ARMmbed

Call mbedtls_rsa_import() without calling mbedtls_rsa_complete()

Hi. In mbedTLS , tests/suites/test_suite_rsa.function, there are many occasions mbedtls_rsa_import() and mbedtls_rsa_pkcs1_sign() is called without mbedtls_rsa_complete() inbetween.
However, in the mbedtls API specification, it is said,

" Any sequence of calls to this function should be followed by a call to mbedtls_rsa_complete(), which checks and completes the provided information to a ready-for-use public or private RSA key."

I just want to ask whether this is an inconsistency between the specification and the test suite, or did I misunderstand something ?

This matters because, since I assume all import() sequence must be followed by a call to complete(); my alternative implementation for rsa signing/verifying did not pass mbedTLS test suite. In details, my platform does not use the modulus N, prime P, Q, public E directly, so I need to replace the code inside mbedtls_rsa_complete() with code that check if N and E parameter are present, then create a private key object from that. Therefore, if the test suite does not call complete() after importing the N,E, etc. my implementation does not have the private key object to do signing/verifying.

Thanks for reading,

Hi @KayT Thank you for your interest!
I have checked the tests, and all the tests that import to the rsa context, before private key operations ( sign and decrypt) call mbedtls_rsa_complete() before the opertation,

The public operations however( verify and encrypt) don’t call mbedtls_rsa_coplete(), but since they import the public components( N and E), then it is less needed to be called, however I agree that it’s good coding to have it in the public operations as well.
Have you considered implementating an alternative to rsa with MBEDTLS_RSA_ALT ?
Regards,
Mbed TLS Team member
Ron