Prepare infra for restartable sign

This commit is contained in:
Manuel Pégourié-Gonnard 2017-04-25 11:33:10 +02:00
parent eb402f3cd3
commit b90883dc1d
2 changed files with 161 additions and 35 deletions

View file

@ -64,6 +64,22 @@ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
*/ */
typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx; typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
/**
* \brief Internal restart context for ecdsa_sign()
*
* \note Opaque struct, defined in ecdsa.c
*/
typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
* \brief Internal restart context for ecdsa_sign_det()
*
* \note Opaque struct, defined in ecdsa.c
*/
typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
#endif
/** /**
* \brief General context for resuming ECDSA operations * \brief General context for resuming ECDSA operations
*/ */
@ -71,6 +87,10 @@ typedef struct
{ {
mbedtls_ecp_restart_ctx ecp; /*!< base context (admin+ecp info) */ mbedtls_ecp_restart_ctx ecp; /*!< base context (admin+ecp info) */
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
#endif
} mbedtls_ecdsa_restart_ctx; } mbedtls_ecdsa_restart_ctx;
#else /* MBEDTLS_ECP_RESTARTABLE */ #else /* MBEDTLS_ECP_RESTARTABLE */

View file

@ -86,18 +86,110 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
memset( ctx, 0, sizeof( *ctx ) ); memset( ctx, 0, sizeof( *ctx ) );
} }
/*
* Sub-contect for ecdsa_sign()
*/
struct mbedtls_ecdsa_restart_sig
{
enum { /* what to do next? */
ecdsa_sig_init = 0, /* getting started */
} state;
};
/*
* Init verify sign sub-context
*/
static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
{
memset( ctx, 0, sizeof( *ctx ) );
}
/*
* Free the components of a sign restart sub-context
*/
static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
{
if( ctx == NULL )
return;
memset( ctx, 0, sizeof( *ctx ) );
}
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/*
* Sub-contect for ecdsa_sign_det()
*/
struct mbedtls_ecdsa_restart_det
{
enum { /* what to do next? */
ecdsa_det_init = 0, /* getting started */
} state;
};
/*
* Init verify sign_det sub-context
*/
static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
{
memset( ctx, 0, sizeof( *ctx ) );
}
/*
* Free the components of a sign_det restart sub-context
*/
static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
{
if( ctx == NULL )
return;
memset( ctx, 0, sizeof( *ctx ) );
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
#define ECDSA_RS_ECP &rs_ctx->ecp #define ECDSA_RS_ECP &rs_ctx->ecp
/* Utility macro for checking and updating ops budget */ /* Utility macro for checking and updating ops budget */
#define ECDSA_BUDGET( ops ) \ #define ECDSA_BUDGET( ops ) \
MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) );
#define ECDSA_RS_ENTER( SUB ) do { \
/* reset ops count for this call if top-level */ \
if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) \
rs_ctx->ecp.ops_done = 0; \
\
/* set up our own sub-context if needed */ \
if( mbedtls_ecp_restart_enabled() && \
rs_ctx != NULL && rs_ctx->SUB == NULL ) \
{ \
rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \
if( rs_ctx->SUB == NULL ) \
return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \
\
ecdsa_restart_## SUB ##_init( rs_ctx->SUB ); \
} \
} while( 0 )
#define ECDSA_RS_LEAVE( SUB ) do { \
/* clear our sub-context when not in progress (done or error) */ \
if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { \
ecdsa_restart_## SUB ##_free( rs_ctx->SUB ); \
mbedtls_free( rs_ctx->SUB ); \
rs_ctx->SUB = NULL; \
} \
\
if( rs_ctx != NULL ) \
rs_ctx->ecp.depth--; \
} while( 0 )
#else /* MBEDTLS_ECP_RESTARTABLE */ #else /* MBEDTLS_ECP_RESTARTABLE */
#define ECDSA_RS_ECP NULL #define ECDSA_RS_ECP NULL
#define ECDSA_BUDGET( ops ) /* no-op; for compatibility */ #define ECDSA_BUDGET( ops ) /* no-op; for compatibility */
#define ECDSA_RS_ENTER( SUB ) (void) rs_ctx
#define ECDSA_RS_LEAVE( SUB ) (void) rs_ctx
#endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECP_RESTARTABLE */
/* /*
@ -137,8 +229,6 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
mbedtls_ecp_point R; mbedtls_ecp_point R;
mbedtls_mpi k, e, t; mbedtls_mpi k, e, t;
