pk: function to calculate the signature size

Expose a function mbedtls_pk_signature_size to calculate the maximum size of a signature made with a given key. Document that this is the buffer size that mbedtls_pk_sign requires. Add a corresponding field signature_size_func to the mbedtls_pk_info structure.
2026-05-12 06:52:23 +02:00 · 2017-11-02 17:16:43 +01:00
parent bce41d373a
commit cd062d84d6
5 changed files with 50 additions and 1 deletions
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -359,12 +359,18 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
 * \param hash      Hash of the message to sign
 * \param hash_len  Hash length or 0 (see notes)
 * \param sig       Place to write the signature
- * \param sig_len   Number of bytes written
+ * \param sig_len   Number of bytes written to sig
 * \param f_rng     RNG function
 * \param p_rng     RNG parameter
 *
 * \return          0 on success, or a type-specific error code.
 *
+ * \note            The signature buffer \c sig must be of appropriate size
+ *                  which can be calculated with \c mbedtls_pk_signature_size.
+ *                  Depending on the algorithm, the value returned in
+ *                  \c sig_len may be less or equal to the value returned by
+ *                  \c mbedtls_pk_signature_size.
+ *
 * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
 *                  There is no interface in the PK module to make RSASSA-PSS
 *                  signatures yet.
@@ -380,6 +386,15 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
             unsigned char *sig, size_t *sig_len,
             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );

+/**
+ * \brief           Calculate the size of a signature made with this key.
+ *
+ * \param ctx       PK context to use
+ *
+ * \return          Maximum size in bytes of a signature made with this key.
+ */
+size_t mbedtls_pk_signature_size( const mbedtls_pk_context *ctx );
+
 /**
 * \brief           Decrypt message (including padding if relevant).
 *
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@@ -82,7 +82,10 @@ struct mbedtls_pk_info_t
    /** Interface with the debug module */
    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );

+    /** Signature size */
+    size_t (*signature_size_func)( const void *ctx );
 };
+
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /* Container for RSA-alt */
 typedef struct