pk_info: Make signature_size mandatory
All pk implementations must supply a signature_size method if they
support signing.
Move the function together with the other metadata functions.
diff --git a/include/mbedtls/pk_info.h b/include/mbedtls/pk_info.h
index a90e489..a852ab8 100644
--- a/include/mbedtls/pk_info.h
+++ b/include/mbedtls/pk_info.h
@@ -106,6 +106,14 @@
* usage restrictions into account. */
int (*can_do)( const void * ctx, mbedtls_pk_type_t type );
+ /** Signature size
+ *
+ * mbedtls_pk_signature_size() returns this value.
+ *
+ * Opaque implementations may omit this method if they do not support
+ * signature. */
+ size_t (*signature_size_func)( const void *ctx );
+
/** Verify signature
*
* mbedtls_pk_verify() calls this function.
@@ -210,14 +218,6 @@
* Opaque implementations may omit this method. */
void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
- /** Signature size
- *
- * mbedtls_pk_signature_size() returns this value.
- *
- * Opaque implementations may omit this method. In this case, the value
- * returned by \c get_bitlen (rounded up to a whole number of bytes)
- * is used instead. */
- size_t (*signature_size_func)( const void *ctx );
};
#ifdef __cplusplus
diff --git a/library/pk.c b/library/pk.c
index d8801b5..52bcb86 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -363,9 +363,9 @@
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->signature_size_func == NULL )
- return( ( ctx->pk_info->get_bitlen( ctx->pk_ctx ) + 7 ) / 8 );
- else
- return( ctx->pk_info->signature_size_func( ctx->pk_ctx ) );
+ return( 0 );
+
+ return( ctx->pk_info->signature_size_func( ctx->pk_ctx ) );
}
/*
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 393fdeb..17df304 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -119,6 +119,12 @@
md_alg, (unsigned int) hash_len, hash, sig ) );
}
+static size_t rsa_signature_size( const void *ctx_arg )
+{
+ const mbedtls_rsa_context *ctx = ctx_arg;
+ return( ctx->len );
+}
+
static int rsa_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@@ -187,6 +193,7 @@
"RSA",
rsa_get_bitlen,
rsa_can_do,
+ rsa_signature_size,
rsa_verify_wrap,
rsa_sign_wrap,
rsa_decrypt_wrap,
@@ -195,7 +202,6 @@
rsa_alloc_wrap,
rsa_free_wrap,
rsa_debug,
- NULL,
};
#endif /* MBEDTLS_RSA_C */
@@ -305,11 +311,13 @@
eckey_get_bitlen,
eckey_can_do,
#if defined(MBEDTLS_ECDSA_C)
+ ecdsa_signature_size,
eckey_verify_wrap,
eckey_sign_wrap,
#else
NULL,
NULL,
+ NULL,
#endif
NULL,
NULL,
@@ -317,11 +325,6 @@
eckey_alloc_wrap,
eckey_free_wrap,
eckey_debug,
-#if defined(MBEDTLS_ECDSA_C)
- ecdsa_signature_size,
-#else
- NULL,
-#endif
};
/*
@@ -343,11 +346,11 @@
NULL,
NULL,
NULL,
+ NULL,
eckey_check_pair,
eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */
eckey_debug, /* Same underlying key structure */
- NULL,
};
#endif /* MBEDTLS_ECP_C */
@@ -404,6 +407,7 @@
"ECDSA",
eckey_get_bitlen, /* Compatible key structures */
ecdsa_can_do,
+ ecdsa_signature_size,
ecdsa_verify_wrap,
ecdsa_sign_wrap,
NULL,
@@ -412,7 +416,6 @@
ecdsa_alloc_wrap,
ecdsa_free_wrap,
eckey_debug, /* Compatible key structures */
- ecdsa_signature_size,
};
#endif /* MBEDTLS_ECDSA_C */
@@ -452,6 +455,13 @@
md_alg, (unsigned int) hash_len, hash, sig ) );
}
+static size_t rsa_alt_signature_size( const void *ctx )
+{
+ const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
+
+ return( rsa_alt->key_len_func( rsa_alt->key ) );
+}
+
static int rsa_alt_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@@ -520,6 +530,7 @@
"RSA-alt",
rsa_alt_get_bitlen,
rsa_alt_can_do,
+ rsa_alt_signature_size,
NULL,
rsa_alt_sign_wrap,
rsa_alt_decrypt_wrap,
@@ -532,7 +543,6 @@
rsa_alt_alloc_wrap,
rsa_alt_free_wrap,
NULL,
- NULL,
};
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index f73022c..0bf9ef3 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -751,6 +751,7 @@
"mock",
opaque_mock_get_bitlen,
opaque_mock_can_do,
+ opaque_mock_signature_size_func,
opaque_mock_verify_func,
opaque_mock_sign_func,
opaque_mock_decrypt_func,
@@ -759,7 +760,6 @@
opaque_mock_ctx_alloc_func,
opaque_mock_ctx_free_func,
opaque_mock_debug_func,
- opaque_mock_signature_size_func,
};
mbedtls_pk_context ctx;
unsigned char sig[OPAQUE_MOCK_SIGNATURE_SIZE] = OPAQUE_MOCK_GOOD_SIGNATURE;
@@ -868,8 +868,8 @@
NULL,
NULL,
NULL,
- opaque_mock_ctx_free_func,
NULL,
+ opaque_mock_ctx_free_func,
NULL,
};
mbedtls_pk_context ctx;
@@ -883,8 +883,7 @@
TEST_ASSERT( mbedtls_pk_get_bitlen( &ctx ) == OPAQUE_MOCK_BITLEN );
TEST_ASSERT( mbedtls_pk_can_do( &ctx, OPAQUE_MOCK_CAN_DO ) == 1 );
TEST_ASSERT( mbedtls_pk_can_do( &ctx, OPAQUE_MOCK_CAN_DO ^ 1 ) == 0 );
- TEST_ASSERT( mbedtls_pk_signature_size( &ctx ) ==
- ( OPAQUE_MOCK_BITLEN + 7 ) / 8 );
+ TEST_ASSERT( mbedtls_pk_signature_size( &ctx ) == 0 );
TEST_ASSERT( mbedtls_pk_verify( &ctx, OPAQUE_MOCK_MD_ALG,
NULL, 0, NULL, 0 ) ==
@@ -939,8 +938,8 @@
NULL,
NULL,
NULL,
- opaque_mock_ctx_alloc_fail,
NULL,
+ opaque_mock_ctx_alloc_fail,
NULL,
NULL,
};
@@ -970,6 +969,7 @@
"RSA-opaque-wrapper",
mbedtls_rsa_info->get_bitlen,
mbedtls_rsa_info->can_do,
+ mbedtls_rsa_info->signature_size_func,
mbedtls_rsa_info->verify_func,
mbedtls_rsa_info->sign_func,
mbedtls_rsa_info->decrypt_func,
@@ -978,7 +978,6 @@
mbedtls_rsa_info->ctx_alloc_func,
mbedtls_rsa_info->ctx_free_func,
mbedtls_rsa_info->debug_func,
- NULL, // signature_size_func: the fallback implementation is fine
};
/* Generate an RSA key to use in both contexts */