mirror of https://github.com/wolfSSL/wolfssl
Test Fixes
1. Modify RSA-PSS to be able to sign and verify SHA-384 and SHA-512 hashes with 1024-bit RSA keys.
This commit is contained in:
parent
dc31dbaeaf
commit
eea4d6da50
|
@ -765,7 +765,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||||
}
|
}
|
||||||
else if (saltLen > hLen || saltLen < -1)
|
else if (saltLen > hLen || saltLen < -1)
|
||||||
return PSS_SALTLEN_E;
|
return PSS_SALTLEN_E;
|
||||||
if ((int)pkcsBlockLen - hLen - 1 < saltLen + 2)
|
if ((int)pkcsBlockLen - hLen < saltLen + 2)
|
||||||
return PSS_SALTLEN_E;
|
return PSS_SALTLEN_E;
|
||||||
|
|
||||||
s = m = pkcsBlock;
|
s = m = pkcsBlock;
|
||||||
|
@ -1038,7 +1038,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||||
}
|
}
|
||||||
else if (saltLen > hLen || saltLen < -1)
|
else if (saltLen > hLen || saltLen < -1)
|
||||||
return PSS_SALTLEN_E;
|
return PSS_SALTLEN_E;
|
||||||
if ((int)pkcsBlockLen - hLen - 1 < saltLen + 2)
|
if ((int)pkcsBlockLen - hLen < saltLen + 2)
|
||||||
return PSS_SALTLEN_E;
|
return PSS_SALTLEN_E;
|
||||||
|
|
||||||
if (pkcsBlock[pkcsBlockLen - 1] != RSA_PSS_PAD_TERM) {
|
if (pkcsBlock[pkcsBlockLen - 1] != RSA_PSS_PAD_TERM) {
|
||||||
|
@ -1074,11 +1074,8 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||||
|
|
||||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||||
|
|
||||||
i = pkcsBlockLen - (RSA_PSS_PAD_SZ + saltLen + 2 * hLen + 1);
|
*output = pkcsBlock + pkcsBlockLen - (hLen + saltLen + 1);
|
||||||
XMEMSET(pkcsBlock + i, 0, RSA_PSS_PAD_SZ);
|
return saltLen + hLen;
|
||||||
|
|
||||||
*output = pkcsBlock + i;
|
|
||||||
return RSA_PSS_PAD_SZ + saltLen + 2 * hLen;
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -2170,7 +2167,7 @@ int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out, word32 outLen,
|
||||||
int wc_RsaPSS_CheckPadding(const byte* in, word32 inSz, byte* sig,
|
int wc_RsaPSS_CheckPadding(const byte* in, word32 inSz, byte* sig,
|
||||||
word32 sigSz, enum wc_HashType hashType)
|
word32 sigSz, enum wc_HashType hashType)
|
||||||
{
|
{
|
||||||
return wc_RsaPSS_CheckPadding_ex(in, inSz, sig, sigSz, hashType, inSz);
|
return wc_RsaPSS_CheckPadding_ex(in, inSz, sig, sigSz, hashType, inSz, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Checks the PSS data to ensure that the signature matches.
|
/* Checks the PSS data to ensure that the signature matches.
|
||||||
|
@ -2188,33 +2185,46 @@ int wc_RsaPSS_CheckPadding(const byte* in, word32 inSz, byte* sig,
|
||||||
*/
|
*/
|
||||||
int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inSz, byte* sig,
|
int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inSz, byte* sig,
|
||||||
word32 sigSz, enum wc_HashType hashType,
|
word32 sigSz, enum wc_HashType hashType,
|
||||||
int saltLen)
|
int saltLen, int bits)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
byte sigCheck[WC_MAX_DIGEST_SIZE*2 + RSA_PSS_PAD_SZ];
|
||||||
|
|
||||||
|
(void)bits;
|
||||||
|
|
||||||
if (in == NULL || sig == NULL ||
|
if (in == NULL || sig == NULL ||
|
||||||
inSz != (word32)wc_HashGetDigestSize(hashType))
|
inSz != (word32)wc_HashGetDigestSize(hashType))
|
||||||
ret = BAD_FUNC_ARG;
|
ret = BAD_FUNC_ARG;
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (saltLen == -1)
|
if (saltLen == -1) {
|
||||||
saltLen = inSz;
|
saltLen = inSz;
|
||||||
|
#ifdef WOLFSSL_SHA512
|
||||||
|
/* See FIPS 186-4 section 5.5 item (e). */
|
||||||
|
if (bits == 1024 && inSz == WC_SHA512_DIGEST_SIZE)
|
||||||
|
saltLen = RSA_PSS_SALT_MAX_SZ;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else if (saltLen < -1 || (word32)saltLen > inSz)
|
else if (saltLen < -1 || (word32)saltLen > inSz)
|
||||||
ret = PSS_SALTLEN_E;
