Document all effects of MBEDTLS_ECP_RESTARTABLE
It might not be obvious that this option goes beyond adding new functions, but also automagically modifies the behaviour of TLS in some circumstances. Moreover, the exact modifications and circumstances were not documented anywhere outside the ChangeLog. Fix that. While at it, adjust the test that checks no restartable behaviour with other key exchanges, to use a key exchange that allows cert-based client authentication so that we can check that this is not restartable either. We don't have any automated test checking that the server is never affected. That would require adding an ec_max_ops command-line option to ssl_server2 that never has any effect, just to check that it indeed doesn't. I'm not sure that's worth it. I tested manually and could confirm that the server never has restartable behaviour, even for the parts that are shared between client and server such as cert chain verification. Note (from re-reading the code): all restartable behaviour is controlled by the flag ssl->handshake->ecrs_enabled which is only client-side with the ECDHE-ECDSA key exchange (TLS 1.2). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
80f8c679c5
commit
2b7ad6472b
2 changed files with 34 additions and 6 deletions
|
|
@ -690,11 +690,33 @@
|
|||
* This is useful in non-threaded environments if you want to avoid blocking
|
||||
* for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
|
||||
*
|
||||
* Uncomment this macro to enable restartable ECC computations.
|
||||
* This option:
|
||||
* - Adds xxx_restartable() variants of existing operations in the
|
||||
* following modules, with corresponding restart context types:
|
||||
* - ECP: scalar multiplication (mult), linear combination (muladd);
|
||||
* - ECDSA: signature generation & verification;
|
||||
* - PK: signature generation & verification;
|
||||
* - X509: certificate chain verification.
|
||||
* - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
|
||||
* - Changes the behaviour of TLS 1.2 clients (not servers) when using the
|
||||
* ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
|
||||
* computations restartable:
|
||||
* - ECDH operations from the key exchange;
|
||||
* - verification of the server's key exchange signature;
|
||||
* - verification of the server's certificate chain;
|
||||
* - generation of our signature if client authentication is used, with an
|
||||
* ECC key/certificate.
|
||||
*
|
||||
* \note In the cases above, the usual SSL/TLS functions, such as
|
||||
* mbedtls_ssl_handshake(), can now return
|
||||
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
|
||||
*
|
||||
* \note This option only works with the default software implementation of
|
||||
* elliptic curve functionality. It is incompatible with
|
||||
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
|
||||
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT,
|
||||
* and MBEDTLS_USE_PSA_CRYPTO.
|
||||
*
|
||||
* Uncomment this macro to enable restartable ECC computations.
|
||||
*/
|
||||
//#define MBEDTLS_ECP_RESTARTABLE
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue