@@ -163,7 +163,7 @@ define!(
163163// B. Verifying thread safety.
164164//
165165// 1. Calls towards the specific Pk implementation are done via function pointers.
166- //
166+ //
167167// - Example call towards Pk:
168168// ../../../mbedtls-sys/vendor/library/ssl_srv.c:3707 - mbedtls_pk_decrypt( private_key, p, len, ...
169169// - This calls a generic function pointer via:
@@ -174,7 +174,7 @@ define!(
174174// - The function pointers are defined via function:
175175// ../../../mbedtls-sys/vendor/crypto/library/pk.c:115 - mbedtls_pk_info_from_type
176176// - They are as follows: mbedtls_rsa_info / mbedtls_eckey_info / mbedtls_ecdsa_info
177- // - These are defined in:
177+ // - These are defined in:
178178// ../../../mbedtls-sys/vendor/crypto/library/pk_wrap.c:196
179179//
180180// C. Checking types one by one.
@@ -222,7 +222,7 @@ define!(
222222// mbedtls_ecp_mul_restartable: ../../../mbedtls-sys/vendor/crypto/library/ecp.c:2351
223223// MBEDTLS_ECP_INTERNAL_ALT is not defined. (otherwise it might not be safe depending on ecp_init/ecp_free) ../../../mbedtls-sys/build/config.rs:131
224224// Passes as const to: mbedtls_ecp_check_privkey / mbedtls_ecp_check_pubkey / mbedtls_ecp_get_type( grp
225- //
225+ //
226226// - Ignored due to not defined: ecdsa_verify_rs_wrap, ecdsa_sign_rs_wrap, ecdsa_rs_alloc, ecdsa_rs_free
227227// (Undefined - MBEDTLS_ECP_RESTARTABLE - ../../../mbedtls-sys/build/config.rs:173)
228228//
@@ -1040,8 +1040,9 @@ impl Pk {
10401040#[ cfg( test) ]
10411041mod tests {
10421042 use super :: * ;
1043- use crate :: hash:: Type ;
1043+ use crate :: hash:: { Type , MdInfo } ;
10441044 use crate :: pk:: Type as PkType ;
1045+ use rand:: Rng ;
10451046
10461047 // This is test data that must match library output *exactly*
10471048 const TEST_PEM : & ' static str = "-----BEGIN RSA PRIVATE KEY-----
@@ -1242,7 +1243,6 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
12421243 fn rsa_sign_verify_pkcs1v15 ( ) {
12431244 let mut pk =
12441245 Pk :: generate_rsa ( & mut crate :: test_support:: rand:: test_rng ( ) , 2048 , 0x10001 ) . unwrap ( ) ;
1245- let data = b"SIGNATURE TEST SIGNATURE TEST SI" ;
12461246 let mut signature = vec ! [ 0u8 ; ( pk. len( ) + 7 ) / 8 ] ;
12471247
12481248 let digests = [
@@ -1259,23 +1259,42 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
12591259 ] ;
12601260
12611261 for digest in & digests {
1262+ let digest = * digest;
1263+
1264+ let hash_len = if let Type :: None = digest {
1265+ // signing raw data, can be of random len but can't be 0
1266+ rand:: thread_rng ( ) . gen_range ( 1 , 64 )
1267+ } else {
1268+ // mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
1269+ // restartable variants now require at least the specified hash length if
1270+ // nonzero. Before, for RSA, hash_len was ignored in favor of the length of
1271+ // the specified hash algorithm.
1272+ Into :: < Option < MdInfo > > :: into ( digest)
1273+ . expect ( & format ! ( "Failed to convert {:?} to MdInfo" , digest) )
1274+ . size ( )
1275+ } ;
1276+
1277+ let data = rand:: thread_rng ( )
1278+ . gen_iter :: < u8 > ( )
1279+ . take ( hash_len)
1280+ . collect :: < Vec < _ > > ( ) ;
1281+
12621282 let len = pk
12631283 . sign (
1264- * digest,
1265- data,
1284+ digest,
1285+ & data,
12661286 & mut signature,
12671287 & mut crate :: test_support:: rand:: test_rng ( ) ,
12681288 )
12691289 . unwrap ( ) ;
1270- pk. verify ( * digest, data, & signature[ 0 ..len] ) . unwrap ( ) ;
1290+ pk. verify ( digest, & data, & signature[ 0 ..len] ) . unwrap ( ) ;
12711291 }
12721292 }
12731293
12741294 #[ test]
12751295 fn rsa_sign_verify_pss ( ) {
12761296 let mut pk =
12771297 Pk :: generate_rsa ( & mut crate :: test_support:: rand:: test_rng ( ) , 2048 , 0x10001 ) . unwrap ( ) ;
1278- let data = b"SIGNATURE TEST SIGNATURE TEST SI" ;
12791298 let mut signature = vec ! [ 0u8 ; ( pk. len( ) + 7 ) / 8 ] ;
12801299
12811300 let digests = [
@@ -1292,29 +1311,49 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
12921311 ] ;
12931312
12941313 for digest in & digests {
1314+ let digest = * digest;
1315+
1316+ let hash_len = if let Type :: None = digest {
1317+ // signing raw data, can be of random len but can't be 0
1318+ rand:: thread_rng ( ) . gen_range ( 1 , 64 )
1319+ } else {
1320+ // mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
1321+ // restartable variants now require at least the specified hash length if
1322+ // nonzero. Before, for RSA, hash_len was ignored in favor of the length of
1323+ // the specified hash algorithm.
1324+ Into :: < Option < MdInfo > > :: into ( digest)
1325+ . expect ( & format ! ( "Failed to convert {:?} to MdInfo" , digest) )
1326+ . size ( )
1327+ } ;
1328+
1329+ let data = rand:: thread_rng ( )
1330+ . gen_iter :: < u8 > ( )
1331+ . take ( hash_len)
1332+ . collect :: < Vec < _ > > ( ) ;
1333+
12951334 pk. set_options ( Options :: Rsa {
1296- padding : RsaPadding :: Pkcs1V21 { mgf : * digest } ,
1335+ padding : RsaPadding :: Pkcs1V21 { mgf : digest } ,
12971336 } ) ;
12981337
1299- if * digest == Type :: None {
1338+ if digest == Type :: None {
13001339 assert ! ( pk
13011340 . sign(
1302- * digest,
1303- data,
1341+ digest,
1342+ & data,
13041343 & mut signature,
13051344 & mut crate :: test_support:: rand:: test_rng( )
13061345 )
13071346 . is_err( ) ) ;
13081347 } else {
13091348 let len = pk
13101349 . sign (
1311- * digest,
1312- data,
1350+ digest,
1351+ & data,
13131352 & mut signature,
13141353 & mut crate :: test_support:: rand:: test_rng ( ) ,
13151354 )
13161355 . unwrap ( ) ;
1317- pk. verify ( * digest, data, & signature[ 0 ..len] ) . unwrap ( ) ;
1356+ pk. verify ( digest, & data, & signature[ 0 ..len] ) . unwrap ( ) ;
13181357 }
13191358 }
13201359 }
0 commit comments