Introduce mbedtls_pk_restart_ctx and use it
The fact that you needed to pass a pointer to mbedtls_ecdsa_restart_ctx (or
that you needed to know the key type of the PK context) was a breach of
abstraction.
Change the API (and callers) now, and the implementation will be changed in
the next commit.
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 05c51d3..55b0668 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -129,6 +129,19 @@
void * pk_ctx; /**< Underlying public key context */
} mbedtls_pk_context;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Context for resuming operations
+ */
+typedef struct
+{
+ mbedtls_ecdsa_restart_ctx ecdsa; /* temporary */
+} mbedtls_pk_restart_ctx;
+#else
+/* Now we can declare functions that take a pointer to that */
+typedef void mbedtls_pk_restart_ctx;
+#endif
+
#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
@@ -188,6 +201,18 @@
*/
void mbedtls_pk_free( mbedtls_pk_context *ctx );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Initialize a restart context
+ */
+void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
+
+/**
+ * \brief Free the components of a restart context
+ */
+void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/**
* \brief Initialize a PK context with the information given
* and allocates the type-specific PK subcontext.
@@ -298,8 +323,7 @@
* \param hash_len Hash length or 0 (see notes)
* \param sig Signature to verify
* \param sig_len Signature length
- * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
- * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
+ * \param rs_ctx Restart context (NULL to disable restart)
*
* \return See \c mbedtls_pk_verify(), or
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -309,7 +333,7 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
- void *rs_ctx );
+ mbedtls_pk_restart_ctx *rs_ctx );
/**
* \brief Verify signature, with options.
@@ -390,8 +414,7 @@
* \param sig_len Number of bytes written
* \param f_rng RNG function
* \param p_rng RNG parameter
- * \param rs_ctx Restart context: for ECC, must be NULL (no restart) or a
- * pointer to a \c mbedtls_ecdsa_restart_ctx. Ignored for RSA.
+ * \param rs_ctx Restart context (NULL to disable restart)
*
* \return See \c mbedtls_pk_sign(), or
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -402,7 +425,7 @@
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- void *rs_ctx );
+ mbedtls_pk_restart_ctx *rs_ctx );
/**
* \brief Decrypt message (including padding if relevant).
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 7487df6..3388c3b 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -172,7 +172,7 @@
typedef struct
{
/* for check_signature() */
- mbedtls_ecdsa_restart_ctx ecdsa;
+ mbedtls_pk_restart_ctx pk;
/* for find_parent_in() */
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
diff --git a/library/pk.c b/library/pk.c
index e439c7a..27ca5f3 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -73,6 +73,27 @@
mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/*
+ * Initialize a restart context
+ */
+void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
+{
+ mbedtls_ecdsa_restart_init( &ctx->ecdsa );
+}
+
+/*
+ * Free the components of a restart context
+ */
+void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_ecdsa_restart_free( &ctx->ecdsa );
+}
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/*
* Get pk_info structure from type
*/
@@ -182,7 +203,7 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
- void *rs_ctx )
+ mbedtls_pk_restart_ctx *rs_ctx )
{
if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
@@ -282,7 +303,7 @@
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- void *rs_ctx )
+ mbedtls_pk_restart_ctx *rs_ctx )
{
if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7ffeb5b..d53f7b2 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2615,7 +2615,7 @@
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ssl->handshake->ecrs_enabled )
- rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa;
+ rs_ctx = &ssl->handshake->ecrs_ctx.pk;
#endif
if( ( ret = mbedtls_pk_verify_restartable(
@@ -3290,7 +3290,7 @@
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ssl->handshake->ecrs_enabled )
- rs_ctx = &ssl->handshake->ecrs_ctx.ecdsa;
+ rs_ctx = &ssl->handshake->ecrs_ctx.pk;
#endif
if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9ab376d..a6f6a78 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1875,7 +1875,7 @@
{
return( mbedtls_pk_verify_restartable( &parent->pk,
child->sig_md, hash, mbedtls_md_get_size( md_info ),
- child->sig.p, child->sig.len, &rs_ctx->ecdsa ) );
+ child->sig.p, child->sig.len, &rs_ctx->pk ) );
}
#else
(void) rs_ctx;
@@ -2653,7 +2653,7 @@
*/
void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
{
- mbedtls_ecdsa_restart_init( &ctx->ecdsa );
+ mbedtls_pk_restart_init( &ctx->pk );
ctx->parent = NULL;
ctx->fallback_parent = NULL;
@@ -2675,7 +2675,7 @@
if( ctx == NULL )
return;
- mbedtls_ecdsa_restart_free( &ctx->ecdsa );
+ mbedtls_pk_restart_free( &ctx->pk );
mbedtls_x509_crt_restart_init( ctx );
}
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 6e8c032..176b08f 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -127,12 +127,12 @@
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
int msg_len;
- void *rs_ctx = NULL;
+ mbedtls_pk_restart_ctx *rs_ctx = NULL;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecdsa_restart_ctx ctx;
+ mbedtls_pk_restart_ctx ctx;
rs_ctx = &ctx;
- mbedtls_ecdsa_restart_init( rs_ctx );
+ mbedtls_pk_restart_init( rs_ctx );
mbedtls_ecp_set_max_ops( 42 );
#endif
@@ -163,7 +163,7 @@
exit:
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecdsa_restart_free( rs_ctx );
+ mbedtls_pk_restart_free( rs_ctx );
#endif
mbedtls_pk_free( &pk );
}
@@ -274,7 +274,7 @@
int max_ops, int min_restart, int max_restart )
{
int ret, cnt_restart;
- mbedtls_ecdsa_restart_ctx rs_ctx;
+ mbedtls_pk_restart_ctx rs_ctx;
mbedtls_pk_context prv, pub;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
@@ -282,7 +282,7 @@
size_t hlen, slen, slen_check;
const mbedtls_md_info_t *md_info;
- mbedtls_ecdsa_restart_init( &rs_ctx );
+ mbedtls_pk_restart_init( &rs_ctx );
mbedtls_pk_init( &prv );
mbedtls_pk_init( &pub );
memset( hash, 0, sizeof( hash ) );
@@ -351,7 +351,7 @@
ret = mbedtls_pk_verify_restartable( &pub, md_alg,
hash, hlen, sig, slen, &rs_ctx );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
- mbedtls_ecdsa_restart_free( &rs_ctx );
+ mbedtls_pk_restart_free( &rs_ctx );
slen = sizeof( sig );
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
@@ -359,7 +359,7 @@
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
exit:
- mbedtls_ecdsa_restart_free( &rs_ctx );
+ mbedtls_pk_restart_free( &rs_ctx );
mbedtls_pk_free( &prv );
mbedtls_pk_free( &pub );
}
@@ -373,10 +373,10 @@
size_t sig_len;
void *rs_ctx = NULL;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecdsa_restart_ctx ctx;
+ mbedtls_pk_restart_ctx ctx;
rs_ctx = &ctx;
- mbedtls_ecdsa_restart_init( rs_ctx );
+ mbedtls_pk_restart_init( rs_ctx );
mbedtls_ecp_set_max_ops( 42000 );
#endif
@@ -429,7 +429,7 @@
exit:
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecdsa_restart_free( rs_ctx );
+ mbedtls_pk_restart_free( rs_ctx );
#endif
mbedtls_pk_free( &pk );
}
