Exp mod: Make sure RR has enough limbs

When generated by exp_mod, RR has enough limbs to be passed as a parameter to core functions. If it is received from the caller, it might be of any length. Signed-off-by: Janos Follath <janos.follath@arm.com>
2025-01-30 06:33:06 +00:00 · 2024-02-20 14:30:46 +00:00 · 2024-02-20 14:30:46 +00:00 · 0512d178e0
commit 0512d178e0
parent 518b5b60c6
3 changed files with 38 additions and 0 deletions
--- a/library/bignum.c
+++ b/library/bignum.c
@ -1639,6 +1639,7 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
            *prec_RR = RR;
        }
    } else {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_grow(prec_RR, N->n));
        RR = *prec_RR;
    }

--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@ -965,6 +965,37 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE */
+void mpi_exp_mod_min_RR(char *input_A, char *input_E,
+                         char *input_N, char *input_X,
+                         int exp_result)
+{
+    mbedtls_mpi A, E, N, RR, Z, X;
+    int res;
+    mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
+    mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X);
+
+    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
+    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
+    TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
+    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+
+    TEST_ASSERT(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N) == 0);
+    TEST_ASSERT(mbedtls_mpi_shrink(&RR, 0) == 0);
+
+    res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR);
+    TEST_ASSERT(res == exp_result);
+    if (res == 0) {
+        TEST_ASSERT(sign_is_valid(&Z));
+        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
+    }
+
+exit:
+    mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N);
+    mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X);
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mpi_exp_mod(char *input_A, char *input_E,
                 char *input_N, char *input_X,
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@ -1391,6 +1391,12 @@ Test mbedtls_mpi_exp_mod (Negative base) [#2]
 depends_on:MPI_MAX_BITS_LARGER_THAN_792
 mpi_exp_mod:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0

+Test mbedtls_mpi_exp_mod (N.n=3, RR.n=1 on 32 bit)
+mpi_exp_mod_min_RR:"10":"2":"10000000100000001":"100":0
+
+Test mbedtls_mpi_exp_mod (N.n=3, RR.n=1 on 64 bit)
+mpi_exp_mod_min_RR:"10":"2":"100000000000000010000000000000001":"100":0
+
 Base test GCD #1
 mpi_gcd:"2b5":"261":"15"