fixup! New function mbedtls_rsa_get_bitlen" This reverts commit c939f6fcba1cda328c4a21b7c8df596690e36add. --- tests/suites/test_suite_pk.function | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 916b3c54d..a1d9b0b7a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -16,7 +16,6 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); static int pk_genkey( mbedtls_pk_context *pk, int size ) { ((void) pk); - ((void) size); #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) From e19b7d54d052baee9c5bd24731ff3c252ad80ebf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Nov 2018 18:42:43 +0100 Subject: [PATCH 4/4] Revert "New function mbedtls_rsa_get_bitlen" This reverts commit 1d26709dbd4a4f8ef9ea0ff58f2644a4bc3fc49c. --- include/mbedtls/rsa.h | 10 ------- library/pk_wrap.c | 2 +- library/rsa.c | 9 +------ tests/suites/test_suite_pk.data | 11 +------- tests/suites/test_suite_pk.function | 39 +++++----------------------- tests/suites/test_suite_rsa.function | 27 +++++++------------ 6 files changed, 18 insertions(+), 80 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 31a8db757..6eea5af2f 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -403,16 +403,6 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, */ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); -/** - * \brief This function retrieves the length of the RSA modulus in bits. - * - * \param ctx The initialized RSA context. - * - * \return The length of the RSA modulus in bits. - * - */ -size_t mbedtls_rsa_get_bitlen( const mbedtls_rsa_context *ctx ); - /** * \brief This function generates an RSA keypair. * diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f9b4c659c..2c7d2d79b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -66,7 +66,7 @@ static int rsa_can_do( mbedtls_pk_type_t type ) static size_t rsa_get_bitlen( const void *ctx ) { const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; - return( mbedtls_rsa_get_bitlen( rsa ) ); + return( 8 * mbedtls_rsa_get_len( rsa ) ); } static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, diff --git a/library/rsa.c b/library/rsa.c index 499d14540..56490f93e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -480,19 +480,12 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id /* * Get length in bytes of RSA modulus */ + size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) { return( ctx->len ); } -/* - * Get length in bits of RSA modulus - */ -size_t mbedtls_rsa_get_bitlen( const mbedtls_rsa_context *ctx ) -{ - return( mbedtls_mpi_bitlen( &ctx->N ) ); -} - #if defined(MBEDTLS_GENPRIME) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 77e3bd887..a066bd93e 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1,16 +1,7 @@ -PK utils: RSA, 512 bits +PK utils: RSA depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:64:"RSA" -## RSA key generation only supports even bit sizes -#PK utils: RSA, 511 bits -#depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -#pk_utils:MBEDTLS_PK_RSA:511:64:"RSA" -# -PK utils: RSA, 510 bits -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:510:64:"RSA" - PK utils: ECKEY depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECKEY:192:24:"EC" diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index a1d9b0b7a..9005ddb31 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -13,18 +13,13 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); #define RSA_KEY_SIZE 512 #define RSA_KEY_LEN 64 -static int pk_genkey( mbedtls_pk_context *pk, int size ) +static int pk_genkey( mbedtls_pk_context *pk ) { ((void) pk); #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) - { - if( size == 0 ) - size = RSA_KEY_SIZE; - return( mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), - rnd_std_rand, NULL, size, 3 ) ); - } + return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 ); #endif #if defined(MBEDTLS_ECP_C) if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY || @@ -32,30 +27,8 @@ static int pk_genkey( mbedtls_pk_context *pk, int size ) mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECDSA ) { int ret; - mbedtls_ecp_group_id curve; - switch( size ) - { - case 0: - case 192: - curve = MBEDTLS_ECP_DP_SECP192R1; - break; - case 224: - curve = MBEDTLS_ECP_DP_SECP224R1; - break; - case 256: - curve = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - curve = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - curve = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( -1 ); - } if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp, - curve ) ) != 0 ) + MBEDTLS_ECP_DP_SECP192R1 ) ) != 0 ) return( ret ); return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d, @@ -104,7 +77,7 @@ void pk_utils( int type, int size, int len, char * name ) mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); - TEST_ASSERT( pk_genkey( &pk, size ) == 0 ); + TEST_ASSERT( pk_genkey( &pk ) == 0 ); TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type ); TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) ); @@ -279,7 +252,7 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret ) memset( sig, 0, sizeof sig ); TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); - TEST_ASSERT( pk_genkey( &pk, 0 ) == 0 ); + TEST_ASSERT( pk_genkey( &pk ) == 0 ); TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, sig, &sig_len, rnd_std_rand, NULL ) == sign_ret ); @@ -474,7 +447,7 @@ void pk_rsa_alt( ) /* Initiliaze PK RSA context with random key */ TEST_ASSERT( mbedtls_pk_setup( &rsa, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); - TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 ); + TEST_ASSERT( pk_genkey( &rsa ) == 0 ); /* Extract key to the raw rsa context */ TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 46c8bf96e..c43ef2050 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -44,8 +44,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); @@ -87,8 +86,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); @@ -129,8 +127,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); @@ -195,8 +192,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); @@ -260,8 +256,7 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); @@ -299,8 +294,7 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); @@ -348,8 +342,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); @@ -388,8 +381,7 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); @@ -448,8 +440,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); - TEST_ASSERT( mbedtls_rsa_get_bitlen( &ctx ) == (size_t) mod ); - TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod + 7 ) / 8 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );