diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 67a05f83b8..178bd39f28 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -189,9 +189,7 @@ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ - defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ - defined(MBEDTLS_ECP_INTERNAL_ALT) || \ - defined(MBEDTLS_ECP_ALT) ) + defined(MBEDTLS_ECDSA_GENKEY_ALT) ) #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" #endif @@ -269,42 +267,6 @@ #error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT) -#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled" -#endif - #if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C) #error "MBEDTLS_HKDF_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2c82ca369e..618d10e5bd 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -392,17 +392,6 @@ //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT -/* - * When replacing the elliptic curve module, please consider, that it is - * implemented with two .c files: - * - ecp.c - * - ecp_curves.c - * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT - * macros as described above. The only difference is that you have to make sure - * that you provide functionality for both .c files. - */ -//#define MBEDTLS_ECP_ALT - /** * \def MBEDTLS_SHA256_PROCESS_ALT * @@ -458,71 +447,6 @@ //#define MBEDTLS_ECDSA_SIGN_ALT //#define MBEDTLS_ECDSA_GENKEY_ALT -/** - * \def MBEDTLS_ECP_INTERNAL_ALT - * - * Expose a part of the internal interface of the Elliptic Curve Point module. - * - * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your - * alternative core implementation of elliptic curve arithmetic. Keep in mind - * that function prototypes should remain the same. - * - * This partially replaces one function. The header file from Mbed TLS is still - * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation - * is still present and it is used for group structures not supported by the - * alternative. - * - * The original implementation can in addition be removed by setting the - * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the - * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be - * able to fallback to curves not supported by the alternative implementation. - * - * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT - * and implementing the following functions: - * unsigned char mbedtls_internal_ecp_grp_capable( - * const mbedtls_ecp_group *grp ) - * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) - * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) - * The mbedtls_internal_ecp_grp_capable function should return 1 if the - * replacement functions implement arithmetic for the given group and 0 - * otherwise. - * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are - * called before and after each point operation and provide an opportunity to - * implement optimized set up and tear down instructions. - * - * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and - * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac() - * function, but will use your mbedtls_internal_ecp_double_jac() if the group - * for the operation is supported by your implementation (i.e. your - * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the - * group is not supported by your implementation, then the original Mbed TLS - * implementation of ecp_double_jac() is used instead, unless this fallback - * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case - * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). - * - * The function prototypes and the definition of mbedtls_ecp_group and - * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your - * implementation of mbedtls_internal_ecp__function_name__ must be compatible - * with their definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - */ -/* Required for all the functions in this section */ -//#define MBEDTLS_ECP_INTERNAL_ALT -/* Turn off software fallback for curves not supported in hardware */ -//#define MBEDTLS_ECP_NO_FALLBACK -/* Support for Weierstrass curves with Jacobi representation */ -//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT -//#define MBEDTLS_ECP_ADD_MIXED_ALT -//#define MBEDTLS_ECP_DOUBLE_JAC_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT -/* Support for curves with Montgomery arithmetic */ -//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT -//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT -//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT - /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * @@ -825,7 +749,7 @@ * * \note This option only works with the default software implementation of * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. + * MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. * * Requires: MBEDTLS_ECP_C * diff --git a/library/ecp.c b/library/ecp.c index 427059bb53..1e6b69b982 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -31,35 +31,6 @@ #include "common.h" -/** - * \brief Function level alternative implementation. - * - * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to - * replace certain functions in this module. The alternative implementations are - * typically hardware accelerators and need to activate the hardware before the - * computation starts and deactivate it after it finishes. The - * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve - * this purpose. - * - * To preserve the correct functionality the following conditions must hold: - * - * - The alternative implementation must be activated by - * mbedtls_internal_ecp_init() before any of the replaceable functions is - * called. - * - mbedtls_internal_ecp_free() must \b only be called when the alternative - * implementation is activated. - * - mbedtls_internal_ecp_init() must \b not be called when the alternative - * implementation is activated. - * - Public functions must not return while the alternative implementation is - * activated. - * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and - * before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) ) - * \endcode ensures that the alternative implementation supports the current - * group. - */ -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -#endif - #if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" @@ -72,12 +43,8 @@ #include -#if !defined(MBEDTLS_ECP_ALT) - #include "mbedtls/platform.h" -#include "ecp_internal_alt.h" - #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. @@ -1317,15 +1284,6 @@ static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt return 0; } -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_normalize_jac(grp, pt); - } -#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi T; mbedtls_mpi_init(&T); @@ -1343,7 +1301,6 @@ cleanup: mbedtls_mpi_free(&T); return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */ } /* @@ -1364,15 +1321,6 @@ static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp, return ecp_normalize_jac(grp, *T); } -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size); - } -#endif - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi *c, t; @@ -1447,7 +1395,6 @@ cleanup: mbedtls_free(c); return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */ } /* @@ -1491,15 +1438,6 @@ static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, dbl_count++; #endif -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_double_jac(grp, R, P); - } -#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Special case for A = -3 */ @@ -1557,7 +1495,6 @@ static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */ } /* @@ -1588,15 +1525,6 @@ static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, add_count++; #endif -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_add_mixed(grp, R, P, Q); - } -#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* NOTE: Aliasing between input and output is allowed, so one has to make @@ -1668,7 +1596,6 @@ static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */ } /* @@ -1681,15 +1608,6 @@ cleanup: static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng); - } -#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi l; @@ -1718,7 +1636,6 @@ cleanup: ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; } return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */ } /* @@ -2422,15 +2339,6 @@ cleanup: */ static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) { -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_normalize_mxz(grp, P); - } -#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MPI_ECP_INV(&P->Z, &P->Z); MPI_ECP_MUL(&P->X, &P->X, &P->Z); @@ -2438,7 +2346,6 @@ static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) cleanup: return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */ } /* @@ -2452,15 +2359,6 @@ cleanup: static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng); - } -#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi l; mbedtls_mpi_init(&l); @@ -2478,7 +2376,6 @@ cleanup: ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; } return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */ } /* @@ -2502,15 +2399,6 @@ static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, const mbedtls_mpi *d, mbedtls_mpi T[4]) { -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d); - } -#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MPI_ECP_ADD(&T[0], &P->X, &P->Z); /* Pp := PX + PZ */ @@ -2535,7 +2423,6 @@ static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, cleanup: return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */ } /* @@ -2629,9 +2516,6 @@ static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_poin mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - char is_grp_capable = 0; -#endif #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ @@ -2642,12 +2526,6 @@ static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_poin (void) rs_ctx; #endif -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { - MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - int restarting = 0; #if defined(MBEDTLS_ECP_RESTARTABLE) restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL); @@ -2676,12 +2554,6 @@ static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_poin cleanup: -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if (is_grp_capable) { - mbedtls_internal_ecp_free(grp); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL) { rs_ctx->depth--; @@ -2808,9 +2680,6 @@ int mbedtls_ecp_muladd_restartable( mbedtls_ecp_point *pmP = &mP; mbedtls_ecp_point *pR = R; mbedtls_mpi tmp[4]; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - char is_grp_capable = 0; -#endif if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; } @@ -2849,12 +2718,6 @@ mul2: #endif MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { - MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && rs_ctx->ma != NULL) { rs_ctx->ma->state = ecp_rsma_add; @@ -2884,12 +2747,6 @@ cleanup: mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if (is_grp_capable) { - mbedtls_internal_ecp_free(grp); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - mbedtls_ecp_point_free(&mP); ECP_RS_LEAVE(ma); @@ -3698,6 +3555,4 @@ cleanup: #endif /* MBEDTLS_SELF_TEST */ -#endif /* !MBEDTLS_ECP_ALT */ - #endif /* MBEDTLS_ECP_LIGHT */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index c3cd33f47a..97636a7298 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -21,8 +21,6 @@ #include -#if !defined(MBEDTLS_ECP_ALT) - #define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) } #define ECP_MPI_INIT_ARRAY(x) \ @@ -5454,7 +5452,5 @@ mbedtls_ecp_variant mbedtls_ecp_get_variant(void) #endif /* MBEDTLS_TEST_HOOKS */ -#endif /* !MBEDTLS_ECP_ALT */ - #endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_ECP_WITH_MPI_UINT */ diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c index 035b23a1b4..169247f3bf 100644 --- a/library/ecp_curves_new.c +++ b/library/ecp_curves_new.c @@ -26,8 +26,6 @@ #include -#if !defined(MBEDTLS_ECP_ALT) - #define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) } #define ECP_MPI_INIT_ARRAY(x) \ @@ -6031,6 +6029,5 @@ mbedtls_ecp_variant mbedtls_ecp_get_variant(void) #endif /* MBEDTLS_TEST_HOOKS */ -#endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_ECP_WITH_MPI_UINT */ diff --git a/library/ecp_internal_alt.h b/library/ecp_internal_alt.h deleted file mode 100644 index 668edc74c9..0000000000 --- a/library/ecp_internal_alt.h +++ /dev/null @@ -1,287 +0,0 @@ -/** - * \file ecp_internal_alt.h - * - * \brief Function declarations for alternative implementation of elliptic curve - * point arithmetic. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * References: - * - * [1] BERNSTEIN, Daniel J. Curve25519: new Diffie-Hellman speed records. - * - * - * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis - * for elliptic curve cryptosystems. In : Cryptographic Hardware and - * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302. - * - * - * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to - * render ECC resistant against Side Channel Attacks. IACR Cryptology - * ePrint Archive, 2004, vol. 2004, p. 342. - * - * - * [4] Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters. - * - * - * [5] HANKERSON, Darrel, MENEZES, Alfred J., VANSTONE, Scott. Guide to Elliptic - * Curve Cryptography. - * - * [6] Digital Signature Standard (DSS), FIPS 186-4. - * - * - * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer - * Security (TLS), RFC 4492. - * - * - * [8] - * - * [9] COHEN, Henri. A Course in Computational Algebraic Number Theory. - * Springer Science & Business Media, 1 Aug 2000 - */ - -#ifndef MBEDTLS_ECP_INTERNAL_H -#define MBEDTLS_ECP_INTERNAL_H - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - -/** - * \brief Indicate if the Elliptic Curve Point module extension can - * handle the group. - * - * \param grp The pointer to the elliptic curve group that will be the - * basis of the cryptographic computations. - * - * \return Non-zero if successful. - */ -unsigned char mbedtls_internal_ecp_grp_capable(const mbedtls_ecp_group *grp); - -/** - * \brief Initialise the Elliptic Curve Point module extension. - * - * If mbedtls_internal_ecp_grp_capable returns true for a - * group, this function has to be able to initialise the - * module for it. - * - * This module can be a driver to a crypto hardware - * accelerator, for which this could be an initialise function. - * - * \param grp The pointer to the group the module needs to be - * initialised for. - * - * \return 0 if successful. - */ -int mbedtls_internal_ecp_init(const mbedtls_ecp_group *grp); - -/** - * \brief Frees and deallocates the Elliptic Curve Point module - * extension. - * - * \param grp The pointer to the group the module was initialised for. - */ -void mbedtls_internal_ecp_free(const mbedtls_ecp_group *grp); - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) -/** - * \brief Randomize jacobian coordinates: - * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l. - * - * \param grp Pointer to the group representing the curve. - * - * \param pt The point on the curve to be randomised, given with Jacobian - * coordinates. - * - * \param f_rng A function pointer to the random number generator. - * - * \param p_rng A pointer to the random number generator state. - * - * \return 0 if successful. - */ -int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng); -#endif - -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) -/** - * \brief Addition: R = P + Q, mixed affine-Jacobian coordinates. - * - * The coordinates of Q must be normalized (= affine), - * but those of P don't need to. R is not normalized. - * - * This function is used only as a subrutine of - * ecp_mul_comb(). - * - * Special cases: (1) P or Q is zero, (2) R is zero, - * (3) P == Q. - * None of these cases can happen as intermediate step in - * ecp_mul_comb(): - * - at each step, P, Q and R are multiples of the base - * point, the factor being less than its order, so none of - * them is zero; - * - Q is an odd multiple of the base point, P an even - * multiple, due to the choice of precomputed points in the - * modified comb method. - * So branches for these cases do not leak secret information. - * - * We accept Q->Z being unset (saving memory in tables) as - * meaning 1. - * - * Cost in field operations if done by [5] 3.22: - * 1A := 8M + 3S - * - * \param grp Pointer to the group representing the curve. - * - * \param R Pointer to a point structure to hold the result. - * - * \param P Pointer to the first summand, given with Jacobian - * coordinates - * - * \param Q Pointer to the second summand, given with affine - * coordinates. - * - * \return 0 if successful. - */ -int mbedtls_internal_ecp_add_mixed(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q); -#endif - -/** - * \brief Point doubling R = 2 P, Jacobian coordinates. - * - * Cost: 1D := 3M + 4S (A == 0) - * 4M + 4S (A == -3) - * 3M + 6S + 1a otherwise - * when the implementation is based on the "dbl-1998-cmo-2" - * doubling formulas in [8] and standard optimizations are - * applied when curve parameter A is one of { 0, -3 }. - * - * \param grp Pointer to the group representing the curve. - * - * \param R Pointer to a point structure to hold the result. - * - * \param P Pointer to the point that has to be doubled, given with - * Jacobian coordinates. - * - * \return 0 if successful. - */ -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) -int mbedtls_internal_ecp_double_jac(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, const mbedtls_ecp_point *P); -#endif - -/** - * \brief Normalize jacobian coordinates of an array of (pointers to) - * points. - * - * Using Montgomery's trick to perform only one inversion mod P - * the cost is: - * 1N(t) := 1I + (6t - 3)M + 1S - * (See for example Algorithm 10.3.4. in [9]) - * - * This function is used only as a subrutine of - * ecp_mul_comb(). - * - * Warning: fails (returning an error) if one of the points is - * zero! - * This should never happen, see choice of w in ecp_mul_comb(). - * - * \param grp Pointer to the group representing the curve. - * - * \param T Array of pointers to the points to normalise. - * - * \param t_len Number of elements in the array. - * - * \return 0 if successful, - * an error if one of the points is zero. - */ -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) -int mbedtls_internal_ecp_normalize_jac_many(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *T[], size_t t_len); -#endif - -/** - * \brief Normalize jacobian coordinates so that Z == 0 || Z == 1. - * - * Cost in field operations if done by [5] 3.2.1: - * 1N := 1I + 3M + 1S - * - * \param grp Pointer to the group representing the curve. - * - * \param pt pointer to the point to be normalised. This is an - * input/output parameter. - * - * \return 0 if successful. - */ -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) -int mbedtls_internal_ecp_normalize_jac(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt); -#endif - -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) -int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - mbedtls_ecp_point *S, - const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q, - const mbedtls_mpi *d); -#endif - -/** - * \brief Randomize projective x/z coordinates: - * (X, Z) -> (l X, l Z) for random l - * - * \param grp pointer to the group representing the curve - * - * \param P the point on the curve to be randomised given with - * projective coordinates. This is an input/output parameter. - * - * \param f_rng a function pointer to the random number generator - * - * \param p_rng a pointer to the random number generator state - * - * \return 0 if successful - */ -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) -int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng); -#endif - -/** - * \brief Normalize Montgomery x/z coordinates: X = X/Z, Z = 1. - * - * \param grp pointer to the group representing the curve - * - * \param P pointer to the point to be normalised. This is an - * input/output parameter. - * - * \return 0 if successful - */ -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) -int mbedtls_internal_ecp_normalize_mxz(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P); -#endif - -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#endif /* ecp_internal_alt.h */ diff --git a/scripts/config.py b/scripts/config.py index 8704bdb51e..7c32db18dd 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -185,7 +185,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS - 'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation 'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h deleted file mode 100644 index d204b18d0e..0000000000 --- a/tests/include/alt-dummy/ecp_alt.h +++ /dev/null @@ -1,22 +0,0 @@ -/* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef ECP_ALT_H -#define ECP_ALT_H - -typedef struct mbedtls_ecp_group { - const mbedtls_ecp_group_id id; - const mbedtls_mpi P; - const mbedtls_mpi A; - const mbedtls_mpi B; - const mbedtls_ecp_point G; - const mbedtls_mpi N; - const size_t pbits; - const size_t nbits; -} -mbedtls_ecp_group; - -#endif /* ecp_alt.h */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h index d8f73ae965..d7a3c665f2 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h @@ -162,15 +162,6 @@ typedef struct mbedtls_ecp_point { } mbedtls_ecp_point; -#if !defined(MBEDTLS_ECP_ALT) -/* - * default Mbed TLS elliptic curve arithmetic implementation - * - * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an - * alternative implementation for the whole module and it will replace this - * one.) - */ - /** * \brief The ECP group structure. * @@ -309,10 +300,6 @@ mbedtls_ecp_group; /** \} name SECTION: Module settings */ -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - /** * The maximum size of the groups, that is, of \c N and \c P. */