Introduce mbedtls_pk_restart_ctx and use it
The fact that you needed to pass a pointer to mbedtls_ecdsa_restart_ctx (or that you needed to know the key type of the PK context) was a breach of abstraction. Change the API (and callers) now, and the implementation will be changed in the next commit.
This commit is contained in:
Manuel Pégourié-Gonnard
parent
98a6778d47
commit
15d7df2ba8
6 changed files with 69 additions and 25 deletions
|
|
@ -129,6 +129,19 @@ typedef struct
|
||||||
void * pk_ctx; /**< Underlying public key context */
|
void * pk_ctx; /**< Underlying public key context */
|
||||||
} mbedtls_pk_context;
|
} mbedtls_pk_context;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
|
/**
|
||||||
|
* \brief Context for resuming operations
|
||||||
|
*/
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
mbedtls_ecdsa_restart_ctx ecdsa; /* temporary */
|
||||||
|
} mbedtls_pk_restart_ctx;
|
||||||
|
#else
|
||||||
|
/* Now we can declare functions that take a pointer to that */
|
||||||
|
typedef void mbedtls_pk_restart_ctx;
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
/**
|
/**
|
||||||
* Quick access to an RSA context inside a PK context.
|
* Quick access to an RSA context inside a PK context.
|
||||||
|
|
@ -188,6 +201,18 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx );
|
||||||
*/
|
*/
|
||||||
void mbedtls_pk_free( mbedtls_pk_context *ctx );
|
void mbedtls_pk_free( mbedtls_pk_context *ctx );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
|
/**
|
||||||
|
* \brief Initialize a restart context
|
||||||
|
*/
|
||||||
|
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Free the components of a restart context
|
||||||
|
*/
|
||||||
|
void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
|
||||||
|
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Initialize a PK context with the information given
|
* \brief Initialize a PK context with the information given
|
||||||
* and allocates the type-specific PK subcontext.
|
* and allocates the type-specific PK subcontext.
|
||||||
|
|
@ -298,8 +323,7 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||||
* \param hash_len Hash length or 0 (see notes)
|
* \param hash_len Hash length or 0 (see notes)
|
||||||
* \param sig Signature to verify
|
* \param sig Signature to verify
|
||||||
* \param sig_len Signature length
|
* \param sig_len Signature length
|
||||||
* \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
|
* \param rs_ctx Restart context (NULL to disable restart)
|
||||||
* pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
|
|
||||||
*
|
*
|
||||||
* \return See \c mbedtls_pk_verify(), or
|
* \return See \c mbedtls_pk_verify(), or
|
||||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||||
|
|
@ -309,7 +333,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
||||||
mbedtls_md_type_t md_alg,
|
mbedtls_md_type_t md_alg,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len,
|
const unsigned char *sig, size_t sig_len,
|
||||||
void *rs_ctx );
|
mbedtls_pk_restart_ctx *rs_ctx );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Verify signature, with options.
|
* \brief Verify signature, with options.
|
||||||
|
|
@ -390,8 +414,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||||
* \param sig_len Number of bytes written
|
* \param sig_len Number of bytes written
|
||||||
* \param f_rng RNG function
|
* \param f_rng RNG function
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
|
* \param rs_ctx Restart context (NULL to disable restart)
|
||||||
* pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
|
|
||||||
*
|
*
|
||||||
* \return See \c mbedtls_pk_sign(), or
|
* \return See \c mbedtls_pk_sign(), or
|
||||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||||
|
|
@ -402,7 +425,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
unsigned char *sig, size_t *sig_len,
|
unsigned char *sig, size_t *sig_len,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||||
void *rs_ctx );
|
mbedtls_pk_restart_ctx *rs_ctx );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Decrypt message (including padding if relevant).
|
* \brief Decrypt message (including padding if relevant).