(void) rs_ctx; // temporary
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( grp->N.p == NULL ) if( grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@ -146,6 +236,19 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t ); mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
ECDSA_RS_ENTER( sig );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
{
/* redirect to our context */
// TODO
/* jump to current step */
// TODO
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
sign_tries = 0; sign_tries = 0;
do do
{ {
@ -213,6 +316,8 @@ cleanup:
mbedtls_ecp_point_free( &R ); mbedtls_ecp_point_free( &R );
mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t ); mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
ECDSA_RS_LEAVE( sig );
return( ret ); return( ret );
} }
@ -244,27 +349,40 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_mpi h; mbedtls_mpi h;
(void) rs_ctx; // temporary
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
mbedtls_mpi_init( &h ); mbedtls_mpi_init( &h );
mbedtls_hmac_drbg_init( &rng_ctx ); mbedtls_hmac_drbg_init( &rng_ctx );
ECDSA_RS_ENTER( det );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->det != NULL )
{
/* redirect to our context */
// TODO
/* jump to current step */
// TODO
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */ /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, &rng_ctx ); mbedtls_hmac_drbg_random, &rng_ctx, rs_ctx );
cleanup: cleanup:
mbedtls_hmac_drbg_free( &rng_ctx ); mbedtls_hmac_drbg_free( &rng_ctx );
mbedtls_mpi_free( &h ); mbedtls_mpi_free( &h );
ECDSA_RS_LEAVE( det );
return( ret ); return( ret );
} }
@ -294,10 +412,6 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
mbedtls_ecp_point R; mbedtls_ecp_point R;
mbedtls_mpi *pu1 = &u1, *pu2 = &u2; mbedtls_mpi *pu1 = &u1, *pu2 = &u2;
#if !defined(MBEDTLS_ECP_RESTARTABLE)
(void) rs_ctx;
#endif
mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv );
mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
@ -306,21 +420,9 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
if( grp->N.p == NULL ) if( grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
ECDSA_RS_ENTER( ver );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
/* reset ops count for this call if top-level */
if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 )
rs_ctx->ecp.ops_done = 0;
/* set up our own sub-context if needed */
if( mbedtls_ecp_restart_enabled() && rs_ctx != NULL && rs_ctx->ver == NULL )
{
rs_ctx->ver = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ver_ctx ) );
if( rs_ctx->ver == NULL )
return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
ecdsa_restart_ver_init( rs_ctx->ver );
}
if( rs_ctx != NULL && rs_ctx->ver != NULL ) if( rs_ctx != NULL && rs_ctx->ver != NULL )
{ {
/* redirect to our context */ /* redirect to our context */
@ -404,17 +506,7 @@ cleanup:
mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv );
mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
#if defined(MBEDTLS_ECP_RESTARTABLE) ECDSA_RS_LEAVE( ver );
/* clear our sub-context when not in progress (done or error) */
if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) {
ecdsa_restart_ver_free( rs_ctx->ver );
mbedtls_free( rs_ctx->ver );
rs_ctx->ver = NULL;
}
if( rs_ctx != NULL )
rs_ctx->ecp.depth--;
#endif /* MBEDTLS_ECP_RESTARTABLE */
return( ret ); return( ret );
} }
@ -632,6 +724,10 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
mbedtls_ecp_restart_init( &ctx->ecp ); mbedtls_ecp_restart_init( &ctx->ecp );
ctx->ver = NULL; ctx->ver = NULL;
ctx->sig = NULL;
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
ctx->det = NULL;
#endif
} }
/* /*
@ -644,6 +740,16 @@ void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
ecdsa_restart_ver_free( ctx->ver ); ecdsa_restart_ver_free( ctx->ver );
mbedtls_free( ctx->ver ); mbedtls_free( ctx->ver );
ctx->ver = NULL; ctx->ver = NULL;
ecdsa_restart_sig_free( ctx->sig );
mbedtls_free( ctx->sig );
ctx->sig = NULL;
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
ecdsa_restart_det_free( ctx->det );
mbedtls_free( ctx->det );
ctx->det = NULL;
#endif
} }
#endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECP_RESTARTABLE */