From bbe9db4b291a8cbfed4915f449e4dcdbcd8f8563 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 10:37:21 +0100 Subject: [PATCH 01/14] binum_mod: Added `mbedtls_mpi_mod_optred_modulus_setup()`. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 13 +++++++++++++ library/bignum_mod.h | 17 +++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index acf45e9d92..9b0f6ec0e0 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -171,6 +171,19 @@ exit: return ret; } +int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_opt_red_struct *ored) +{ + N->p = p; + N->limbs = p_limbs; + N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); + N->int_rep = MBEDTLS_MPI_MOD_REP_OPT_RED; + N->rep.ored =ored ; + return 0; +} + int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X, const mbedtls_mpi_mod_residue *A, const mbedtls_mpi_mod_residue *B, diff --git a/library/bignum_mod.h b/library/bignum_mod.h index db177edfde..6c283b3824 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -208,6 +208,23 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, size_t p_limbs, mbedtls_mpi_mod_rep_selector int_rep); +/** Setup an optimised-reduction compatible modulus structure. + * + * \param[out] N The address of the modulus structure to populate. + * \param[in] p The address of the limb array storing the value of \p N. + * The memory pointed to by \p p will be used by \p N and must + * not be modified in any way until after + * mbedtls_mpi_mod_modulus_free() is called. + * \param p_limbs The number of limbs of \p p. + * \param ored The optimized reduction structure to use. \p p. + * + * \return \c 0 if successful. + */ +int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_opt_red_struct *ored); + /** Free elements of a modulus structure. * * This function frees any memory allocated by mbedtls_mpi_mod_modulus_setup(). From 67ebaaf8a0f121d78a85668e98f714d0a3b94242 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 14:26:26 +0100 Subject: [PATCH 02/14] test_suite_bignum: Removed `test_read_modulus()`. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_bignum_mod.function | 35 +++++++-------------- 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 233d3a982b..98ba4b491f 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -10,21 +10,6 @@ ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ (b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) -static int test_read_modulus(mbedtls_mpi_mod_modulus *m, - mbedtls_mpi_mod_rep_selector int_rep, - char *input) -{ - mbedtls_mpi_uint *p = NULL; - size_t limbs; - - int ret = mbedtls_test_read_mpi_core(&p, &limbs, input); - if (ret != 0) { - return ret; - } - - return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep); -} - static int test_read_residue(mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, char *input, @@ -112,8 +97,8 @@ void mpi_mod_mul(char *input_A, mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_modulus_init(&m); - TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), - 0); + TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0); @@ -200,8 +185,8 @@ void mpi_mod_mul_neg(char *input_A, mbedtls_mpi_mod_modulus fake_m; mbedtls_mpi_mod_modulus_init(&fake_m); - TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), - 0); + TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0); @@ -247,7 +232,8 @@ void mpi_mod_sub(char *input_N, mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(0, - test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); + mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -348,7 +334,8 @@ void mpi_mod_inv_mont(char *input_N, mbedtls_mpi_mod_modulus_init(&N); TEST_EQUAL(0, - test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); + mbedtls_test_read_mpi_modulus(&N, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -397,7 +384,8 @@ void mpi_mod_inv_non_mont(char *input_N, mbedtls_mpi_mod_modulus_init(&N); TEST_EQUAL(0, - test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N)); + mbedtls_test_read_mpi_modulus(&N, input_N, + MBEDTLS_MPI_MOD_REP_OPT_RED)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -447,7 +435,8 @@ void mpi_mod_add(char *input_N, mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(0, - test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); + mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this From 88e16dfa2a55ad57cf3db7348bc139f87ab197ec Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 14:11:43 +0100 Subject: [PATCH 03/14] bignum_mod: Refactored `mbedtls_mpi_mod_modulus_setup()` This patch removes the `int_rep` input parameter for modular setup, aiming to align it with the optred variant. Test and test-suite helper functions have been updated accordingly. