mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 15:32:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #6731 from tom-cosgrove-arm/issue-6293-mod_exp

Browse Source 
Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form
This commit is contained in:
Janos Follath 2022-12-07 08:31:49 +00:00 committed by GitHub
commit 1d26d976e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/bignum_core.c
View File

@ -610,9 +610,9 @@ static void exp_mod_precompute_window( const mbedtls_mpi_uint *A,
Wtable[0] = 1; Wtable[0] = 1;
mbedtls_mpi_core_montmul( Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp ); mbedtls_mpi_core_montmul( Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp );
/* W[1] = A * R^2 * R^-1 mod N = A * R mod N */ /* W[1] = A (already in Montgomery presentation) */
mbedtls_mpi_uint *W1 = Wtable + AN_limbs; mbedtls_mpi_uint *W1 = Wtable + AN_limbs;
mbedtls_mpi_core_montmul( W1, A, RR, AN_limbs, N, AN_limbs, mm, temp ); memcpy( W1, A, AN_limbs * ciL );
/* W[i+1] = W[i] * W[1], i >= 2 */ /* W[i+1] = W[i] * W[1], i >= 2 */
mbedtls_mpi_uint *Wprev = W1; mbedtls_mpi_uint *Wprev = W1;
@ -625,6 +625,8 @@ static void exp_mod_precompute_window( const mbedtls_mpi_uint *A,
} }
/* Exponentiation: X := A^E mod N. /* Exponentiation: X := A^E mod N.
*
* A must already be in Montgomery form.
* *
* As in other bignum functions, assume that AN_limbs and E_limbs are nonzero. * As in other bignum functions, assume that AN_limbs and E_limbs are nonzero.
* *
@ -730,10 +732,6 @@ int mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
} }
while( ! ( E_bit_index == 0 && E_limb_index == 0 ) ); while( ! ( E_bit_index == 0 && E_limb_index == 0 ) );
/* Convert X back to normal presentation */
const mbedtls_mpi_uint one = 1;
mbedtls_mpi_core_montmul( X, X, &one, 1, N, AN_limbs, mm, temp );
mbedtls_platform_zeroize( mempool, total_limbs * sizeof(mbedtls_mpi_uint) ); mbedtls_platform_zeroize( mempool, total_limbs * sizeof(mbedtls_mpi_uint) );
mbedtls_free( mempool ); mbedtls_free( mempool );
return( 0 ); return( 0 );

3
library/bignum_core.h
View File

@ -500,11 +500,12 @@ int mbedtls_mpi_core_fill_random( mbedtls_mpi_uint *X, size_t X_limbs,
/** /**
* \brief Perform a modular exponentiation with secret exponent: * \brief Perform a modular exponentiation with secret exponent:
* X = A^E mod N * X = A^E mod N, where \p A is already in Montgomery form.
* *
* \param[out] X The destination MPI, as a little endian array of length * \param[out] X The destination MPI, as a little endian array of length
* \p AN_limbs. * \p AN_limbs.
* \param[in] A The base MPI, as a little endian array of length \p AN_limbs. * \param[in] A The base MPI, as a little endian array of length \p AN_limbs.
* Must be in Montgomery form.
* \param[in] N The modulus, as a little endian array of length \p AN_limbs. * \param[in] N The modulus, as a little endian array of length \p AN_limbs.
* \param AN_limbs The number of limbs in \p X, \p A, \p N, \p RR. * \param AN_limbs The number of limbs in \p X, \p A, \p N, \p RR.
* \param[in] E The exponent, as a little endian array of length \p E_limbs. * \param[in] E The exponent, as a little endian array of length \p E_limbs.

6
scripts/mbedtls_dev/bignum_common.py
View File

@ -251,6 +251,12 @@ class ModOperationCommon(OperationCommon):
# provides earlier/more robust input validation. # provides earlier/more robust input validation.
self.int_n = hex_to_int(val_n) self.int_n = hex_to_int(val_n)
def to_montgomery(self, val: int) -> int:
return (val * self.r) % self.int_n
def from_montgomery(self, val: int) -> int:
return (val * self.r_inv) % self.int_n
@property @property
def boundary(self) -> int: def boundary(self) -> int:
return self.int_n return self.int_n

15
scripts/mbedtls_dev/bignum_core.py
View File

@ -759,12 +759,23 @@ class BignumCoreExpMod(BignumCoreTarget, bignum_common.ModOperationCommon):
"""Test cases for bignum core exponentiation.""" """Test cases for bignum core exponentiation."""
symbol = "^" symbol = "^"
test_function = "mpi_core_exp_mod" test_function = "mpi_core_exp_mod"
test_name = "Core modular exponentiation" test_name = "Core modular exponentiation (Mongtomery form only)"
input_style = "fixed" input_style = "fixed"
def arguments(self) -> List[str]:
# Input 'a' has to be given in Montgomery form
mont_a = self.to_montgomery(self.int_a)
arg_mont_a = self.format_arg('{:x}'.format(mont_a))
return [bignum_common.quote_str(n) for n in [self.arg_n,
arg_mont_a,
self.arg_b]
] + self.result()
def result(self) -> List[str]: def result(self) -> List[str]:
# Result has to be given in Montgomery form too
result = pow(self.int_a, self.int_b, self.int_n) result = pow(self.int_a, self.int_b, self.int_n)
return [self.format_result(result)] mont_result = self.to_montgomery(result)
return [self.format_result(mont_result)]
@property @property
def is_valid(self) -> bool: def is_valid(self) -> bool:

5
scripts/mbedtls_dev/bignum_mod_raw.py
View File

@ -92,10 +92,9 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon,
arity = 1 arity = 1
def result(self) -> List[str]: def result(self) -> List[str]:
result = (self.int_a * self.r) % self.int_n result = self.to_montgomery(self.int_a)
return [self.format_result(result)] return [self.format_result(result)]
class BignumModRawConvertFromMont(bignum_common.ModOperationCommon, class BignumModRawConvertFromMont(bignum_common.ModOperationCommon,
BignumModRawTarget): BignumModRawTarget):
""" Test cases for mpi_mod_raw_from_mont_rep(). """ """ Test cases for mpi_mod_raw_from_mont_rep(). """
@ -106,7 +105,7 @@ class BignumModRawConvertFromMont(bignum_common.ModOperationCommon,
arity = 1 arity = 1
def result(self) -> List[str]: def result(self) -> List[str]:
result = (self.int_a * self.r_inv) % self.int_n result = self.from_montgomery(self.int_a)
return [self.format_result(result)] return [self.format_result(result)]