|
ret = PSS_SALTLEN_E;
|
||||||
}
|
}
|
||||||
/* Sig = 8 * 0x00 | Space for Message Hash | Salt | Exp Hash */
|
|
||||||
|
/* Sig = Salt | Exp Hash */
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (sigSz != RSA_PSS_PAD_SZ + inSz + (word32)saltLen + inSz)
|
if (sigSz != inSz + saltLen)
|
||||||
ret = BAD_PADDING_E;
|
ret = BAD_PADDING_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Exp Hash = HASH(8 * 0x00 | Message Hash | Salt) */
|
/* Exp Hash = HASH(8 * 0x00 | Message Hash | Salt) */
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
XMEMCPY(sig + RSA_PSS_PAD_SZ, in, inSz);
|
XMEMSET(sigCheck, 0, RSA_PSS_PAD_SZ);
|
||||||
ret = wc_Hash(hashType, sig, RSA_PSS_PAD_SZ + inSz + saltLen, sig,
|
XMEMCPY(sigCheck + RSA_PSS_PAD_SZ, in, inSz);
|
||||||
inSz);
|
XMEMCPY(sigCheck + RSA_PSS_PAD_SZ + inSz, sig, saltLen);
|
||||||
|
ret = wc_Hash(hashType, sigCheck, RSA_PSS_PAD_SZ + inSz + saltLen,
|
||||||
|
sigCheck, inSz);
|
||||||
}
|
}
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (XMEMCMP(sig, sig + RSA_PSS_PAD_SZ + inSz + saltLen, inSz) != 0) {
|
if (XMEMCMP(sigCheck, sig + saltLen, inSz) != 0) {
|
||||||
WOLFSSL_MSG("RsaPSS_CheckPadding: Padding Error");
|
WOLFSSL_MSG("RsaPSS_CheckPadding: Padding Error");
|
||||||
ret = BAD_PADDING_E;
|
ret = BAD_PADDING_E;
|
||||||
}
|
}
|
||||||
|
@ -2242,7 +2252,7 @@ int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
|
||||||
const byte* digest, word32 digestLen,
|
const byte* digest, word32 digestLen,
|
||||||
enum wc_HashType hash, int mgf, RsaKey* key)
|
enum wc_HashType hash, int mgf, RsaKey* key)
|
||||||
{
|
{
|
||||||
int ret = 0, verify, saltLen, hLen;
|
int ret = 0, verify, saltLen, hLen, bits = 0;
|
||||||
|
|
||||||
hLen = wc_HashGetDigestSize(hash);
|
hLen = wc_HashGetDigestSize(hash);
|
||||||
if (hLen < 0)
|
if (hLen < 0)
|
||||||
|
@ -2253,17 +2263,15 @@ int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
|
||||||
saltLen = hLen;
|
saltLen = hLen;
|
||||||
#ifdef WOLFSSL_SHA512
|
#ifdef WOLFSSL_SHA512
|
||||||
/* See FIPS 186-4 section 5.5 item (e). */
|
/* See FIPS 186-4 section 5.5 item (e). */
|
||||||
if (mp_unsigned_bin_size(&key->n) == 1024 &&
|
bits = mp_count_bits(&key->n);
|
||||||
hLen == WC_SHA512_DIGEST_SIZE) {
|
if (bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE)
|
||||||
|
|
||||||
saltLen = RSA_PSS_SALT_MAX_SZ;
|
saltLen = RSA_PSS_SALT_MAX_SZ;
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
verify = wc_RsaPSS_VerifyInline_ex(in, inLen, out, hash, mgf, saltLen, key);
|
verify = wc_RsaPSS_VerifyInline_ex(in, inLen, out, hash, mgf, saltLen, key);
|
||||||
if (verify > 0)
|
if (verify > 0)
|
||||||
ret = wc_RsaPSS_CheckPadding_ex(digest, digestLen, *out, verify,
|
ret = wc_RsaPSS_CheckPadding_ex(digest, digestLen, *out, verify,
|
||||||
hash, saltLen);
|
hash, saltLen, bits);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = verify;
|
ret = verify;
|
||||||
|
|
||||||
|
@ -2290,7 +2298,7 @@ int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, byte* out, word32 outLen,
|
||||||
enum wc_HashType hash, int mgf,
|
enum wc_HashType hash, int mgf,
|
||||||
RsaKey* key)
|
RsaKey* key)
|
||||||
{
|
{
|
||||||
int ret = 0, verify, saltLen, hLen;
|
int ret = 0, verify, saltLen, hLen, bits = 0;
|
||||||
|
|
||||||
hLen = wc_HashGetDigestSize(hash);
|
hLen = wc_HashGetDigestSize(hash);
|
||||||
if (hLen < 0)
|
if (hLen < 0)
|
||||||
|
@ -2301,18 +2309,16 @@ int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, byte* out, word32 outLen,
|
||||||
saltLen = hLen;
|
saltLen = hLen;
|
||||||
#ifdef WOLFSSL_SHA512
|
#ifdef WOLFSSL_SHA512
|
||||||
/* See FIPS 186-4 section 5.5 item (e). */
|
/* See FIPS 186-4 section 5.5 item (e). */