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 27 +++------------- library/bignum_mod.h | 6 +--- library/ecp_curves.c | 3 +- tests/src/bignum_helpers.c | 13 +++++++- tests/suites/test_suite_bignum_mod.function | 23 +++++++++----- .../suites/test_suite_bignum_mod_raw.function | 31 ++++++------------- tests/suites/test_suite_ecp.function | 3 +- 7 files changed, 46 insertions(+), 60 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 9b0f6ec0e0..ba661e2a0d 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -138,31 +138,15 @@ cleanup: int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, - size_t p_limbs, - mbedtls_mpi_mod_rep_selector int_rep) + size_t p_limbs) { int ret = 0; - N->p = p; N->limbs = p_limbs; N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); - - switch (int_rep) { - case MBEDTLS_MPI_MOD_REP_MONTGOMERY: - N->int_rep = int_rep; - N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); - ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); - break; - case MBEDTLS_MPI_MOD_REP_OPT_RED: - N->int_rep = int_rep; - N->rep.ored = NULL; - break; - default: - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto exit; - } - -exit: + N->int_rep = MBEDTLS_MPI_MOD_REP_MONTGOMERY; + N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); + ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); if (ret != 0) { mbedtls_mpi_mod_modulus_free(N); @@ -248,8 +232,7 @@ static int mbedtls_mpi_mod_inv_non_mont(mbedtls_mpi_mod_residue *X, mbedtls_mpi_mod_modulus Nmont; mbedtls_mpi_mod_modulus_init(&Nmont); - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs)); /* We'll use X->p to hold the Montgomery form of the input A->p */ mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs, diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 6c283b3824..ccf86c0278 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -197,16 +197,12 @@ void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N); * not be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. * \param p_limbs The number of limbs of \p p. - * \param int_rep The internal representation to be used for residues - * associated with \p N (see #mbedtls_mpi_mod_rep_selector). * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid. */ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, - size_t p_limbs, - mbedtls_mpi_mod_rep_selector int_rep); + size_t p_limbs); /** Setup an optimised-reduction compatible modulus structure. * diff --git a/library/ecp_curves.c b/library/ecp_curves.c index af649a2c87..69091c3aa1 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -6003,8 +6003,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { + if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index 4dd37915e2..efb2eca1c3 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -99,7 +99,18 @@ int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, if (ret != 0) { return ret; } - ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep); + + switch (int_rep) { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs); + break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL); + break; + default: + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + break; + } if (ret != 0) { mbedtls_free(p); } diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 98ba4b491f..a515633bbb 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -50,7 +50,19 @@ void mpi_mod_setup(int int_rep, int iret) memset(mp, 0xFF, sizeof(mp)); mbedtls_mpi_mod_modulus_init(&m); - ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep); + + switch (int_rep) { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS); + break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + ret = mbedtls_mpi_mod_optred_modulus_setup(&m, mp, MLIMBS, NULL); + break; + default: + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + break; + } + TEST_EQUAL(ret, iret); /* Only test if the constants have been set-up */ @@ -539,8 +551,7 @@ void mpi_residue_setup(char *input_N, char *input_R, int ret) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R)); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs)); @@ -581,8 +592,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret) mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian)); /* Set up modulus and test with residue->p == NULL */ - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian)); @@ -655,8 +665,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) TEST_LE_U(a_bytes, n_bytes); /* Init Structures */ - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* Enforcing p_limbs >= m->limbs */ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs)); diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index bd5eea78a5..b67ac51df1 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -54,8 +54,7 @@ void mpi_mod_raw_io(data_t *input, int nb_int, int nx_32_int, mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])]; memset(init, 0xFF, sizeof(init)); - int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx, - MBEDTLS_MPI_MOD_REP_MONTGOMERY); + int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx); TEST_EQUAL(ret, 0); if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) { @@ -137,8 +136,7 @@ void mpi_mod_raw_cond_assign(char *input_X, ASSERT_ALLOC(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, buff_m, copy_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, buff_m, copy_limbs), 0); /* condition is false */ TEST_CF_SECRET(X, bytes); @@ -208,8 +206,7 @@ void mpi_mod_raw_cond_swap(char *input_X, ASSERT_ALLOC(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, buff_m, copy_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, buff_m, copy_limbs), 0); ASSERT_ALLOC(X, limbs); memcpy(X, tmp_X, bytes); @@ -297,8 +294,7 @@ void mpi_mod_raw_sub(char *input_A, ASSERT_ALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, N, limbs), 0); mbedtls_mpi_mod_raw_sub(X, A, B, &m); ASSERT_COMPARE(X, bytes, res, bytes); @@ -368,8 +364,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N, TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs)); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, N, limbs), 0); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); ASSERT_COMPARE(X, bytes, res, bytes); @@ -419,8 +414,7 @@ void mpi_mod_raw_mul(char *input_A, ASSERT_ALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, N, limbs), 0); const size_t limbs_T = limbs * 2 + 1; ASSERT_ALLOC(T, limbs_T); @@ -580,9 +574,7 @@ void mpi_mod_raw_add(char *input_N, ASSERT_ALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY - ), 0); + &m, N, limbs), 0); /* A + B => Correct result */ mbedtls_mpi_mod_raw_add(X, A, B, &m); @@ -720,8 +712,7 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X) size_t limbs = n_limbs; size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* 1. Test low-level function first */ @@ -785,8 +776,7 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X) size_t limbs = n_limbs; size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* 1. Test low-level function first */ @@ -847,8 +837,7 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X) ASSERT_ALLOC(R, n_limbs); ASSERT_ALLOC(Z, n_limbs); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* Neg( A == 0 ) => Zero result */ mbedtls_mpi_mod_raw_neg(R, Z, &m); diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 9ef35d8a0f..cf316d0660 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1373,8 +1373,7 @@ void ecp_mod_p_generic_raw(int curve_id, TEST_EQUAL(limbs_res, limbs_N); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs_N, - MBEDTLS_MPI_MOD_REP_OPT_RED), 0); + &m, N, limbs_N), 0); TEST_EQUAL((*curve_func)(X, limbs_X), 0); From f055ad61dcb7b5f88064eb6bdaa647da6194f6e3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 15:44:46 +0100 Subject: [PATCH 04/14] bignum_mod: Added static `standard_modulus_setup()`. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index ba661e2a0d..ccc5c3bd78 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -136,15 +136,23 @@ cleanup: return ret; } +static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_mod_rep_selector int_rep) +{ + N->p = p; + N->limbs = p_limbs; + N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); + N->int_rep = int_rep; +} + int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs) { int ret = 0; - N->p = p; - N->limbs = p_limbs; - N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); - N->int_rep = MBEDTLS_MPI_MOD_REP_MONTGOMERY; + standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY); N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); @@ -160,10 +168,7 @@ int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, size_t p_limbs, mbedtls_mpi_opt_red_struct *ored) { - N->p = p; - N->limbs = p_limbs; - N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); - N->int_rep = MBEDTLS_MPI_MOD_REP_OPT_RED; + standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); N->rep.ored =ored ; return 0; } From 0f718c9ed003cfb1bf5ec5452f61aec99f9fad11 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 19 May 2023 14:22:06 +0100 Subject: [PATCH 05/14] bignum_mod: Fixed code-style Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 8 ++++---- tests/suites/test_suite_bignum_mod.function | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index ccc5c3bd78..70bb584b00 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -137,9 +137,9 @@ cleanup: } static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N, - const mbedtls_mpi_uint *p, - size_t p_limbs, - mbedtls_mpi_mod_rep_selector int_rep) + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_mod_rep_selector int_rep) { N->p = p; N->limbs = p_limbs; @@ -169,7 +169,7 @@ int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, mbedtls_mpi_opt_red_struct *ored) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); - N->rep.ored =ored ; + N->rep.ored = ored; return 0; } diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index a515633bbb..4edc0b90eb 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -110,7 +110,7 @@ void mpi_mod_mul(char *input_A, mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0); @@ -198,7 +198,7 @@ void mpi_mod_mul_neg(char *input_A, mbedtls_mpi_mod_modulus_init(&fake_m); TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0); @@ -245,7 +245,7 @@ void mpi_mod_sub(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -347,7 +347,7 @@ void mpi_mod_inv_mont(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&N, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -397,7 +397,7 @@ void mpi_mod_inv_non_mont(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&N, input_N, - MBEDTLS_MPI_MOD_REP_OPT_RED)); + MBEDTLS_MPI_MOD_REP_OPT_RED)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -448,7 +448,7 @@ void mpi_mod_add(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this From c6e68ed85d1e064d1cbcbc61bf95114c3fd2393c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:43:55 +0100 Subject: [PATCH 06/14] bignum_mod: Added `mbedtls_mpi_opt_red_struct` structure. Signed-off-by: Minos Galanakis --- library/bignum_mod.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index ccf86c0278..a3512eb17c 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -123,7 +123,9 @@ typedef struct { mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */ } mbedtls_mpi_mont_struct; -typedef void *mbedtls_mpi_opt_red_struct; +typedef struct { + int (*modp)(mbedtls_mpi *); /* The optimised reduction function pointer */ +} mbedtls_mpi_opt_red_struct; typedef struct { const mbedtls_mpi_uint *p; From be1bf15f761f2f5e55d08737b202fcc80f972c7c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:47:55 +0100 Subject: [PATCH 07/14] bignum_mod: Updated `optred_modulus_setup` to use function input. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 6 +++--- library/bignum_mod.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 70bb584b00..54d38bd681 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -88,7 +88,7 @@ void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N) N->rep.mont.mm = 0; break; case MBEDTLS_MPI_MOD_REP_OPT_RED: - mbedtls_free(N->rep.ored); + N->rep.ored.modp = NULL; break; case MBEDTLS_MPI_MOD_REP_INVALID: break; @@ -166,10 +166,10 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - mbedtls_mpi_opt_red_struct *ored) + int (*modp)(mbedtls_mpi *)) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); - N->rep.ored = ored; + N->rep.ored.modp = modp; return 0; } diff --git a/library/bignum_mod.h b/library/bignum_mod.h index a3512eb17c..c4b763f32a 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -214,14 +214,14 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, * not be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. * \param p_limbs The number of limbs of \p p. - * \param ored The optimized reduction structure to use. \p p. + * \param modp A pointer to the optimised reduction function to use. \p p. * * \return \c 0 if successful. */ int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - mbedtls_mpi_opt_red_struct *ored); + int (*modp)(mbedtls_mpi *)); /** Free elements of a modulus structure. * From 1d3e3329866a314a9916cafc03e42010cde91153 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:53:30 +0100 Subject: [PATCH 08/14] ecp_curves: Updated input argument for `mbedtls_ecp_modulus_setup`. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 32 ++++++++++++++++---------------- library/ecp_invasive.h | 4 ++-- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 69091c3aa1..5ca0bcb2bb 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5831,20 +5831,20 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, - const mbedtls_ecp_curve_type ctype) + const mbedtls_ecp_modulus_type ctype) { mbedtls_mpi_uint *p = NULL; size_t p_limbs; - if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \ - ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) { + if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \ + ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } switch (id) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp192r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); } else { @@ -5856,7 +5856,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp224r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); } else { @@ -5868,7 +5868,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); } else { @@ -5880,7 +5880,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); } else { @@ -5892,7 +5892,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp521r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); } else { @@ -5904,7 +5904,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) case MBEDTLS_ECP_DP_BP256R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); } else { @@ -5916,7 +5916,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) case MBEDTLS_ECP_DP_BP384R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); } else { @@ -5928,7 +5928,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) case MBEDTLS_ECP_DP_BP512R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP512r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); } else { @@ -5940,7 +5940,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) curve25519_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); } else { @@ -5952,7 +5952,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5964,7 +5964,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5976,7 +5976,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { @@ -5988,7 +5988,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) curve448_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); } else { diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 1dc556781b..94867b90e0 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -306,7 +306,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs); * \param[in,out] N The address of the modulus structure to populate. * Must be initialized. * \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus. - * \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P) + * \param[in] ctype The mbedtls_ecp_modulus_type identifier for a coordinate modulus (P) * or a scalar modulus (N). * * \return \c 0 if successful. @@ -317,7 +317,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs); MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, - const mbedtls_ecp_curve_type ctype); + const mbedtls_ecp_modulus_type ctype); #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ From 65210952ec615eddfa47be943a3c361a818c920e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 15:01:03 +0100 Subject: [PATCH 09/14] ecp_curves: Updated `mbedtls_ecp_modulus_setup` to use optimised reduction. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 5ca0bcb2bb..5692772025 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5833,6 +5833,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, const mbedtls_ecp_modulus_type ctype) { + int (*modp)(mbedtls_mpi *) = NULL; mbedtls_mpi_uint *p = NULL; size_t p_limbs; @@ -5845,6 +5846,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p192; +#endif p = (mbedtls_mpi_uint *) secp192r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); } else { @@ -5857,6 +5861,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p224; +#endif p = (mbedtls_mpi_uint *) secp224r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); } else { @@ -5869,6 +5876,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p256; +#endif p = (mbedtls_mpi_uint *) secp256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); } else { @@ -5881,6 +5891,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p384; +#endif p = (mbedtls_mpi_uint *) secp384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); } else { @@ -5893,6 +5906,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p521; +#endif p = (mbedtls_mpi_uint *) secp521r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); } else { @@ -5941,6 +5957,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p255; p = (mbedtls_mpi_uint *) curve25519_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); } else { @@ -5953,6 +5970,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p192; p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5965,6 +5983,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p224; p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5977,6 +5996,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p256; p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { @@ -5989,6 +6009,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p448; p = (mbedtls_mpi_uint *) curve448_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); } else { @@ -6003,8 +6024,14 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (modp != NULL) { + if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + } else { + if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } } return 0; } From effff764e131e407808d9a975f86fd4aa9039a7a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 15:11:41 +0100 Subject: [PATCH 10/14] test_suite_ecp: Updated `ecp_mod_p_generic_raw` for optimised reduction. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.function | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index cf316d0660..1df0624f63 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1406,16 +1406,18 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret) TEST_EQUAL(ret, iret); if (ret == 0) { - + TEST_ASSERT(m.int_rep != MBEDTLS_MPI_MOD_REP_INVALID); /* Test for limb sizes */ TEST_EQUAL(m.limbs, p_limbs); bytes = p_limbs * sizeof(mbedtls_mpi_uint); - /* Test for validity of moduli by the presence of Montgomery consts */ - - TEST_ASSERT(m.rep.mont.mm != 0); - TEST_ASSERT(m.rep.mont.rr != NULL); - + if (m.int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) { + /* Test for validity of moduli by the presence of Montgomery consts */ + TEST_ASSERT(m.rep.mont.mm != 0); + TEST_ASSERT(m.rep.mont.rr != NULL); + } else { + TEST_ASSERT(m.rep.ored.modp != NULL); + } /* Compare output byte-by-byte */ ASSERT_COMPARE(p, bytes, m.p, bytes); From 450abfd922b9b7235193eaf56cb0405556fbed05 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:23:55 +0100 Subject: [PATCH 11/14] test_suite_ecp: Added `MBEDTLS_ECP_NIST_OPTIM` define guards. This patch updates `ecp_mod_p_generic_raw` and corresponding curve test methods, that depend on the NIST optimisation parameter to not run when it is not included. The following curves are affected: * SECP192R1 * SECP224R1 * SECP256R1 * SECP384R1 * SECP521R1 Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/ecp.py | 15 ++++++++++----- tests/suites/test_suite_ecp.function | 10 +++++----- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index e5dd4d9bd8..8a3ab281f0 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -34,7 +34,8 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p192_raw" input_style = "fixed" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str] @@ -110,7 +111,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p224_raw" input_style = "arch_split" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str] @@ -187,7 +189,8 @@ class EcpP256R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p256_raw" input_style = "fixed" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str] @@ -270,7 +273,8 @@ class EcpP384R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p384_raw" input_style = "fixed" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff" "fffffffffffffffeffffffff0000000000000000ffffffff") @@ -392,7 +396,8 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p521_raw" input_style = "arch_split" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 1df0624f63..55ded45b4e 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1294,35 +1294,35 @@ void ecp_mod_p_generic_raw(int curve_id, bytes = limbs_N * sizeof(mbedtls_mpi_uint); switch (curve_id) { -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP192R1: limbs = 2 * limbs_N; curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP224R1: limbs = 448 / biL; curve_bits = 224; curve_func = &mbedtls_ecp_mod_p224_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP256R1: limbs = 2 * limbs_N; curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP384R1: limbs = 2 * limbs_N; curve_bits = 384; curve_func = &mbedtls_ecp_mod_p384_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP521R1: limbs = 2 * limbs_N; curve_bits = 522; From 5c238d80cd0d13e1ef1a0866c2b35e0f7c764472 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 15:37:53 +0100 Subject: [PATCH 12/14] bignum_mod: Updated documentation. Signed-off-by: Minos Galanakis --- library/bignum_mod.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index c4b763f32a..60966cc88e 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -98,10 +98,11 @@ typedef enum { /* Skip 1 as it is slightly easier to accidentally pass to functions. */ /** Montgomery representation. */ MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2, - /** TODO: document this. - * - * Residues are in canonical representation. - */ + /* Optimised reduction available. This indicates a coordinate modulus (P) + * and one of the following available: + * - MBEDTLS_ECP_NIST_OPTIM + * - Kobliz Curve. + * - Fast Reduction Curve CURVE25519 or CURVE448. */ MBEDTLS_MPI_MOD_REP_OPT_RED, } mbedtls_mpi_mod_rep_selector; From de87461c23080763155b98b12c9567b2d2ae8b2e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 13 Jun 2023 16:59:26 +0100 Subject: [PATCH 13/14] ecp_curves: Updated the optimised reduction function pointer. This patch modifies the `mbedtls_mpi_opt_red_struct` to use an mpi_uint * pointer and size_t limps arguments. The methods interacting with this pointer have been updated accordingly: - mbedtls_mpi_mod_optred_modulus_setup - mbedtls_ecp_modulus_setup Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 3 ++- library/bignum_mod.h | 6 ++++-- library/ecp_curves.c | 22 +++++++++++----------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 54d38bd681..60a3c306f9 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -166,7 +166,8 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi *)) + int (*modp)(mbedtls_mpi_uint *X, + size_t X_limbs)) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); N->rep.ored.modp = modp; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 60966cc88e..87ee015693 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -125,7 +125,8 @@ typedef struct { } mbedtls_mpi_mont_struct; typedef struct { - int (*modp)(mbedtls_mpi *); /* The optimised reduction function pointer */ + int (*modp)(mbedtls_mpi_uint *X, + size_t X_limbs); /* The optimised reduction function pointer */ } mbedtls_mpi_opt_red_struct; typedef struct { @@ -222,7 +223,8 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi *)); + int (*modp)(mbedtls_mpi_uint *X, + size_t X_limbs)); /** Free elements of a modulus structure. * diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 5692772025..cb941966b2 