PK: declare restartable sign/verify functions
For RSA, we could either have the function return an error code like NOT_IMPLEMENTED or just run while disregarding ecp_max_ops. IMO the second option makes more sense, as otherwise the caller would need to check whether the key is EC or RSA before deciding to call either sign() or sign_restartable(), and having to do this kind of check feels contrary to the goal of the PK layer.
This commit is contained in:
parent
fd838dab5c
commit
82cb27b3db
2 changed files with 94 additions and 6 deletions
|
@ -284,6 +284,33 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len );
|
||||
|
||||
/**
|
||||
* \brief Restartable version of \c mbedtls_pk_verify()
|
||||
*
|
||||
* \note Performs the same job as \c mbedtls_pk_verify(), but can
|
||||
* return early and restart according to the limit set with
|
||||
* \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
|
||||
* operations. For RSA, same as \c mbedtls_pk_verify().
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Signature to verify
|
||||
* \param sig_len Signature length
|
||||
* \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
|
||||
* pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
|
||||
*
|
||||
* \return See \c mbedtls_pk_verify(), or
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len,
|
||||
void *rs_ctx );
|
||||
|
||||
/**
|
||||
* \brief Verify signature, with options.
|
||||
* (Includes verification of the padding depending on type.)
|
||||
|
@ -347,6 +374,36 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Restartable version of \c mbedtls_pk_sign()
|
||||
*
|
||||
* \note Performs the same job as \c mbedtls_pk_sign(), but can
|
||||
* return early and restart according to the limit set with
|
||||
* \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
|
||||
* operations. For RSA, same as \c mbedtls_pk_sign().
|
||||
*
|
||||
* \param ctx PK context to use - must hold a private key
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Place to write the signature
|
||||
* \param sig_len Number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
|
||||
* pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
|
||||
*
|
||||
* \return See \c mbedtls_pk_sign(), or
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
void *rs_ctx );
|
||||
|
||||
/**
|
||||
* \brief Decrypt message (including padding if relevant).
|
||||
*
|
||||
|
|
43
library/pk.c
43
library/pk.c
|
@ -176,12 +176,16 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len
|
|||
}
|
||||
|
||||
/*
|
||||
* Verify a signature
|
||||
* Verify a signature (restartable)
|
||||
*/
|
||||
int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
const unsigned char *sig, size_t sig_len,
|
||||
void *rs_ctx )
|
||||
{
|
||||
(void) rs_ctx; // XXX temporary
|
||||
|
||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
@ -193,6 +197,17 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
sig, sig_len ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify a signature
|
||||
*/
|
||||
int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
|
||||
sig, sig_len, NULL ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify a signature with options
|
||||
*/
|
||||
|
@ -252,13 +267,17 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
}
|
||||
|
||||
/*
|
||||
* Make a signature
|
||||
* Make a signature (restartable)
|
||||
*/
|
||||
int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
void *rs_ctx )
|
||||
{
|
||||
(void) rs_ctx; // XXX temporary
|
||||
|
||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
@ -270,6 +289,18 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
sig, sig_len, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Make a signature
|
||||
*/
|
||||
int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
|
||||
sig, sig_len, f_rng, p_rng, NULL ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt message
|
||||
*/
|
||||
|
|
Loading…
Reference in a new issue