TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 2cca6f3290b5fc22517a9a684a3542fef5be44ac^! / . / library / rsa.c
commit2cca6f3290b5fc22517a9a684a3542fef5be44ac[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Fri Sep 29 11:46:40 2017 +0100
committerHanno Becker <hanno.becker@arm.com>Fri Sep 29 11:54:05 2017 +0100
tree239c63283d29cd8e76c1a800e7dc87cc5b23acae
parent45037ceac5b8c17f279f4e5e2e737abbc187b5d6 [diff] [blame]
Always deduce N from P, Q in mbedtls_rsa_complete

Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D,
E) wasn't - this is odd.

diff --git a/library/rsa.c b/library/rsa.c
index 3dde6ed..4ee9308 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -623,18 +623,35 @@
      * (2) D and potentially N missing.
      *
      */
-    const int complete   = have_N &&  have_P &&  have_Q &&  have_D && have_E;
-    const int pq_missing = have_N && !have_P && !have_Q &&  have_D && have_E;
-    const int d_missing  =            have_P &&  have_Q && !have_D && have_E;
-    const int is_pub     = have_N && !have_P && !have_Q && !have_D && have_E;
 
-    const int is_priv = complete || pq_missing || d_missing;
+    const int n_missing  =              have_P &&  have_Q &&  have_D && have_E;
+    const int pq_missing =   have_N && !have_P && !have_Q &&  have_D && have_E;
+    const int d_missing  =              have_P &&  have_Q && !have_D && have_E;
+    const int is_pub     =   have_N && !have_P && !have_Q && !have_D && have_E;
+
+    /* These three alternatives are mutually exclusive */
+    const int is_priv = n_missing || pq_missing || d_missing;
 
     if( !is_priv && !is_pub )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     /*
-     * Step 1: Deduce and verify all core parameters.
+     * Step 1: Deduce N if P, Q are provided.
+     */
+
+    if( !have_N && have_P && have_Q )
+    {
+        if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P,
+                                         &ctx->Q ) ) != 0 )
+        {
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
+        }
+
+        ctx->len = mbedtls_mpi_size( &ctx->N );
+    }
+
+    /*
+     * Step 2: Deduce and verify all remaining core parameters.
      */
 
     if( pq_missing )
@@ -660,13 +677,6 @@
         }
 #endif /* MBEDTLS_GENPRIME */
 
-        /* Compute N if missing. */
-        if( !have_N &&
-            ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-        }
-
         /* Deduce private exponent. This includes double-checking of the result,
          * so together with the primality test above all core parameters are
          * guaranteed to be sane if this call succeeds. */
@@ -680,7 +690,7 @@
     /* In the remaining case of a public key, there's nothing to check for. */
 
     /*
-     * Step 2: Deduce all additional parameters specific
+     * Step 3: Deduce all additional parameters specific
      *         to our current RSA implementaiton.
      */