mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-06 01:21:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #7725 from minosgalanakis/ecp/7268_add_optimised_reduction_setup_3

Browse Source 
[Bignum] Add optimised reduction setup
This commit is contained in:
Paul Elliott 2023-06-22 16:30:39 +01:00 committed by GitHub
commit 3048c8c906
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 175 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
library/bignum_mod.c
View File

@ -88,7 +88,7 @@ void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N)
N->rep.mont.mm = 0; N->rep.mont.mm = 0;
break; break;
case MBEDTLS_MPI_MOD_REP_OPT_RED: case MBEDTLS_MPI_MOD_REP_OPT_RED:
mbedtls_free(N->rep.ored); N->rep.ored.modp = NULL;
break; break;
case MBEDTLS_MPI_MOD_REP_INVALID: case MBEDTLS_MPI_MOD_REP_INVALID:
break; break;
@ -136,33 +136,25 @@ cleanup:
return ret; return ret;
} }
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p, const mbedtls_mpi_uint *p,
size_t p_limbs, size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep) mbedtls_mpi_mod_rep_selector int_rep)
{ {
int ret = 0;
N->p = p; N->p = p;
N->limbs = p_limbs; N->limbs = p_limbs;
N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); N->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
N->int_rep = int_rep;
}
switch (int_rep) { int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
case MBEDTLS_MPI_MOD_REP_MONTGOMERY: const mbedtls_mpi_uint *p,
N->int_rep = int_rep; size_t p_limbs)
N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); {
ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); int ret = 0;
break; standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY);
case MBEDTLS_MPI_MOD_REP_OPT_RED: N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
N->int_rep = int_rep; ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
N->rep.ored = NULL;
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto exit;
}
exit:
if (ret != 0) { if (ret != 0) {
mbedtls_mpi_mod_modulus_free(N); mbedtls_mpi_mod_modulus_free(N);
@ -171,6 +163,16 @@ exit:
return ret; return ret;
} }
int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_modp_fn modp)
{
standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED);
N->rep.ored.modp = modp;
return 0;
}
int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X, int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X,
const mbedtls_mpi_mod_residue *A, const mbedtls_mpi_mod_residue *A,
const mbedtls_mpi_mod_residue *B, const mbedtls_mpi_mod_residue *B,
@ -235,8 +237,7 @@ static int mbedtls_mpi_mod_inv_non_mont(mbedtls_mpi_mod_residue *X,
mbedtls_mpi_mod_modulus Nmont; mbedtls_mpi_mod_modulus Nmont;
mbedtls_mpi_mod_modulus_init(&Nmont); mbedtls_mpi_mod_modulus_init(&Nmont);
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs, MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* We'll use X->p to hold the Montgomery form of the input A->p */ /* We'll use X->p to hold the Montgomery form of the input A->p */
mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs, mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs,

38
library/bignum_mod.h
View File

@ -98,10 +98,11 @@ typedef enum {
/* Skip 1 as it is slightly easier to accidentally pass to functions. */ /* Skip 1 as it is slightly easier to accidentally pass to functions. */
/** Montgomery representation. */ /** Montgomery representation. */
MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2, MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2,
/** TODO: document this. /* Optimised reduction available. This indicates a coordinate modulus (P)
* * and one or more of the following have been configured:
* Residues are in canonical representation. * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM.
*/ * - A Kobliz Curve.
* - A Fast Reduction Curve CURVE25519 or CURVE448. */
MBEDTLS_MPI_MOD_REP_OPT_RED, MBEDTLS_MPI_MOD_REP_OPT_RED,
} mbedtls_mpi_mod_rep_selector; } mbedtls_mpi_mod_rep_selector;
@ -123,7 +124,11 @@ typedef struct {
mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */ mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
} mbedtls_mpi_mont_struct; } mbedtls_mpi_mont_struct;
typedef void *mbedtls_mpi_opt_red_struct; typedef int (*mbedtls_mpi_modp_fn)(mbedtls_mpi_uint *X, size_t X_limbs);
typedef struct {
mbedtls_mpi_modp_fn modp; /* The optimised reduction function pointer */
} mbedtls_mpi_opt_red_struct;
typedef struct { typedef struct {
const mbedtls_mpi_uint *p; const mbedtls_mpi_uint *p;
@ -197,16 +202,29 @@ void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N);
* not be modified in any way until after * not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called. * mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p. * \param p_limbs The number of limbs of \p p.
* \param int_rep The internal representation to be used for residues
* associated with \p N (see #mbedtls_mpi_mod_rep_selector).
* *
* \return \c 0 if successful. * \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid.
*/ */
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p, const mbedtls_mpi_uint *p,
size_t p_limbs, size_t p_limbs);
mbedtls_mpi_mod_rep_selector int_rep);
/** Setup an optimised-reduction compatible modulus structure.
*
* \param[out] N The address of the modulus structure to populate.
* \param[in] p The address of the limb array storing the value of \p N.
* The memory pointed to by \p p will be used by \p N and must
* not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p.
* \param modp A pointer to the optimised reduction function to use. \p p.
*
* \return \c 0 if successful.
*/
int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_modp_fn modp);
/** Free elements of a modulus structure. /** Free elements of a modulus structure.
* *

