mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-05 00:40:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move internal drbg init to specific mul functions

Browse Source 
While it seems cleaner and more convenient to set it in the top-level
mbedtls_ecp_mul() function, the existence of the restartable option changes
things - when it's enabled the drbg context needs to be saved in the restart
context (more precisely in the restart_mul sub-context), which can only be
done when it's allocated, which is in the curve-specific mul function.

This commit only internal drbg management from mbedtls_ecp_mul() to
ecp_mul_mxz() and ecp_mul_comb(), without modifying behaviour (even internal),
and a future commit will modify the ecp_mul_comb() version to handle restart
properly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2020-06-03 12:11:56 +02:00
parent c52a43c2bd
commit f2a9fcff62
1 changed files with 37 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
library/ecp.c
View File

@ -2221,11 +2221,25 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char w, p_eq_g, i; unsigned char w, p_eq_g, i;
size_t d; size_t d;
unsigned char T_size, T_ok; unsigned char T_size = 0, T_ok = 0;
mbedtls_ecp_point *T; mbedtls_ecp_point *T = NULL;
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
ecp_drbg_init( &drbg_ctx );
#endif
ECP_RS_ENTER( rsm ); ECP_RS_ENTER( rsm );
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == NULL )
{
MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) );
f_rng = &ecp_drbg_random;
p_rng = &drbg_ctx;
}
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
/* Is P the base point ? */ /* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
@ -2297,6 +2311,10 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
cleanup: cleanup:
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_free( &drbg_ctx );
#endif
/* does T belong to the group? */ /* does T belong to the group? */
if( T == grp->T ) if( T == grp->T )
T = NULL; T = NULL;
@ -2487,9 +2505,22 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
unsigned char b; unsigned char b;
mbedtls_ecp_point RP; mbedtls_ecp_point RP;
mbedtls_mpi PX; mbedtls_mpi PX;
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
ecp_drbg_init( &drbg_ctx );
#endif
mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == NULL )
{
MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) );
f_rng = &ecp_drbg_random;
p_rng = &drbg_ctx;
}
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
/* Save PX and read from P before writing to R, in case P == R */ /* Save PX and read from P before writing to R, in case P == R */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
@ -2542,6 +2573,10 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
cleanup: cleanup:
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_free( &drbg_ctx );
#endif
mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
return( ret ); return( ret );
@ -2560,19 +2595,12 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
#if defined(MBEDTLS_ECP_INTERNAL_ALT) #if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0; char is_grp_capable = 0;
#endif
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
#endif #endif
ECP_VALIDATE_RET( grp != NULL ); ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( R != NULL ); ECP_VALIDATE_RET( R != NULL );
ECP_VALIDATE_RET( m != NULL ); ECP_VALIDATE_RET( m != NULL );
ECP_VALIDATE_RET( P != NULL ); ECP_VALIDATE_RET( P != NULL );
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_init( &drbg_ctx );
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
/* reset ops count for this call if top-level */ /* reset ops count for this call if top-level */
if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
@ -2584,15 +2612,6 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == NULL )
{
MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) );
f_rng = &ecp_drbg_random;
p_rng = &drbg_ctx;
}
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
/* skip argument check when restarting */ /* skip argument check when restarting */
if( rs_ctx == NULL || rs_ctx->rsm == NULL ) if( rs_ctx == NULL || rs_ctx->rsm == NULL )
@ -2623,10 +2642,6 @@ cleanup:
mbedtls_internal_ecp_free( grp ); mbedtls_internal_ecp_free( grp );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_free( &drbg_ctx );
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL ) if( rs_ctx != NULL )
rs_ctx->depth--; rs_ctx->depth--;