mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 20:20:59 +00:00
pk: function to calculate the signature size
Expose a function mbedtls_pk_signature_size to calculate the maximum size of a signature made with a given key. Document that this is the buffer size that mbedtls_pk_sign requires. Add a corresponding field signature_size_func to the mbedtls_pk_info structure.
This commit is contained in:
parent
bce41d373a
commit
cd062d84d6
|
@ -359,12 +359,18 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
||||||
* \param hash Hash of the message to sign
|
* \param hash Hash of the message to sign
|
||||||
* \param hash_len Hash length or 0 (see notes)
|
* \param hash_len Hash length or 0 (see notes)
|
||||||
* \param sig Place to write the signature
|
* \param sig Place to write the signature
|
||||||
* \param sig_len Number of bytes written
|
* \param sig_len Number of bytes written to sig
|
||||||
* \param f_rng RNG function
|
* \param f_rng RNG function
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
*
|
*
|
||||||
* \return 0 on success, or a type-specific error code.
|
* \return 0 on success, or a type-specific error code.
|
||||||
*
|
*
|
||||||
|
* \note The signature buffer \c sig must be of appropriate size
|
||||||
|
* which can be calculated with \c mbedtls_pk_signature_size.
|
||||||
|
* Depending on the algorithm, the value returned in
|
||||||
|
* \c sig_len may be less or equal to the value returned by
|
||||||
|
* \c mbedtls_pk_signature_size.
|
||||||
|
*
|
||||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||||
* There is no interface in the PK module to make RSASSA-PSS
|
* There is no interface in the PK module to make RSASSA-PSS
|
||||||
* signatures yet.
|
* signatures yet.
|
||||||
|
@ -380,6 +386,15 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||||
unsigned char *sig, size_t *sig_len,
|
unsigned char *sig, size_t *sig_len,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Calculate the size of a signature made with this key.
|
||||||
|
*
|
||||||
|
* \param ctx PK context to use
|
||||||
|
*
|
||||||
|
* \return Maximum size in bytes of a signature made with this key.
|
||||||
|
*/
|
||||||
|
size_t mbedtls_pk_signature_size( const mbedtls_pk_context *ctx );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Decrypt message (including padding if relevant).
|
* \brief Decrypt message (including padding if relevant).
|
||||||
*
|
*
|
||||||
|
|
|
@ -82,7 +82,10 @@ struct mbedtls_pk_info_t
|
||||||
/** Interface with the debug module */
|
/** Interface with the debug module */
|
||||||
void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
|
void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
|
||||||
|
|
||||||
|
/** Signature size */
|
||||||
|
size_t (*signature_size_func)( const void *ctx );
|
||||||
};
|
};
|
||||||
|
|
||||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||||
/* Container for RSA-alt */
|
/* Container for RSA-alt */
|
||||||
typedef struct
|
typedef struct
|
||||||
|
|
14
library/pk.c
14
library/pk.c
|
@ -342,6 +342,20 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
|
||||||
return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
|
return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Maximum signature size
|
||||||
|
*/
|
||||||
|
size_t mbedtls_pk_signature_size( const mbedtls_pk_context *ctx )
|
||||||
|
{
|
||||||
|
if( ctx == NULL || ctx->pk_info == NULL )
|
||||||
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
if( ctx->pk_info->signature_size_func == NULL )
|
||||||
|
return( ( ctx->pk_info->get_bitlen( ctx->pk_ctx ) + 7 ) / 8 );
|
||||||
|
else
|
||||||
|
return( ctx->pk_info->signature_size_func( ctx->pk_ctx ) );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Export debug information
|
* Export debug information
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -195,6 +195,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = {
|
||||||
rsa_alloc_wrap,
|
rsa_alloc_wrap,
|
||||||
rsa_free_wrap,
|
rsa_free_wrap,
|
||||||
rsa_debug,
|
rsa_debug,
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
|
@ -262,6 +263,12 @@ static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static size_t ecdsa_signature_size( const void *ctx_arg )
|
||||||
|
{
|
||||||
|
const mbedtls_ecp_keypair *ctx = ctx_arg;
|
||||||
|
return( MBEDTLS_ECDSA_MAX_SIG_LEN( ctx->grp.pbits ) );
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_ECDSA_C */
|
#endif /* MBEDTLS_ECDSA_C */
|
||||||
|
|
||||||
static int eckey_check_pair( const void *pub, const void *prv )
|
static int eckey_check_pair( const void *pub, const void *prv )
|
||||||
|
@ -311,6 +318,11 @@ const mbedtls_pk_info_t mbedtls_eckey_info = {
|
||||||
eckey_alloc_wrap,
|
eckey_alloc_wrap,
|
||||||
eckey_free_wrap,
|
eckey_free_wrap,
|
||||||
eckey_debug,
|
eckey_debug,
|
||||||
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
ecdsa_signature_size,
|
||||||
|
#else
|
||||||
|
NULL,
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -336,6 +348,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
|
||||||
eckey_alloc_wrap, /* Same underlying key structure */
|
eckey_alloc_wrap, /* Same underlying key structure */
|
||||||
eckey_free_wrap, /* Same underlying key structure */
|
eckey_free_wrap, /* Same underlying key structure */
|
||||||
eckey_debug, /* Same underlying key structure */
|
eckey_debug, /* Same underlying key structure */
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
|
@ -400,6 +413,7 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = {
|
||||||
ecdsa_alloc_wrap,
|
ecdsa_alloc_wrap,
|
||||||
ecdsa_free_wrap,
|
ecdsa_free_wrap,
|
||||||
eckey_debug, /* Compatible key structures */
|
eckey_debug, /* Compatible key structures */
|
||||||
|
ecdsa_signature_size,
|
||||||
};
|
};
|
||||||
#endif /* MBEDTLS_ECDSA_C */
|
#endif /* MBEDTLS_ECDSA_C */
|
||||||
|
|
||||||
|
@ -519,6 +533,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
|
||||||
rsa_alt_alloc_wrap,
|
rsa_alt_alloc_wrap,
|
||||||
rsa_alt_free_wrap,
|
rsa_alt_free_wrap,
|
||||||
NULL,
|
NULL,
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
||||||
|
|
|
@ -270,6 +270,8 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
|
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
|
||||||
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
|
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
|
||||||
|
if( sign_ret == 0 )
|
||||||
|
TEST_ASSERT( sig_len <= mbedtls_pk_signature_size( &pk ) );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
||||||
hash, sizeof hash, sig, sig_len ) == verify_ret );
|
hash, sizeof hash, sig, sig_len ) == verify_ret );
|
||||||
|
|
Loading…
Reference in a new issue