From df5621c7f1d37fce54de096b9f963b263b269829 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 13:59:25 +0000 Subject: [PATCH 01/21] Length check added --- library/rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index efdd055c4..6cdbd6989 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -848,6 +848,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } + if( pad_count < 8 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From d936b044291affef28e30bca4e6f4e12c5006d43 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:14:10 +0000 Subject: [PATCH 02/21] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 56b712d7b..19547689c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.x branch +Security + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + required by PKCS1 v2.2 + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From e5b26c107bce88f4ed3af19ff230583c89ee3029 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:18:20 +0000 Subject: [PATCH 03/21] Add tests for the bug IOTSSL-619. The main goal with these tests is to test the bug in question and they are not meant to test the entire PKCS#1 v1.5 behaviour. To achieve full test coverage, further test cases are needed. --- tests/CMakeLists.txt | 1 + tests/suites/test_suite_pkcs1_v15.data | 30 ++++++ tests/suites/test_suite_pkcs1_v15.function | 110 +++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 tests/suites/test_suite_pkcs1_v15.data create mode 100644 tests/suites/test_suite_pkcs1_v15.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 864ea77d1..47fedd5f7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -81,6 +81,7 @@ add_test_suite(mdx) add_test_suite(memory_buffer_alloc) add_test_suite(mpi) add_test_suite(pem) +add_test_suite(pkcs1_v15) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) add_test_suite(pk) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data new file mode 100644 index 000000000..65bd99caf --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -0,0 +1,30 @@ +RSAES-V15 Encryption Test Vector Int +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Decryption Test Vector Int +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Encryption Test Vector Data just fits +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Decryption Test Vector Data just fits +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Encryption Test Vector Data too long 1 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 7 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 3 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 5 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 8 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 0 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING + diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function new file mode 100644 index 000000000..90460f1d3 --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -0,0 +1,110 @@ +/* BEGIN_HEADER */ +#include "mbedtls/rsa.h" +#include "mbedtls/md.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int hash, + char *message_hex_string, char *seed, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + mbedtls_rsa_context ctx; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, seed ); + info.buf = rnd_buf; + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, + int radix_Q, char *input_Q, int radix_N, + char *input_N, int radix_E, char *input_E, + int hash, char *result_hex_str, char *seed, + char *message_hex_string, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + mbedtls_rsa_context ctx; + mbedtls_mpi P1, Q1, H, G; + size_t output_len; + rnd_pseudo_info rnd_info; + ((void) seed); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 ); + } + +exit: + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + From cbbfaba5a6da7115d43fe5fea2e90d39e61166a0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:30:09 +0000 Subject: [PATCH 04/21] Removing 'if' branch from the fix. This new error shouldn't be distinguishable from other padding errors. Updating 'bad' instead of adding a new 'if' branch. --- library/rsa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 6cdbd6989..cb32bf46f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -848,8 +848,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } - if( pad_count < 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + bad |= ( pad_count < 8 ); if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From 6d133d25817f860d795bd1ccd0afaafdb2f1ae17 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 14:52:29 +0000 Subject: [PATCH 05/21] Included tests for the overflow --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index cb32bf46f..dc12955c9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -523,7 +523,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -588,8 +589,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - - if( olen < ilen + 11 ) + + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen; From 3415cc2f3593f7ca7ac87050f659eb08c5fe7261 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 06/21] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 19547689c..3d7fc2796 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ Security * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 +Security + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From 5ed30c1920c286bccc8ba7ccc3b2fe9ba159ad5b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 9 Feb 2016 14:51:35 +0000 Subject: [PATCH 07/21] Included test for integer underflow. --- library/rsa.