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5833,7 +5833,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, const mbedtls_ecp_modulus_type ctype) { - int (*modp)(mbedtls_mpi *) = NULL; + int (*modp)(mbedtls_mpi_uint *X, size_t X_limbs) = NULL; mbedtls_mpi_uint *p = NULL; size_t p_limbs; @@ -5847,7 +5847,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP192R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p192; + modp = &mbedtls_ecp_mod_p192_raw; #endif p = (mbedtls_mpi_uint *) secp192r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); @@ -5862,7 +5862,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP224R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p224; + modp = &mbedtls_ecp_mod_p224_raw; #endif p = (mbedtls_mpi_uint *) secp224r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); @@ -5877,7 +5877,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP256R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p256; + modp = &mbedtls_ecp_mod_p256_raw; #endif p = (mbedtls_mpi_uint *) secp256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); @@ -5892,7 +5892,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP384R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p384; + modp = &mbedtls_ecp_mod_p384_raw; #endif p = (mbedtls_mpi_uint *) secp384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); @@ -5907,7 +5907,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP521R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p521; + modp = &mbedtls_ecp_mod_p521_raw; #endif p = (mbedtls_mpi_uint *) secp521r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); @@ -5957,7 +5957,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p255; + modp = &mbedtls_ecp_mod_p255_raw; p = (mbedtls_mpi_uint *) curve25519_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); } else { @@ -5970,7 +5970,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p192; + modp = &mbedtls_ecp_mod_p192_raw; p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5983,7 +5983,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p224; + modp = &mbedtls_ecp_mod_p224_raw; p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5996,7 +5996,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p256; + modp = &mbedtls_ecp_mod_p256_raw; p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { @@ -6009,7 +6009,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p448; + modp = &mbedtls_ecp_mod_p448_raw; p = (mbedtls_mpi_uint *) curve448_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); } else { From 2a03fd3b7b56f738ad426b1570c28b6ba25b6d05 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 21 Jun 2023 15:23:29 +0100 Subject: [PATCH 14/14] bignum_mod: Added a typedef for OPT_RED function pointer. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 3 +-- library/bignum_mod.h | 16 ++++++++-------- library/ecp_curves.c | 2 +- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 60a3c306f9..84f3896d46 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -166,8 +166,7 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi_uint *X, - size_t X_limbs)) + mbedtls_mpi_modp_fn modp) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); N->rep.ored.modp = modp; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 87ee015693..39e8fd218b 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -99,10 +99,10 @@ typedef enum { /** Montgomery representation. */ MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2, /* Optimised reduction available. This indicates a coordinate modulus (P) - * and one of the following available: - * - MBEDTLS_ECP_NIST_OPTIM - * - Kobliz Curve. - * - Fast Reduction Curve CURVE25519 or CURVE448. */ + * and one or more of the following have been configured: + * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM. + * - A Kobliz Curve. + * - A Fast Reduction Curve CURVE25519 or CURVE448. */ MBEDTLS_MPI_MOD_REP_OPT_RED, } mbedtls_mpi_mod_rep_selector; @@ -124,9 +124,10 @@ typedef struct { mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */ } mbedtls_mpi_mont_struct; +typedef int (*mbedtls_mpi_modp_fn)(mbedtls_mpi_uint *X, size_t X_limbs); + typedef struct { - int (*modp)(mbedtls_mpi_uint *X, - size_t X_limbs); /* The optimised reduction function pointer */ + mbedtls_mpi_modp_fn modp; /* The optimised reduction function pointer */ } mbedtls_mpi_opt_red_struct; typedef struct { @@ -223,8 +224,7 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi_uint *X, - size_t X_limbs)); + mbedtls_mpi_modp_fn modp); /** Free elements of a modulus structure. * diff --git a/library/ecp_curves.c b/library/ecp_curves.c index cb941966b2..e161fd4e85 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5833,7 +5833,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, const mbedtls_ecp_modulus_type ctype) { - int (*modp)(mbedtls_mpi_uint *X, size_t X_limbs) = NULL; + mbedtls_mpi_modp_fn modp = NULL; mbedtls_mpi_uint *p = NULL; size_t p_limbs;