@@ -163,7 +163,7 @@ define!(
163163// B. Verifying thread safety.
164164//
165165// 1. Calls towards the specific Pk implementation are done via function pointers.
166- //
166+ //
167167// - Example call towards Pk:
168168// ../../../mbedtls-sys/vendor/library/ssl_srv.c:3707 - mbedtls_pk_decrypt( private_key, p, len, ...
169169// - This calls a generic function pointer via:
@@ -174,7 +174,7 @@ define!(
174174// - The function pointers are defined via function:
175175// ../../../mbedtls-sys/vendor/crypto/library/pk.c:115 - mbedtls_pk_info_from_type
176176// - They are as follows: mbedtls_rsa_info / mbedtls_eckey_info / mbedtls_ecdsa_info
177- // - These are defined in:
177+ // - These are defined in:
178178// ../../../mbedtls-sys/vendor/crypto/library/pk_wrap.c:196
179179//
180180// C. Checking types one by one.
@@ -222,7 +222,7 @@ define!(
222222// mbedtls_ecp_mul_restartable: ../../../mbedtls-sys/vendor/crypto/library/ecp.c:2351
223223// MBEDTLS_ECP_INTERNAL_ALT is not defined. (otherwise it might not be safe depending on ecp_init/ecp_free) ../../../mbedtls-sys/build/config.rs:131
224224// Passes as const to: mbedtls_ecp_check_privkey / mbedtls_ecp_check_pubkey / mbedtls_ecp_get_type( grp
225- //
225+ //
226226// - Ignored due to not defined: ecdsa_verify_rs_wrap, ecdsa_sign_rs_wrap, ecdsa_rs_alloc, ecdsa_rs_free
227227// (Undefined - MBEDTLS_ECP_RESTARTABLE - ../../../mbedtls-sys/build/config.rs:173)
228228//
@@ -1042,7 +1042,6 @@ mod tests {
10421042 use super :: * ;
10431043 use crate :: hash:: { Type , MdInfo } ;
10441044 use crate :: pk:: Type as PkType ;
1045- use rand:: Rng ;
10461045
10471046 // This is test data that must match library output *exactly*
10481047 const TEST_PEM : & ' static str = "-----BEGIN RSA PRIVATE KEY-----
@@ -1243,6 +1242,7 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
12431242 fn rsa_sign_verify_pkcs1v15 ( ) {
12441243 let mut pk =
12451244 Pk :: generate_rsa ( & mut crate :: test_support:: rand:: test_rng ( ) , 2048 , 0x10001 ) . unwrap ( ) ;
1245+ let data = b"SIGNATURE TEST SIGNATURE TEST SIGNATURE TEST SIGNATURE TEST SIGN" ;
12461246 let mut signature = vec ! [ 0u8 ; ( pk. len( ) + 7 ) / 8 ] ;
12471247
12481248 let digests = [
@@ -1258,43 +1258,30 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
12581258 Type :: Ripemd ,
12591259 ] ;
12601260
1261- for digest in & digests {
1262- let digest = * digest;
1263-
1264- let hash_len = if let Type :: None = digest {
1265- // signing raw data, can be of random len but can't be 0
1266- rand:: thread_rng ( ) . gen_range ( 1 , 64 )
1261+ for & digest in & digests {
1262+ let data = if let Some ( md @ MdInfo { .. } ) = digest. into ( ) {
1263+ & data[ ..md. size ( ) ]
12671264 } else {
1268- // mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
1269- // restartable variants now require at least the specified hash length if
1270- // nonzero. Before, for RSA, hash_len was ignored in favor of the length of
1271- // the specified hash algorithm.
1272- Into :: < Option < MdInfo > > :: into ( digest)
1273- . expect ( & format ! ( "Failed to convert {:?} to MdInfo" , digest) )
1274- . size ( )
1265+ & data[ ..]
12751266 } ;
12761267
1277- let data = rand:: thread_rng ( )
1278- . gen_iter :: < u8 > ( )
1279- . take ( hash_len)
1280- . collect :: < Vec < _ > > ( ) ;
1281-
12821268 let len = pk
12831269 . sign (
12841270 digest,
1285- & data,
1271+ data,
12861272 & mut signature,
12871273 & mut crate :: test_support:: rand:: test_rng ( ) ,
12881274 )
12891275 . unwrap ( ) ;
1290- pk. verify ( digest, & data, & signature[ 0 ..len] ) . unwrap ( ) ;
1276+ pk. verify ( digest, data, & signature[ 0 ..len] ) . unwrap ( ) ;
12911277 }
12921278 }
12931279
12941280 #[ test]
12951281 fn rsa_sign_verify_pss ( ) {
12961282 let mut pk =
12971283 Pk :: generate_rsa ( & mut crate :: test_support:: rand:: test_rng ( ) , 2048 , 0x10001 ) . unwrap ( ) ;
1284+ let data = b"SIGNATURE TEST SIGNATURE TEST SIGNATURE TEST SIGNATURE TEST SIGN" ;
12981285 let mut signature = vec ! [ 0u8 ; ( pk. len( ) + 7 ) / 8 ] ;
12991286
13001287 let digests = [
@@ -1310,27 +1297,13 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
13101297 Type :: Ripemd ,
13111298 ] ;
13121299
1313- for digest in & digests {
1314- let digest = * digest;
1315-
1316- let hash_len = if let Type :: None = digest {
1317- // signing raw data, can be of random len but can't be 0
1318- rand:: thread_rng ( ) . gen_range ( 1 , 64 )
1300+ for & digest in & digests {
1301+ let data = if let Some ( md @ MdInfo { .. } ) = digest. into ( ) {
1302+ & data[ ..md. size ( ) ]
13191303 } else {
1320- // mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
1321- // restartable variants now require at least the specified hash length if
1322- // nonzero. Before, for RSA, hash_len was ignored in favor of the length of
1323- // the specified hash algorithm.
1324- Into :: < Option < MdInfo > > :: into ( digest)
1325- . expect ( & format ! ( "Failed to convert {:?} to MdInfo" , digest) )
1326- . size ( )
1304+ & data[ ..]
13271305 } ;
13281306
1329- let data = rand:: thread_rng ( )
1330- . gen_iter :: < u8 > ( )
1331- . take ( hash_len)
1332- . collect :: < Vec < _ > > ( ) ;
1333-
13341307 pk. set_options ( Options :: Rsa {
13351308 padding : RsaPadding :: Pkcs1V21 { mgf : digest } ,
13361309 } ) ;
@@ -1339,7 +1312,7 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
13391312 assert ! ( pk
13401313 . sign(
13411314 digest,
1342- & data,
1315+ data,
13431316 & mut signature,
13441317 & mut crate :: test_support:: rand:: test_rng( )
13451318 )
@@ -1348,12 +1321,12 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
13481321 let len = pk
13491322 . sign (
13501323 digest,
1351- & data,
1324+ data,
13521325 & mut signature,
13531326 & mut crate :: test_support:: rand:: test_rng ( ) ,
13541327 )
13551328 . unwrap ( ) ;
1356- pk. verify ( digest, & data, & signature[ 0 ..len] ) . unwrap ( ) ;
1329+ pk. verify ( digest, data, & signature[ 0 ..len] ) . unwrap ( ) ;
13571330 }
13581331 }
13591332 }
0 commit comments