PK: declare restartable sign/verify functions
For RSA, we could either have the function return an error code like
NOT_IMPLEMENTED or just run while disregarding ecp_max_ops. IMO the second
option makes more sense, as otherwise the caller would need to check whether
the key is EC or RSA before deciding to call either sign() or
sign_restartable(), and having to do this kind of check feels contrary to the
goal of the PK layer.
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index f9f9b9b..05c51d3 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -285,6 +285,33 @@
const unsigned char *sig, size_t sig_len );
/**
+ * \brief Restartable version of \c mbedtls_pk_verify()
+ *
+ * \note Performs the same job as \c mbedtls_pk_verify(), but can
+ * return early and restart according to the limit set with
+ * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+ * operations. For RSA, same as \c mbedtls_pk_verify().
+ *
+ * \param ctx PK context to use
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length or 0 (see notes)
+ * \param sig Signature to verify
+ * \param sig_len Signature length
+ * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
+ * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
+ *
+ * \return See \c mbedtls_pk_verify(), or
+ * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ */
+int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx );
+
+/**
* \brief Verify signature, with options.
* (Includes verification of the padding depending on type.)
*
@@ -348,6 +375,36 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
+ * \brief Restartable version of \c mbedtls_pk_sign()
+ *
+ * \note Performs the same job as \c mbedtls_pk_sign(), but can
+ * return early and restart according to the limit set with
+ * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+ * operations. For RSA, same as \c mbedtls_pk_sign().
+ *
+ * \param ctx PK context to use - must hold a private key
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length or 0 (see notes)
+ * \param sig Place to write the signature
+ * \param sig_len Number of bytes written
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
+ * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
+ *
+ * \return See \c mbedtls_pk_sign(), or
+ * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ */
+int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx );
+
+/**
* \brief Decrypt message (including padding if relevant).
*
* \param ctx PK context to use - must hold a private key
diff --git a/library/pk.c b/library/pk.c
index 8d13bc5..b5081f9 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -176,12 +176,16 @@
}
/*
- * Verify a signature
+ * Verify a signature (restartable)
*/
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len )
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx )
{
+ (void) rs_ctx; // XXX temporary
+
if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -194,6 +198,17 @@
}
/*
+ * Verify a signature
+ */
+int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
+ return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
+ sig, sig_len, NULL ) );
+}
+
+/*
* Verify a signature with options
*/
int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
@@ -252,13 +267,17 @@
}
/*
- * Make a signature
+ * Make a signature (restartable)
*/
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx )
{
+ (void) rs_ctx; // XXX temporary
+
if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -271,6 +290,18 @@
}
/*
+ * Make a signature
+ */
+int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng, NULL ) );
+}
+
+/*
* Decrypt message
*/
int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,