diff --git a/library/ecp_curves.c b/library/ecp_curves.c index feda4ce354..708dcec5f1 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4618,7 +4618,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static int ecp_mod_p224k1(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1(mbedtls_mpi *); +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static int ecp_mod_p256k1(mbedtls_mpi *); @@ -5650,30 +5650,30 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +/* + * Fast quasi-reduction modulo p224k1 = 2^224 - R, + * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 + */ static int ecp_mod_p224k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t expected_width = 2 * 224 / biL; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p224k1(N); + ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width); cleanup: return ret; } -/* - * Fast quasi-reduction modulo p224k1 = 2^224 - R, - * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 - */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N) +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, - 0x00) + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00) }; - return ecp_mod_koblitz(N->p, N->n, Rp, 224); + return ecp_mod_koblitz(X, X_limbs, Rp, 224); } #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 78e0bcbf72..744945c333 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -179,10 +179,11 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ + #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N); +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 76a369701a..7efb32d893 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -566,8 +566,8 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ECP P224 fast reduction.""" symbol = "-" - test_function = "ecp_mod_p224k1" - test_name = "ecp_mod_p224k1" + test_function = "ecp_mod_p_generic_raw" + test_name = "ecp_mod_p224k1_raw" input_style = "fixed" arity = 1 dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"] @@ -586,7 +586,7 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, # 2^224 - 1 "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - # Maximum canonical P224 multiplication result + # Maximum canonical P224K1 multiplication result ("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8" "00000000000000000000000000000000000000010000352802c26590"), @@ -630,6 +630,10 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True + def arguments(self): + args = super().arguments() + return ["MBEDTLS_ECP_DP_SECP224K1"] + args + class EcpP256K1Raw(bignum_common.ModOperationCommon, EcpTarget): diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 9d33e4df4e..f55c184a49 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1334,6 +1334,13 @@ void ecp_mod_p_generic_raw(int curve_id, curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192k1_raw; break; +#endif +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) + case MBEDTLS_ECP_DP_SECP224K1: + limbs = 448 / biL; + curve_bits = 224; + curve_func = &mbedtls_ecp_mod_p224k1_raw; + break; #endif default: mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__); @@ -1362,44 +1369,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224K1_ENABLED */ -void ecp_mod_p224k1(char *input_N, - char *input_X, - char *result) -{ - mbedtls_mpi X; - mbedtls_mpi N; - mbedtls_mpi res; - - mbedtls_mpi_init(&X); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&res); - - TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0); - - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n)); - - size_t limbs = N.n; - size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - - TEST_LE_U(X.n, 448 / biL); - TEST_EQUAL(res.n, limbs); - - TEST_EQUAL(mbedtls_ecp_mod_p224k1(&X), 0); - TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0); - TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 224); - ASSERT_COMPARE(X.p, bytes, res.p, bytes); - -exit: - mbedtls_mpi_free(&X); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&res); -} -/* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256K1_ENABLED */ void ecp_mod_p256k1(char *input_N,