64
library/ecp_curves.c
View File

@ -5831,20 +5831,24 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id, const mbedtls_ecp_group_id id,
const mbedtls_ecp_curve_type ctype) const mbedtls_ecp_modulus_type ctype)
{ {
mbedtls_mpi_modp_fn modp = NULL;
mbedtls_mpi_uint *p = NULL; mbedtls_mpi_uint *p = NULL;
size_t p_limbs; size_t p_limbs;
if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \ if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \
ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) { ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
switch (id) { switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1: case MBEDTLS_ECP_DP_SECP192R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p192_raw;
#endif
p = (mbedtls_mpi_uint *) secp192r1_p; p = (mbedtls_mpi_uint *) secp192r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p));
} else { } else {
@ -5856,7 +5860,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1: case MBEDTLS_ECP_DP_SECP224R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p224_raw;
#endif
p = (mbedtls_mpi_uint *) secp224r1_p; p = (mbedtls_mpi_uint *) secp224r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p));
} else { } else {
@ -5868,7 +5875,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1: case MBEDTLS_ECP_DP_SECP256R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p256_raw;
#endif
p = (mbedtls_mpi_uint *) secp256r1_p; p = (mbedtls_mpi_uint *) secp256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p));
} else { } else {
@ -5880,7 +5890,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1: case MBEDTLS_ECP_DP_SECP384R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p384_raw;
#endif
p = (mbedtls_mpi_uint *) secp384r1_p; p = (mbedtls_mpi_uint *) secp384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p));
} else { } else {
@ -5892,7 +5905,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1: case MBEDTLS_ECP_DP_SECP521R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p521_raw;
#endif
p = (mbedtls_mpi_uint *) secp521r1_p; p = (mbedtls_mpi_uint *) secp521r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p));
} else { } else {
@ -5904,7 +5920,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1: case MBEDTLS_ECP_DP_BP256R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP256r1_p; p = (mbedtls_mpi_uint *) brainpoolP256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p));
} else { } else {
@ -5916,7 +5932,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1: case MBEDTLS_ECP_DP_BP384R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP384r1_p; p = (mbedtls_mpi_uint *) brainpoolP384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p));
} else { } else {
@ -5928,7 +5944,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1: case MBEDTLS_ECP_DP_BP512R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP512r1_p; p = (mbedtls_mpi_uint *) brainpoolP512r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p));
} else { } else {
@ -5940,7 +5956,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519: case MBEDTLS_ECP_DP_CURVE25519:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p255_raw;
p = (mbedtls_mpi_uint *) curve25519_p; p = (mbedtls_mpi_uint *) curve25519_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p));
} else { } else {
@ -5952,7 +5969,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1: case MBEDTLS_ECP_DP_SECP192K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p192_raw;
p = (mbedtls_mpi_uint *) secp192k1_p; p = (mbedtls_mpi_uint *) secp192k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p));
} else { } else {
@ -5964,7 +5982,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1: case MBEDTLS_ECP_DP_SECP224K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p224_raw;
p = (mbedtls_mpi_uint *) secp224k1_p; p = (mbedtls_mpi_uint *) secp224k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p));
} else { } else {
@ -5976,7 +5995,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1: case MBEDTLS_ECP_DP_SECP256K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p256_raw;
p = (mbedtls_mpi_uint *) secp256k1_p; p = (mbedtls_mpi_uint *) secp256k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p));
} else { } else {
@ -5988,7 +6008,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448: case MBEDTLS_ECP_DP_CURVE448:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p448_raw;
p = (mbedtls_mpi_uint *) curve448_p; p = (mbedtls_mpi_uint *) curve448_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p));
} else { } else {
@ -6003,9 +6024,14 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, if (modp != NULL) {
MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
} else {
if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
} }
return 0; return 0;
} }

4
library/ecp_invasive.h
View File

@ -306,7 +306,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs);
* \param[in,out] N The address of the modulus structure to populate. * \param[in,out] N The address of the modulus structure to populate.
* Must be initialized. * Must be initialized.
* \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus. * \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus.
* \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P) * \param[in] ctype The mbedtls_ecp_modulus_type identifier for a coordinate modulus (P)
* or a scalar modulus (N). * or a scalar modulus (N).
* *
* \return \c 0 if successful. * \return \c 0 if successful.
@ -317,7 +317,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs);
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id, const mbedtls_ecp_group_id id,
const mbedtls_ecp_curve_type ctype); const mbedtls_ecp_modulus_type ctype);
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */

15
scripts/mbedtls_dev/ecp.py
View File

@ -34,7 +34,8 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p192_raw" test_name = "ecp_mod_p192_raw"
input_style = "fixed" input_style = "fixed"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str] moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str]
@ -110,7 +111,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p224_raw" test_name = "ecp_mod_p224_raw"
input_style = "arch_split" input_style = "arch_split"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str] moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str]
@ -187,7 +189,8 @@ class EcpP256R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p256_raw" test_name = "ecp_mod_p256_raw"
input_style = "fixed" input_style = "fixed"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str] moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str]
@ -270,7 +273,8 @@ class EcpP384R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p384_raw" test_name = "ecp_mod_p384_raw"
input_style = "fixed" input_style = "fixed"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff" moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffeffffffff0000000000000000ffffffff") "fffffffffffffffeffffffff0000000000000000ffffffff")
@ -392,7 +396,8 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p521_raw" test_name = "ecp_mod_p521_raw"
input_style = "arch_split" input_style = "arch_split"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")

13
tests/src/bignum_helpers.c
View File

@ -99,7 +99,18 @@ int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
break;
}
if (ret != 0) { if (ret != 0) {
mbedtls_free(p); mbedtls_free(p);
} }