|
||||||
if (mp_unsigned_bin_size(&key->n) == 1024 &&
|
bits = mp_count_bits(&key->n);
|
||||||
hLen == WC_SHA512_DIGEST_SIZE) {
|
if (bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE)
|
||||||
|
|
||||||
saltLen = RSA_PSS_SALT_MAX_SZ;
|
saltLen = RSA_PSS_SALT_MAX_SZ;
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
verify = wc_RsaPSS_Verify_ex(in, inLen, out, outLen, hash,
|
verify = wc_RsaPSS_Verify_ex(in, inLen, out, outLen, hash,
|
||||||
mgf, saltLen, key);
|
mgf, saltLen, key);
|
||||||
if (verify > 0)
|
if (verify > 0)
|
||||||
ret = wc_RsaPSS_CheckPadding_ex(digest, digestLen, out, verify,
|
ret = wc_RsaPSS_CheckPadding_ex(digest, digestLen, out, verify,
|
||||||
hash, saltLen);
|
hash, saltLen, bits);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = verify;
|
ret = verify;
|
||||||
|
|
||||||
|
|
|
@ -8873,8 +8873,8 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
|
||||||
ERROR_OUT(-5452, exit_rsa_pss);
|
ERROR_OUT(-5452, exit_rsa_pss);
|
||||||
plainSz = ret;
|
plainSz = ret;
|
||||||
|
|
||||||
ret = wc_RsaPSS_CheckPadding(digest, digestSz, plain, plainSz,
|
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
|
||||||
hash[j]);
|
hash[j], -1, wc_RsaEncryptSize(key)*8);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
ERROR_OUT(-5453, exit_rsa_pss);
|
ERROR_OUT(-5453, exit_rsa_pss);
|
||||||
|
|
||||||
|
@ -8942,7 +8942,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
|
||||||
#endif
|
#endif
|
||||||
if (ret >= 0) {
|
if (ret >= 0) {
|
||||||
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
|
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
|
||||||
hash[0], 0);
|
hash[0], 0, 0);
|
||||||
}
|
}
|
||||||
} while (ret == WC_PENDING_E);
|
} while (ret == WC_PENDING_E);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
|
@ -8965,7 +8965,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
|
||||||
plainSz = ret;
|
plainSz = ret;
|
||||||
|
|
||||||
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
|
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
|
||||||
0);
|
0, 0);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
ERROR_OUT(-5464, exit_rsa_pss);
|
ERROR_OUT(-5464, exit_rsa_pss);
|
||||||
|
|
||||||
|
@ -9025,11 +9025,11 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
|
||||||
ERROR_OUT(-5473, exit_rsa_pss);
|
ERROR_OUT(-5473, exit_rsa_pss);
|
||||||
|
|
||||||
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
|
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
|
||||||
-2);
|
-2, 0);
|
||||||
if (ret != PSS_SALTLEN_E)
|
if (ret != PSS_SALTLEN_E)
|
||||||
ERROR_OUT(-5474, exit_rsa_pss);
|
ERROR_OUT(-5474, exit_rsa_pss);
|
||||||
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
|
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
|
||||||
digestSz + 1);
|
digestSz + 1, 0);
|
||||||
if (ret != PSS_SALTLEN_E)
|
if (ret != PSS_SALTLEN_E)
|
||||||
ERROR_OUT(-5475, exit_rsa_pss);
|
ERROR_OUT(-5475, exit_rsa_pss);
|
||||||
|
|
||||||
|
|
|
@ -190,7 +190,7 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
|
||||||
WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen,
|
WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen,
|
||||||
byte* sig, word32 sigSz,
|
byte* sig, word32 sigSz,
|
||||||
enum wc_HashType hashType,
|
enum wc_HashType hashType,
|
||||||
int saltLen);
|
int saltLen, int bits);
|
||||||
WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
|
WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
|
||||||
const byte* digest, word32 digentLen,
|
const byte* digest, word32 digentLen,
|
||||||
enum wc_HashType hash, int mgf,
|
enum wc_HashType hash, int mgf,
|
||||||
|
|
Loading…
Reference in New Issue