|
||||||
|
|
|
||||||
|
|
@ -172,7 +172,7 @@ typedef struct
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
/* for check_signature() */
|
/* for check_signature() */
|
||||||
mbedtls_ecdsa_restart_ctx ecdsa;
|
mbedtls_pk_restart_ctx pk;
|
||||||
|
|
||||||
/* for find_parent_in() */
|
/* for find_parent_in() */
|
||||||
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
|
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
|
||||||
|
|
|
||||||
25
library/pk.c
25
library/pk.c
|
|
@ -73,6 +73,27 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx )
|
||||||
mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
|
mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
|
/*
|
||||||
|
* Initialize a restart context
|
||||||
|
*/
|
||||||
|
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
|
||||||
|
{
|
||||||
|
mbedtls_ecdsa_restart_init( &ctx->ecdsa );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Free the components of a restart context
|
||||||
|
*/
|
||||||
|
void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
|
||||||
|
{
|
||||||
|
if( ctx == NULL )
|
||||||
|
return;
|
||||||
|
|
||||||
|
mbedtls_ecdsa_restart_free( &ctx->ecdsa );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get pk_info structure from type
|
* Get pk_info structure from type
|
||||||
*/
|
*/
|
||||||
|
|
@ -182,7 +203,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
||||||
mbedtls_md_type_t md_alg,
|
mbedtls_md_type_t md_alg,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len,
|
const unsigned char *sig, size_t sig_len,
|
||||||
void *rs_ctx )
|
mbedtls_pk_restart_ctx *rs_ctx )
|
||||||
{
|
{
|
||||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||||
|
|
@ -282,7 +303,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
unsigned char *sig, size_t *sig_len,
|
unsigned char *sig, size_t *sig_len,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||||
void *rs_ctx )
|
mbedtls_pk_restart_ctx *rs_ctx )
|
||||||
{
|
{
|
||||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||||
|
|
|
||||||
|
|
@ -2615,7 +2615,7 @@ ske_process:
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ecrs_enabled )
|
if( ssl->handshake->ecrs_enabled )
|
||||||
rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa;
|
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_verify_restartable(
|
if( ( ret = mbedtls_pk_verify_restartable(
|
||||||
|
|
@ -3290,7 +3290,7 @@ keys_derived:
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ecrs_enabled )
|
if( ssl->handshake->ecrs_enabled )
|
||||||
rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa;
|
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
|
if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
|
||||||
|
|
|
||||||
|
|
@ -1875,7 +1875,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child,
|
||||||
{
|
{
|
||||||
return( mbedtls_pk_verify_restartable( &parent->pk,
|
return( mbedtls_pk_verify_restartable( &parent->pk,
|
||||||
child->sig_md, hash, mbedtls_md_get_size( md_info ),
|
child->sig_md, hash, mbedtls_md_get_size( md_info ),
|
||||||
child->sig.p, child->sig.len, &rs_ctx->ecdsa ) );
|
child->sig.p, child->sig.len, &rs_ctx->pk ) );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
(void) rs_ctx;
|
(void) rs_ctx;
|
||||||
|
|
@ -2653,7 +2653,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
|
||||||
*/
|
*/
|
||||||
void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
|
void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
|
||||||
{
|
{
|
||||||
mbedtls_ecdsa_restart_init( &ctx->ecdsa );
|
mbedtls_pk_restart_init( &ctx->pk );
|
||||||
|
|
||||||
ctx->parent = NULL;
|
ctx->parent = NULL;
|
||||||
ctx->fallback_parent = NULL;
|
ctx->fallback_parent = NULL;
|
||||||
|
|
@ -2675,7 +2675,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx )
|
||||||
if( ctx == NULL )
|
if( ctx == NULL )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