58
tests/suites/test_suite_bignum_mod.function
View File

@ -10,21 +10,6 @@
ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
(b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) (b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
static int test_read_modulus(mbedtls_mpi_mod_modulus *m,
mbedtls_mpi_mod_rep_selector int_rep,
char *input)
{
mbedtls_mpi_uint *p = NULL;
size_t limbs;
int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
if (ret != 0) {
return ret;
}
return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep);
}
static int test_read_residue(mbedtls_mpi_mod_residue *r, static int test_read_residue(mbedtls_mpi_mod_residue *r,
const mbedtls_mpi_mod_modulus *m, const mbedtls_mpi_mod_modulus *m,
char *input, char *input,
@ -65,7 +50,19 @@ void mpi_mod_setup(int int_rep, int iret)
memset(mp, 0xFF, sizeof(mp)); memset(mp, 0xFF, sizeof(mp));
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
ret = mbedtls_mpi_mod_optred_modulus_setup(&m, mp, MLIMBS, NULL);
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
break;
}
TEST_EQUAL(ret, iret); TEST_EQUAL(ret, iret);
/* Only test if the constants have been set-up */ /* Only test if the constants have been set-up */
@ -112,8 +109,8 @@ void mpi_mod_mul(char *input_A,
mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_modulus m;
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
0); MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0);
@ -200,8 +197,8 @@ void mpi_mod_mul_neg(char *input_A,
mbedtls_mpi_mod_modulus fake_m; mbedtls_mpi_mod_modulus fake_m;
mbedtls_mpi_mod_modulus_init(&fake_m); mbedtls_mpi_mod_modulus_init(&fake_m);
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
0); MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0);
@ -247,7 +244,8 @@ void mpi_mod_sub(char *input_N,
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -348,7 +346,8 @@ void mpi_mod_inv_mont(char *input_N,
mbedtls_mpi_mod_modulus_init(&N); mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); mbedtls_test_read_mpi_modulus(&N, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -397,7 +396,8 @@ void mpi_mod_inv_non_mont(char *input_N,
mbedtls_mpi_mod_modulus_init(&N); mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N)); mbedtls_test_read_mpi_modulus(&N, input_N,
MBEDTLS_MPI_MOD_REP_OPT_RED));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -447,7 +447,8 @@ void mpi_mod_add(char *input_N,
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -550,8 +551,7 @@ void mpi_residue_setup(char *input_N, char *input_R, int ret)
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs)); TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
@ -592,8 +592,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret)
mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian)); mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
/* Set up modulus and test with residue->p == NULL */ /* Set up modulus and test with residue->p == NULL */
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian)); mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
@ -666,8 +665,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian)
TEST_LE_U(a_bytes, n_bytes); TEST_LE_U(a_bytes, n_bytes);
/* Init Structures */ /* Init Structures */
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* Enforcing p_limbs >= m->limbs */ /* Enforcing p_limbs >= m->limbs */
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs)); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs));

31
tests/suites/test_suite_bignum_mod_raw.function
View File

@ -54,8 +54,7 @@ void mpi_mod_raw_io(data_t *input, int nb_int, int nx_32_int,
mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])]; mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])];
memset(init, 0xFF, sizeof(init)); memset(init, 0xFF, sizeof(init));
int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx, int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx);
MBEDTLS_MPI_MOD_REP_MONTGOMERY);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) { if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) {
@ -137,8 +136,7 @@ void mpi_mod_raw_cond_assign(char *input_X,
ASSERT_ALLOC(buff_m, copy_limbs); ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs); memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs, &m, buff_m, copy_limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
/* condition is false */ /* condition is false */
TEST_CF_SECRET(X, bytes); TEST_CF_SECRET(X, bytes);
@ -208,8 +206,7 @@ void mpi_mod_raw_cond_swap(char *input_X,
ASSERT_ALLOC(buff_m, copy_limbs); ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs); memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs, &m, buff_m, copy_limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
memcpy(X, tmp_X, bytes); memcpy(X, tmp_X, bytes);
@ -297,8 +294,7 @@ void mpi_mod_raw_sub(char *input_A,
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
mbedtls_mpi_mod_raw_sub(X, A, B, &m); mbedtls_mpi_mod_raw_sub(X, A, B, &m);
ASSERT_COMPARE(X, bytes, res, bytes); ASSERT_COMPARE(X, bytes, res, bytes);
@ -368,8 +364,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N,
TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs)); TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs));
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes); ASSERT_COMPARE(X, bytes, res, bytes);
@ -419,8 +414,7 @@ void mpi_mod_raw_mul(char *input_A,
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
const size_t limbs_T = limbs * 2 + 1; const size_t limbs_T = limbs * 2 + 1;
ASSERT_ALLOC(T, limbs_T); ASSERT_ALLOC(T, limbs_T);
@ -580,9 +574,7 @@ void mpi_mod_raw_add(char *input_N,
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY
), 0);
/* A + B => Correct result */ /* A + B => Correct result */
mbedtls_mpi_mod_raw_add(X, A, B, &m); mbedtls_mpi_mod_raw_add(X, A, B, &m);
@ -720,8 +712,7 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X)
size_t limbs = n_limbs; size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint); size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* 1. Test low-level function first */ /* 1. Test low-level function first */
@ -785,8 +776,7 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X)
size_t limbs = n_limbs; size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint); size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* 1. Test low-level function first */ /* 1. Test low-level function first */
@ -847,8 +837,7 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X)
ASSERT_ALLOC(R, n_limbs); ASSERT_ALLOC(R, n_limbs);
ASSERT_ALLOC(Z, n_limbs); ASSERT_ALLOC(Z, n_limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* Neg( A == 0 ) => Zero result */ /* Neg( A == 0 ) => Zero result */
mbedtls_mpi_mod_raw_neg(R, Z, &m); mbedtls_mpi_mod_raw_neg(R, Z, &m);

27
tests/suites/test_suite_ecp.function
View File

@ -1294,35 +1294,35 @@ void ecp_mod_p_generic_raw(int curve_id,
bytes = limbs_N * sizeof(mbedtls_mpi_uint); bytes = limbs_N * sizeof(mbedtls_mpi_uint);
switch (curve_id) { switch (curve_id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP192R1: case MBEDTLS_ECP_DP_SECP192R1:
limbs = 2 * limbs_N; limbs = 2 * limbs_N;
curve_bits = 192; curve_bits = 192;
curve_func = &mbedtls_ecp_mod_p192_raw; curve_func = &mbedtls_ecp_mod_p192_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP224R1: case MBEDTLS_ECP_DP_SECP224R1:
limbs = 448 / biL; limbs = 448 / biL;
curve_bits = 224; curve_bits = 224;
curve_func = &mbedtls_ecp_mod_p224_raw; curve_func = &mbedtls_ecp_mod_p224_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP256R1: case MBEDTLS_ECP_DP_SECP256R1:
limbs = 2 * limbs_N; limbs = 2 * limbs_N;
curve_bits = 256; curve_bits = 256;
curve_func = &mbedtls_ecp_mod_p256_raw; curve_func = &mbedtls_ecp_mod_p256_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP384R1: case MBEDTLS_ECP_DP_SECP384R1:
limbs = 2 * limbs_N; limbs = 2 * limbs_N;
curve_bits = 384; curve_bits = 384;
curve_func = &mbedtls_ecp_mod_p384_raw; curve_func = &mbedtls_ecp_mod_p384_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP521R1: case MBEDTLS_ECP_DP_SECP521R1:
limbs = 2 * limbs_N; limbs = 2 * limbs_N;
curve_bits = 522; curve_bits = 522;
@ -1373,8 +1373,7 @@ void ecp_mod_p_generic_raw(int curve_id,
TEST_EQUAL(limbs_res, limbs_N); TEST_EQUAL(limbs_res, limbs_N);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs_N, &m, N, limbs_N), 0);
MBEDTLS_MPI_MOD_REP_OPT_RED), 0);
TEST_EQUAL((*curve_func)(X, limbs_X), 0); TEST_EQUAL((*curve_func)(X, limbs_X), 0);
@ -1407,16 +1406,18 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
TEST_EQUAL(ret, iret); TEST_EQUAL(ret, iret);
if (ret == 0) { if (ret == 0) {
TEST_ASSERT(m.int_rep != MBEDTLS_MPI_MOD_REP_INVALID);
/* Test for limb sizes */ /* Test for limb sizes */
TEST_EQUAL(m.limbs, p_limbs); TEST_EQUAL(m.limbs, p_limbs);
bytes = p_limbs * sizeof(mbedtls_mpi_uint); bytes = p_limbs * sizeof(mbedtls_mpi_uint);
/* Test for validity of moduli by the presence of Montgomery consts */ if (m.int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
/* Test for validity of moduli by the presence of Montgomery consts */
TEST_ASSERT(m.rep.mont.mm != 0); TEST_ASSERT(m.rep.mont.mm != 0);
TEST_ASSERT(m.rep.mont.rr != NULL); TEST_ASSERT(m.rep.mont.rr != NULL);
} else {
TEST_ASSERT(m.rep.ored.modp != NULL);
}
/* Compare output byte-by-byte */ /* Compare output byte-by-byte */
ASSERT_COMPARE(p, bytes, m.p, bytes); ASSERT_COMPARE(p, bytes, m.p, bytes);