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index cb32bf46f..642b76278 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -714,6 +714,10 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, */ hlen = mbedtls_md_get_size( md_info ); + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); From 3cbdbf918f10eea1ee9db1848bbc0ef8fd19b7ad Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:40:16 +0000 Subject: [PATCH 08/21] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 19547689c..2f9a6233d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ Security * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 +Security + * Fix a potential integer underflow to buffer overread in + mbedtls_rsa_rsaes_oaep_decrypt + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From e75f8c32c531eebb8b8069f1ed9c6d7c3cce2513 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Feb 2016 11:08:18 +0000 Subject: [PATCH 09/21] Moved underflow test to better reflect time constant behaviour. --- library/rsa.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 642b76278..de42bedd5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -699,6 +699,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + hlen = mbedtls_md_get_size( md_info ); + + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + /* * RSA operation */ @@ -712,12 +718,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, /* * Unmask data and generate lHash */ - hlen = mbedtls_md_get_size( md_info ); - - // checking for integer underflow - if( 2 * hlen + 2 > ilen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); From 4d9bbc4e36ec33842cb0b1717bb2216ae7c69fed Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Feb 2016 11:15:44 +0000 Subject: [PATCH 10/21] Extended ChangeLog entry --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2f9a6233d..f0384fd36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,8 @@ Security Security * Fix a potential integer underflow to buffer overread in - mbedtls_rsa_rsaes_oaep_decrypt + mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in + SSL/TLS. Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From fe0e8d233176224ac81e7f37d9888b41fbedeeab Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 16 Mar 2016 23:08:18 +0000 Subject: [PATCH 11/21] Fix ChangeLog after merging fix for IOTSSL-628 --- ChangeLog | 2 -- 1 file changed, 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f0384fd36..bce9b9b78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,8 +5,6 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 - -Security * Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. From 9ff2d96fe23655f4802dfcd93877b51d265c11ac Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Mar 2016 11:09:45 +0000 Subject: [PATCH 12/21] Fix Changelog for backport of IOTSSL-621 --- ChangeLog | 2 -- 1 file changed, 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ef9ee33b4..2be6ca898 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,8 +8,6 @@ Security * Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. - -Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt From db9fdbf6f43217b0537daf6e83e043ae568529a8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 16 Mar 2016 10:16:54 +0000 Subject: [PATCH 13/21] Fix the broken pkcs1 v1.5 test. The random buffer handed over to the test function was too small and the remaining bytes were generated by the default (platform dependant) function. --- tests/suites/test_suite_pkcs1_v15.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index 65bd99caf..9ab3e8c99 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -1,5 +1,5 @@ RSAES-V15 Encryption Test Vector Int -pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb32":"6c5ebca6116b1e91316613fbb5e93197270a849122d549122d05815e2626f80d20f7f3f038c98295203c0f7f6bb8c3568455c67dec82bca86be86eff43b56b7ba2d15375f9a42454c2a2c709953a6e4a977462e35fd21a9c2fb3c0ad2a370f7655267bf6f04814784982988e663b869fc8588475af860d499e5a6ffdfc2c6bfd":0 RSAES-V15 Decryption Test Vector Int pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 From 0e243cabc9cecb887a16cf5211f8466f50db2691 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 16 Mar 2016 16:39:41 +0000 Subject: [PATCH 14/21] Add tests to cover PKCS1 v1.5 signature functions. The reported memory leak should have been spotted by make memcheck But it wasn't. Keeping the tests for better coverage. --- tests/suites/test_suite_pkcs1_v15.data | 5 + tests/suites/test_suite_pkcs1_v15.function | 157 +++++++++++++++++++++ 2 files changed, 162 insertions(+) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index 9ab3e8c99..db7a4cd4b 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -28,3 +28,8 @@ pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a RSAES-V15 Decryption Test Vector Padding too short 0 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING +RSASSA-V15 Signing Test Vector Int +pkcs1_rsassa_v15_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 + +RSASSA-V15 Verification Test Vector Int +pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 90460f1d3..ce8bf5892 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -108,3 +108,160 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, + char *input_Q, int radix_N, char *input_N, + int radix_E, char *input_E, int digest, int hash, + char *message_hex_string, char *salt, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + mbedtls_rsa_context ctx; + mbedtls_mpi P1, Q1, H, G; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, salt ); + info.buf = rnd_buf; + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + if( mbedtls_md_info_from_type( digest ) != NULL ) + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int digest, int hash, + char *message_hex_string, char *salt, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char result_str[1000]; + mbedtls_rsa_context ctx; + size_t msg_len; + ((void) salt); + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( result_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + unhexify( result_str, result_hex_str ); + + if( mbedtls_md_info_from_type( digest ) != NULL ) + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_verify_ext( int mod, + int radix_N, char *input_N, + int radix_E, char *input_E, + int msg_digest_id, int ctx_hash, + int mgf_hash, int salt_len, + char *message_hex_string, + char *result_hex_str, + int result_simple, + int result_full ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char result_str[1000]; + mbedtls_rsa_context ctx; + size_t msg_len, hash_len; + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, ctx_hash ); + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( result_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + unhexify( result_str, result_hex_str ); + + if( msg_digest_id != MBEDTLS_MD_NONE ) + { + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ), + message_str, msg_len, hash_result ) == 0 ); + hash_len = 0; + } + else + { + memcpy( hash_result, message_str, msg_len ); + hash_len = msg_len; + } + + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + msg_digest_id, hash_len, hash_result, + result_str ) == result_simple ); + + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + msg_digest_id, hash_len, hash_result, + mgf_hash, salt_len, + result_str ) == result_full ); + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ From 8c60bdff5b28fde4f018ffb427d9a250cf34426c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Mar 2016 15:21:39 +0000 Subject: [PATCH 15/21] Fix memory leaks in example programs. --- programs/pkey/rsa_decrypt.c | 6 +++--- programs/pkey/rsa_encrypt.c | 4 ++-- programs/pkey/rsa_sign.c | 5 +++-- programs/pkey/rsa_verify.c | 6 ++++-- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 94431e0ce..37227e8a5 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -69,6 +69,8 @@ int main( int argc, char *argv[] ) memset(result, 0, sizeof( result ) ); mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); ret = 1; if( argc != 1 ) @@ -85,7 +87,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -104,8 +105,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || @@ -171,6 +170,7 @@ int main( int argc, char *argv[] ) exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); + mbedtls_rsa_free( &rsa ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 796343f1b..033ca11b5 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -67,6 +67,7 @@ int main( int argc, char *argv[] ) unsigned char buf[512]; const char *pers = "rsa_encrypt"; + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); ret = 1; @@ -104,8 +105,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { @@ -160,6 +159,7 @@ int main( int argc, char *argv[] ) exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); + mbedtls_rsa_free( &rsa ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index e897c6519..27f356632 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -62,6 +62,7 @@ int main( int argc, char *argv[] ) unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); ret = 1; if( argc != 2 ) @@ -86,8 +87,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || @@ -157,6 +156,8 @@ int main( int argc, char *argv[] ) exit: + mbedtls_rsa_free( &rsa ); + #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index ade36dc83..a22b55521 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -61,7 +61,9 @@ int main( int argc, char *argv[] ) unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); ret = 1; + if( argc != 2 ) { mbedtls_printf( "usage: rsa_verify \n" ); @@ -83,8 +85,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { @@ -149,6 +149,8 @@ int main( int argc, char *argv[] ) exit: + mbedtls_rsa_free( &rsa ); + #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); From bbd3e8a1f0e81a2dcf95f951d3cc660c3bdc84bb Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 12 Apr 2016 13:25:08 +0100 Subject: [PATCH 16/21] Fixes error and exit paths in rsa sample programs --- programs/pkey/rsa_decrypt.c | 69 +++++++++++++++++++++---------------- programs/pkey/rsa_encrypt.c | 52 +++++++++++++++++----------- 2 files changed, 72 insertions(+), 49 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 37227e8a5..5bfe332bd 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -30,6 +30,9 @@ #else #include #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ @@ -39,8 +42,8 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -#include #include + #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ @@ -57,7 +60,7 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret, c; + int return_val, exit_val, c; size_t i; mbedtls_rsa_context rsa; mbedtls_entropy_context entropy; @@ -68,10 +71,7 @@ int main( int argc, char *argv[] ) ((void) argv); memset(result, 0, sizeof( result ) ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - ret = 1; + exit_val = MBEDTLS_EXIT_SUCCESS; if( argc != 1 ) { @@ -81,17 +81,23 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); #endif - goto exit; + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + + return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", + return_val ); goto exit; } @@ -100,21 +106,24 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; } - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + return_val ); goto exit; } @@ -125,10 +134,9 @@ int main( int argc, char *argv[] ) /* * Extract the RSA encrypted value from the text file */ - ret = 1; - if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); goto exit; } @@ -143,6 +151,7 @@ int main( int argc, char *argv[] ) if( i != rsa.len ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); goto exit; } @@ -153,11 +162,14 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Decrypting the encrypted data" ); fflush( stdout ); - if( ( ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_RSA_PRIVATE, &i, buf, result, - 1024 ) ) != 0 ) + return_val = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i, + buf, result, 1024 ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", + return_val ); goto exit; } @@ -165,8 +177,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "The decrypted result is: '%s'\n\n", result ); - ret = 0; - exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); @@ -177,6 +187,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + return( exit_val ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ + diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 033ca11b5..9619baa66 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -31,6 +31,9 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ @@ -40,7 +43,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -#include #include #endif @@ -58,7 +60,7 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int return_val, exit_val; size_t i; mbedtls_rsa_context rsa; mbedtls_entropy_context entropy; @@ -67,9 +69,7 @@ int main( int argc, char *argv[] ) unsigned char buf[512]; const char *pers = "rsa_encrypt"; - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - ret = 1; + exit_val = MBEDTLS_EXIT_SUCCESS; if( argc != 2 ) { @@ -79,18 +79,24 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); #endif - goto exit; + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + + return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", + return_val ); goto exit; } @@ -99,16 +105,18 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) { - ret = 1; + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; } - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + return_val ); goto exit; } @@ -118,6 +126,7 @@ int main( int argc, char *argv[] ) if( strlen( argv[1] ) > 100 ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " Input data larger than 100 characters.\n\n" ); goto exit; } @@ -130,11 +139,14 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Generating the RSA encrypted value" ); fflush( stdout ); - if( ( ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_RSA_PUBLIC, strlen( argv[1] ), - input, buf ) ) != 0 ) + return_val = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg, MBEDTLS_RSA_PUBLIC, + strlen( argv[1] ), input, buf ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", + return_val ); goto exit; } @@ -143,7 +155,7 @@ int main( int argc, char *argv[] ) */ if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) { - ret = 1; + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); goto exit; } @@ -166,7 +178,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + return( exit_val ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ From 7d65cedc96e82966cefc437a289df9f4dddc576e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 12 Apr 2016 15:04:10 +0100 Subject: [PATCH 17/21] Corrects platform return values in rsa sample programs --- programs/pkey/rsa_decrypt.c | 18 ++++++++---------- programs/pkey/rsa_encrypt.c | 18 ++++++++---------- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 5bfe332bd..e96367a7c 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -31,8 +31,6 @@ #include #define mbedtls_printf printf #define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ @@ -71,7 +69,7 @@ int main( int argc, char *argv[] ) ((void) argv); memset(result, 0, sizeof( result ) ); - exit_val = MBEDTLS_EXIT_SUCCESS; + exit_val = 0; if( argc != 1 ) { @@ -81,7 +79,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); #endif - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); + mbedtls_exit( 1 ); } mbedtls_printf( "\n . Seeding the random number generator..." ); @@ -95,7 +93,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ); if( return_val != 0 ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", return_val ); goto exit; @@ -106,7 +104,7 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; @@ -121,7 +119,7 @@ int main( int argc, char *argv[] ) ( return_val = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || ( return_val = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", return_val ); goto exit; @@ -136,7 +134,7 @@ int main( int argc, char *argv[] ) */ if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); goto exit; } @@ -151,7 +149,7 @@ int main( int argc, char *argv[] ) if( i != rsa.len ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); goto exit; } @@ -167,7 +165,7 @@ int main( int argc, char *argv[] ) buf, result, 1024 ); if( return_val != 0 ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", return_val ); goto exit; diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 9619baa66..1ba8deae5 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -32,8 +32,6 @@ #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ @@ -69,7 +67,7 @@ int main( int argc, char *argv[] ) unsigned char buf[512]; const char *pers = "rsa_encrypt"; - exit_val = MBEDTLS_EXIT_SUCCESS; + exit_val = 0; if( argc != 2 ) { @@ -79,7 +77,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); #endif - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); + mbedtls_exit( 1 ); } mbedtls_printf( "\n . Seeding the random number generator..." ); @@ -94,7 +92,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ); if( return_val != 0 ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", return_val ); goto exit; @@ -105,7 +103,7 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; @@ -114,7 +112,7 @@ int main( int argc, char *argv[] ) if( ( return_val = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( return_val = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", return_val ); goto exit; @@ -126,7 +124,7 @@ int main( int argc, char *argv[] ) if( strlen( argv[1] ) > 100 ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " Input data larger than 100 characters.\n\n" ); goto exit; } @@ -144,7 +142,7 @@ int main( int argc, char *argv[] ) strlen( argv[1] ), input, buf ); if( return_val != 0 ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", return_val ); goto exit; @@ -155,7 +153,7 @@ int main( int argc, char *argv[] ) */ if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) { - exit_val = MBEDTLS_EXIT_FAILURE; + exit_val = 1; mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); goto exit; } From 57b42d25c391aca9889bdff6945d70107c101271 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Apr 2016 11:52:56 +0100 Subject: [PATCH 18/21] Add missing stdlib.h header to rsa sample programs --- programs/pkey/rsa_decrypt.c | 1 + programs/pkey/rsa_encrypt.c | 1 + 2 files changed, 2 insertions(+) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index e96367a7c..0200bd7ed 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_exit exit #endif diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 1ba8deae5..4b739a3f7 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_exit exit From 3e25f8c01e3c824e5efd5a9c576b6af701dcac40 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Apr 2016 14:49:19 +0100 Subject: [PATCH 19/21] Add missing config dependencies to PKCS1 V15 tests --- tests/suites/test_suite_pkcs1_v15.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index ce8bf5892..77ab51389 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -209,7 +209,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15 MBEDTLS_PKCS1_V21 */ void pkcs1_rsassa_v15_verify_ext( int mod, int radix_N, char *input_N, int radix_E, char *input_E, From e789a6ead6be5de1f00043a7abd841abc7b7a10b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Apr 2016 18:46:26 +0100 Subject: [PATCH 20/21] Fixes typo in platform.h --- include/mbedtls/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index f71f1b649..bdf771ce5 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -64,7 +64,7 @@ extern "C" { #define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */ #endif #if !defined(MBEDTLS_PLATFORM_STD_EXIT) -#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default free to use */ +#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */ #endif #else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) From 1033abdd4eb20369de4fb4729ca8cdba2c96a6fb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 15 Apr 2016 15:54:30 +0100 Subject: [PATCH 21/21] Remove unused code from PKCS1v15 test suite --- tests/suites/test_suite_pkcs1_v15.function | 57 ---------------------- 1 file changed, 57 deletions(-) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 77ab51389..09fe05bb3 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -208,60 +208,3 @@ exit: mbedtls_rsa_free( &ctx ); } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15 MBEDTLS_PKCS1_V21 */ -void pkcs1_rsassa_v15_verify_ext( int mod, - int radix_N, char *input_N, - int radix_E, char *input_E, - int msg_digest_id, int ctx_hash, - int mgf_hash, int salt_len, - char *message_hex_string, - char *result_hex_str, - int result_simple, - int result_full ) -{ - unsigned char message_str[1000]; - unsigned char hash_result[1000]; - unsigned char result_str[1000]; - mbedtls_rsa_context ctx; - size_t msg_len, hash_len; - - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, ctx_hash ); - memset( message_str, 0x00, 1000 ); - memset( hash_result, 0x00, 1000 ); - memset( result_str, 0x00, 1000 ); - - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - msg_len = unhexify( message_str, message_hex_string ); - unhexify( result_str, result_hex_str ); - - if( msg_digest_id != MBEDTLS_MD_NONE ) - { - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ), - message_str, msg_len, hash_result ) == 0 ); - hash_len = 0; - } - else - { - memcpy( hash_result, message_str, msg_len ); - hash_len = msg_len; - } - - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - result_str ) == result_simple ); - - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - mgf_hash, salt_len, - result_str ) == result_full ); - -exit: - mbedtls_rsa_free( &ctx ); -} -/* END_CASE */