mbedtls_ecdsa_restart_free( &ctx->ecdsa );
|
mbedtls_pk_restart_free( &ctx->pk );
|
||||||
|
|
||||||
mbedtls_x509_crt_restart_init( ctx );
|
mbedtls_x509_crt_restart_init( ctx );
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -127,12 +127,12 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
|
||||||
mbedtls_rsa_context *rsa;
|
mbedtls_rsa_context *rsa;
|
||||||
mbedtls_pk_context pk;
|
mbedtls_pk_context pk;
|
||||||
int msg_len;
|
int msg_len;
|
||||||
void *rs_ctx = NULL;
|
mbedtls_pk_restart_ctx *rs_ctx = NULL;
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
mbedtls_ecdsa_restart_ctx ctx;
|
mbedtls_pk_restart_ctx ctx;
|
||||||
|
|
||||||
rs_ctx = &ctx;
|
rs_ctx = &ctx;
|
||||||
mbedtls_ecdsa_restart_init( rs_ctx );
|
mbedtls_pk_restart_init( rs_ctx );
|
||||||
mbedtls_ecp_set_max_ops( 42 );
|
mbedtls_ecp_set_max_ops( 42 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
@ -163,7 +163,7 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
mbedtls_ecdsa_restart_free( rs_ctx );
|
mbedtls_pk_restart_free( rs_ctx );
|
||||||
#endif
|
#endif
|
||||||
mbedtls_pk_free( &pk );
|
mbedtls_pk_free( &pk );
|
||||||
}
|
}
|
||||||
|
|
@ -274,7 +274,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
||||||
int max_ops, int min_restart, int max_restart )
|
int max_ops, int min_restart, int max_restart )
|
||||||
{
|
{
|
||||||
int ret, cnt_restart;
|
int ret, cnt_restart;
|
||||||
mbedtls_ecdsa_restart_ctx rs_ctx;
|
mbedtls_pk_restart_ctx rs_ctx;
|
||||||
mbedtls_pk_context prv, pub;
|
mbedtls_pk_context prv, pub;
|
||||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
||||||
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
||||||
|
|
@ -282,7 +282,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
||||||
size_t hlen, slen, slen_check;
|
size_t hlen, slen, slen_check;
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
|
|
||||||
mbedtls_ecdsa_restart_init( &rs_ctx );
|
mbedtls_pk_restart_init( &rs_ctx );
|
||||||
mbedtls_pk_init( &prv );
|
mbedtls_pk_init( &prv );
|
||||||
mbedtls_pk_init( &pub );
|
mbedtls_pk_init( &pub );
|
||||||
memset( hash, 0, sizeof( hash ) );
|
memset( hash, 0, sizeof( hash ) );
|
||||||
|
|
@ -351,7 +351,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
||||||
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
|
||||||
hash, hlen, sig, slen, &rs_ctx );
|
hash, hlen, sig, slen, &rs_ctx );
|
||||||
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||||
mbedtls_ecdsa_restart_free( &rs_ctx );
|
mbedtls_pk_restart_free( &rs_ctx );
|
||||||
|
|
||||||
slen = sizeof( sig );
|
slen = sizeof( sig );
|
||||||
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
||||||
|
|
@ -359,7 +359,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
||||||
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_ecdsa_restart_free( &rs_ctx );
|
mbedtls_pk_restart_free( &rs_ctx );
|
||||||
mbedtls_pk_free( &prv );
|
mbedtls_pk_free( &prv );
|
||||||
mbedtls_pk_free( &pub );
|
mbedtls_pk_free( &pub );
|
||||||
}
|
}
|
||||||
|
|
@ -373,10 +373,10 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
||||||
size_t sig_len;
|
size_t sig_len;
|
||||||
void *rs_ctx = NULL;
|
void *rs_ctx = NULL;
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
mbedtls_ecdsa_restart_ctx ctx;
|
mbedtls_pk_restart_ctx ctx;
|
||||||
|
|
||||||
rs_ctx = &ctx;
|
rs_ctx = &ctx;
|
||||||
mbedtls_ecdsa_restart_init( rs_ctx );
|
mbedtls_pk_restart_init( rs_ctx );
|
||||||
mbedtls_ecp_set_max_ops( 42000 );
|
mbedtls_ecp_set_max_ops( 42000 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
@ -429,7 +429,7 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
mbedtls_ecdsa_restart_free( rs_ctx );
|
mbedtls_pk_restart_free( rs_ctx );
|
||||||
#endif
|
#endif
|
||||||
mbedtls_pk_free( &pk );
|
mbedtls_pk_free( &pk );
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue