Make PK EC sign/verify actually restartable
diff --git a/library/ecdsa.c b/library/ecdsa.c
index e137a00..6730762 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -779,6 +779,9 @@
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
ctx->det = NULL;
#endif
+#if defined(MBEDTLS_PK_C)
+ ctx->ecdsa = NULL;
+#endif
}
/*
@@ -801,6 +804,12 @@
mbedtls_free( ctx->det );
ctx->det = NULL;
#endif
+
+#if defined(MBEDTLS_PK_C)
+ mbedtls_ecdsa_free( ctx->ecdsa );
+ mbedtls_free( ctx->ecdsa );
+ ctx->ecdsa = NULL;
+#endif
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
diff --git a/library/pk.c b/library/pk.c
index b5081f9..e439c7a 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -184,12 +184,20 @@
const unsigned char *sig, size_t sig_len,
void *rs_ctx )
{
- (void) rs_ctx; // XXX temporary
-
if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ctx->pk_info->verify_rs_func != NULL )
+ {
+ return( ctx->pk_info->verify_rs_func( ctx->pk_ctx,
+ md_alg, hash, hash_len, sig, sig_len, rs_ctx ) );
+ }
+#else
+ (void) rs_ctx;
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
if( ctx->pk_info->verify_func == NULL )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
@@ -276,12 +284,20 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
void *rs_ctx )
{
- (void) rs_ctx; // XXX temporary
-
if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ctx->pk_info->sign_rs_func != NULL )
+ {
+ return( ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
+ hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx ) );
+ }
+#else
+ (void) rs_ctx;
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
if( ctx->pk_info->sign_func == NULL )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index db6274c..d3933a0 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -180,6 +180,10 @@
rsa_can_do,
rsa_verify_wrap,
rsa_sign_wrap,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
rsa_decrypt_wrap,
rsa_encrypt_wrap,
rsa_check_pair_wrap,
@@ -252,6 +256,118 @@
return( ret );
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/* Forward declarations */
+static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx );
+
+static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx );
+
+static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *p_rs_ctx )
+{
+ int ret;
+ mbedtls_ecdsa_context ecdsa, *p_ecdsa = &ecdsa;
+ mbedtls_ecdsa_restart_ctx *rs_ctx = p_rs_ctx;
+
+ mbedtls_ecdsa_init( &ecdsa );
+
+ /* set up our own sub-context if needed */
+ if( mbedtls_ecp_restart_enabled() &&
+ rs_ctx != NULL && rs_ctx->ecdsa == NULL )
+ {
+ rs_ctx->ecdsa = mbedtls_calloc( 1, sizeof( *rs_ctx->ecdsa ) );
+ if( rs_ctx->ecdsa == NULL )
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+ mbedtls_ecdsa_init( rs_ctx->ecdsa );
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( rs_ctx->ecdsa, ctx ) );
+ }
+
+ if( rs_ctx != NULL && rs_ctx->ecdsa != NULL )
+ {
+ /* redirect to our context */
+ p_ecdsa = rs_ctx->ecdsa;
+ }
+ else
+ {
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( p_ecdsa, ctx ) );
+ }
+
+ MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( p_ecdsa, md_alg, hash, hash_len,
+ sig, sig_len, rs_ctx ) );
+
+cleanup:
+ /* clear our sub-context when not in progress (done or error) */
+ if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) {
+ mbedtls_ecdsa_free( rs_ctx->ecdsa );
+ mbedtls_free( rs_ctx->ecdsa );
+ rs_ctx->ecdsa = NULL;
+ }
+
+ mbedtls_ecdsa_free( &ecdsa );
+
+ return( ret );
+}
+
+static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *p_rs_ctx )
+{
+ int ret;
+ mbedtls_ecdsa_context ecdsa, *p_ecdsa = &ecdsa;
+ mbedtls_ecdsa_restart_ctx *rs_ctx = p_rs_ctx;
+
+ mbedtls_ecdsa_init( &ecdsa );
+
+ /* set up our own sub-context if needed */
+ if( mbedtls_ecp_restart_enabled() &&
+ rs_ctx != NULL && rs_ctx->ecdsa == NULL )
+ {
+ rs_ctx->ecdsa = mbedtls_calloc( 1, sizeof( *rs_ctx->ecdsa ) );
+ if( rs_ctx->ecdsa == NULL )
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+ mbedtls_ecdsa_init( rs_ctx->ecdsa );
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( rs_ctx->ecdsa, ctx ) );
+ }
+
+ if( rs_ctx != NULL && rs_ctx->ecdsa != NULL )
+ {
+ /* redirect to our context */
+ p_ecdsa = rs_ctx->ecdsa;
+ }
+ else
+ {
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( p_ecdsa, ctx ) );
+ }
+
+ MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( p_ecdsa, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng, rs_ctx ) );
+
+cleanup:
+ /* clear our sub-context when not in progress (done or error) */
+ if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) {
+ mbedtls_ecdsa_free( rs_ctx->ecdsa );
+ mbedtls_free( rs_ctx->ecdsa );
+ rs_ctx->ecdsa = NULL;
+ }
+
+ mbedtls_ecdsa_free( &ecdsa );
+
+ return( ret );
+}
+#endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDSA_C */
static int eckey_check_pair( const void *pub, const void *prv )
@@ -291,10 +407,18 @@
#if defined(MBEDTLS_ECDSA_C)
eckey_verify_wrap,
eckey_sign_wrap,
-#else
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ eckey_verify_rs_wrap,
+ eckey_sign_rs_wrap,
+#endif
+#else /* MBEDTLS_ECDSA_C */
+ NULL,
+ NULL,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
NULL,
NULL,
#endif
+#endif /* MBEDTLS_ECDSA_C */
NULL,
NULL,
eckey_check_pair,
@@ -319,6 +443,10 @@
eckeydh_can_do,
NULL,
NULL,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
NULL,
NULL,
eckey_check_pair,
@@ -359,6 +487,40 @@
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx )
+{
+ int ret;
+ ((void) md_alg);
+
+ ret = mbedtls_ecdsa_read_signature_restartable(
+ (mbedtls_ecdsa_context *) ctx,
+ hash, hash_len, sig, sig_len,
+ (mbedtls_ecdsa_restart_ctx *) rs_ctx );
+
+ if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
+ return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
+ return( ret );
+}
+
+static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx )
+{
+ return( mbedtls_ecdsa_write_signature_restartable(
+ (mbedtls_ecdsa_context *) ctx,
+ md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
+ (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
+
+}
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
static void *ecdsa_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
@@ -382,6 +544,10 @@
ecdsa_can_do,
ecdsa_verify_wrap,
ecdsa_sign_wrap,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ ecdsa_verify_rs_wrap,
+ ecdsa_sign_rs_wrap,
+#endif
NULL,
NULL,
eckey_check_pair, /* Compatible key structures */
@@ -496,6 +662,10 @@
rsa_alt_can_do,
NULL,
rsa_alt_sign_wrap,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
rsa_alt_decrypt_wrap,
NULL,
#if defined(MBEDTLS_RSA_C)