Commit fbf09154 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard Committed by Paul Bakker
Browse files

Fix bug in RSA PKCS#1 v1.5 "reversed" operations

parent c4919bc5
......@@ -7,6 +7,7 @@ Features
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of
statistics
* Fix buf in RSA PKCS#1 v1.5 "reversed" operations
= PolarSSL 1.3.4 released on 2014-01-27
Features
......
......@@ -809,7 +809,7 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
* (minus one, for the 00 byte) */
for( i = 0; i < ilen - 3; i++ )
{
pad_done |= ( p[i] == 0xFF );
pad_done |= ( p[i] != 0xFF );
pad_count += ( pad_done == 0 );
}
......
......@@ -160,6 +160,21 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
if( padding_mode == RSA_PKCS_V15 )
{
memset( output, 0x00, 1000 );
memset( output_str, 0x00, 1000 );
TEST_ASSERT( rsa_rsaes_pkcs1_v15_encrypt( &ctx,
&rnd_pseudo_rand, &rnd_info, RSA_PRIVATE,
hash_len, hash_result, output ) == 0 );
hexify( output_str, output, ctx.len );
TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
}
mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
rsa_free( &ctx );
}
......@@ -174,13 +189,15 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
unsigned char message_str[1000];
unsigned char hash_result[1000];
unsigned char result_str[1000];
unsigned char output[1000];
rsa_context ctx;
size_t hash_len;
size_t hash_len, olen;
rsa_init( &ctx, padding_mode, 0 );
memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
memset( result_str, 0x00, 1000 );
memset( output, 0x00, sizeof( output ) );
ctx.len = mod / 8;
TEST_ASSERT( mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
......@@ -194,6 +211,22 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, POLARSSL_MD_NONE, hash_len, hash_result, result_str ) == correct );
/* For PKCS#1 v1.5, there is an alternative way to verify signatures */
if( padding_mode == RSA_PKCS_V15 )
{
int ok;
TEST_ASSERT( rsa_rsaes_pkcs1_v15_decrypt( &ctx,
NULL, NULL, RSA_PUBLIC,
&olen, result_str, output, sizeof( output ) ) == 0 );
ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
if( correct == 0 )
TEST_ASSERT( ok == 1 );
else
TEST_ASSERT( ok == 0 );
}
rsa_free( &ctx );
}
/* END_CASE */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment