cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-30 17:09:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use core API in ecp_mod_koblitz()

Browse Source 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei 2023-04-20 15:50:59 +02:00
parent 91a618375a
commit 8183c5dcc3
No known key found for this signature in database
GPG Key ID: FEE76C0CF8C6267D
1 changed files with 52 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
library/ecp_curves.c
View File

@ -25,6 +25,8 @@
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/platform.h"
#include "bn_mul.h" #include "bn_mul.h"
#include "bignum_core.h" #include "bignum_core.h"
#include "ecp_invasive.h" #include "ecp_invasive.h"
@ -5526,60 +5528,69 @@ cleanup:
*/ */
#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
size_t adjust, size_t shift, mbedtls_mpi_uint mask)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
if (N->n < p_limbs) { static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X,
return 0; size_t X_limbs,
mbedtls_mpi_uint *R,
size_t P_limbs,
size_t adjust,
size_t shift,
mbedtls_mpi_uint mask)
{
int ret = 0;
size_t R_limbs = P_KOBLITZ_R;
size_t M_limbs = X_limbs + R_limbs + adjust;
mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL);
if (M == NULL) {
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
} }
/* Init R */ size_t A1_limbs = X_limbs - (P_limbs - adjust);
R.s = 1; if (A1_limbs > P_limbs + adjust) {
R.p = Rp; A1_limbs = P_limbs + adjust;
R.n = P_KOBLITZ_R; }
mbedtls_mpi_uint *A1 = mbedtls_calloc(A1_limbs, ciL);
/* Common setup for M */ if (A1 == NULL) {
M.s = 1; ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
M.p = Mp; goto cleanup;
}
for (size_t pass = 0; pass < 2; pass++) { for (size_t pass = 0; pass < 2; pass++) {
/* M = A1 */ /* Copy A1 */
M.n = N->n - (p_limbs - adjust); memcpy(A1, X + P_limbs - adjust, A1_limbs * ciL);
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) { if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); mbedtls_mpi_core_shift_r(A1, A1_limbs, shift);
} }
M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */ /* X = A0 */
if (mask != 0) { if (mask != 0) {
N->p[p_limbs - 1] &= mask; X[P_limbs - 1] &= mask;
}
for (size_t i = p_limbs; i < N->n; i++) {
N->p[i] = 0;
} }
/* N = A0 + R * A1 */ /* Zeroize the A1 part of X to keep only the A0 part */
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); for (size_t i = P_limbs; i < X_limbs; i++) {
MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); X[i] = 0;
}
/* X = A0 + R * A1 */
mbedtls_mpi_core_mul(M, A1, A1_limbs, R, R_limbs);
mbedtls_mpi_core_add(X, X, M, A1_limbs + R_limbs);
} }
cleanup: cleanup:
mbedtls_free(M);
mbedtls_free(A1);
return ret; return ret;
} }
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
MBEDTLS_ECP_DP_SECP224K1_ENABLED) || MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
MBEDTLS_ECP_DP_SECP256K1_ENABLED) */ MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
/* /*
* Fast quasi-reduction modulo p192k1 = 2^192 - R, * Fast quasi-reduction modulo p192k1 = 2^192 - R,
* with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
@ -5597,9 +5608,10 @@ int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N)
0x00) 0x00)
}; };
return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, return ecp_mod_koblitz(N->p, N->n, Rp,
0); 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0);
} }
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
@ -5622,10 +5634,10 @@ int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N)
}; };
#if defined(MBEDTLS_HAVE_INT64) #if defined(MBEDTLS_HAVE_INT64)
return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF); return ecp_mod_koblitz(N->p, N->n, Rp, 4, 1, 32, 0xFFFFFFFF);
#else #else
return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, return ecp_mod_koblitz(N->p, N->n, Rp,
0); 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0);
#endif #endif
} }
@ -5649,8 +5661,8 @@ int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N)
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00) 0x00)
}; };
return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, return ecp_mod_koblitz(N->p, N->n, Rp,
0); 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0);
} }
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */