Add restart support for ECDSA client auth

2017-05-17 11:56:15 +02:00 · 2017-05-17 11:56:15 +02:00 · 862cde5b8e
commit 862cde5b8e
parent 2350b4ebdc
4 changed files with 64 additions and 14 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -88,7 +88,7 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

-/* Shorthand for restartable */
+/* Shorthand for restartable ECC */
 #if defined(MBEDTLS_ECP_RESTARTABLE) && \
    defined(MBEDTLS_SSL_CLI_C) && \
    defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
@ -227,10 +227,14 @@ struct mbedtls_ssl_handshake_params
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+    int ec_restart_enabled;             /*!< Handshake supports EC restart? */
+    mbedtls_ecdsa_restart_ctx rs_ctx;   /*!< ECDSA restart context          */
    enum {
        ssl_ecrs_init = 0,              /*!< just getting started           */
        ssl_ecrs_ecdh_public_done,      /*!< wrote ECDHE public share       */
        ssl_ecrs_ecdh_completed,        /*!< completed ECDHE key exchange   */
+        ssl_ecrs_keys_derived,          /*!< ssl_derive_keys() done         */
+        ssl_ecrs_pk_sign_done,          /*!< done writing CertificateVerify */
    } ecrs_state;                       /*!< state for restartable ECC      */
    size_t ecrs_n;                      /*!< place for seving a length      */
 #endif