Introduce mbedtls_pk_restart_ctx and use it
The fact that you needed to pass a pointer to mbedtls_ecdsa_restart_ctx (or
that you needed to know the key type of the PK context) was a breach of
abstraction.
Change the API (and callers) now, and the implementation will be changed in
the next commit.
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 05c51d3..55b0668 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -129,6 +129,19 @@
void * pk_ctx; /**< Underlying public key context */
} mbedtls_pk_context;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Context for resuming operations
+ */
+typedef struct
+{
+ mbedtls_ecdsa_restart_ctx ecdsa; /* temporary */
+} mbedtls_pk_restart_ctx;
+#else
+/* Now we can declare functions that take a pointer to that */
+typedef void mbedtls_pk_restart_ctx;
+#endif
+
#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
@@ -188,6 +201,18 @@
*/
void mbedtls_pk_free( mbedtls_pk_context *ctx );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Initialize a restart context
+ */
+void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
+
+/**
+ * \brief Free the components of a restart context
+ */
+void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/**
* \brief Initialize a PK context with the information given
* and allocates the type-specific PK subcontext.
@@ -298,8 +323,7 @@
* \param hash_len Hash length or 0 (see notes)
* \param sig Signature to verify
* \param sig_len Signature length
- * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
- * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
+ * \param rs_ctx Restart context (NULL to disable restart)
*
* \return See \c mbedtls_pk_verify(), or
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -309,7 +333,7 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
- void *rs_ctx );
+ mbedtls_pk_restart_ctx *rs_ctx );
/**
* \brief Verify signature, with options.
@@ -390,8 +414,7 @@
* \param sig_len Number of bytes written
* \param f_rng RNG function
* \param p_rng RNG parameter
- * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
- * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
+ * \param rs_ctx Restart context (NULL to disable restart)
*
* \return See \c mbedtls_pk_sign(), or
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -402,7 +425,7 @@
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- void *rs_ctx );
+ mbedtls_pk_restart_ctx *rs_ctx );
/**
* \brief Decrypt message (including padding if relevant).
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 7487df6..3388c3b 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -172,7 +172,7 @@
typedef struct
{
/* for check_signature() */
- mbedtls_ecdsa_restart_ctx ecdsa;
+ mbedtls_pk_restart_ctx pk;
/* for find_parent_in() */
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */