Merge pull request #6777 from tom-cosgrove-arm/issue-6292-mod_inv

Bignum: Implement high level fixed width modular inversion
2025-07-28 00:21:48 +03:00 · 2022-12-17 13:26:02 +01:00
parent cf86d70162 f723754f6d
commit e162b4725c
15 changed files with 593 additions and 46 deletions
--- a/scripts/mbedtls_dev/bignum_common.py
+++ b/scripts/mbedtls_dev/bignum_common.py
@ -39,6 +39,11 @@ def invmod(a: int, n: int) -> int:
        return b
    raise ValueError("Not invertible")

+def invmod_positive(a: int, n: int) -> int:
+    """Return a non-negative inverse of a to modulo n."""
+    inv = invmod(a, n)
+    return inv if inv >= 0 else inv + n
+
 def hex_to_int(val: str) -> int:
    """Implement the syntax accepted by mbedtls_test_read_mpi().

@ -244,6 +249,8 @@ class ModOperationCommon(OperationCommon):
    #pylint: disable=abstract-method
    """Target for bignum mod_raw test case generation."""
    moduli = MODULI_DEFAULT # type: List[str]
+    montgomery_form_a = False
+    disallow_zero_a = False

    def __init__(self, val_n: str, val_a: str, val_b: str = "0",
                 bits_in_limb: int = 64) -> None:
@ -263,6 +270,14 @@ class ModOperationCommon(OperationCommon):
    def boundary(self) -> int:
        return self.int_n

+    @property
+    def arg_a(self) -> str:
+        if self.montgomery_form_a:
+            value_a = self.to_montgomery(self.int_a)
+        else:
+            value_a = self.int_a
+        return self.format_arg('{:x}'.format(value_a))
+
    @property
    def arg_n(self) -> str:
        return self.format_arg(self.val_n)
@ -287,6 +302,8 @@ class ModOperationCommon(OperationCommon):
    def is_valid(self) -> bool:
        if self.int_a >= self.int_n:
            return False
+        if self.disallow_zero_a and self.int_a == 0:
+            return False
        if self.arity == 2 and self.int_b >= self.int_n:
            return False
        return True
--- a/scripts/mbedtls_dev/bignum_core.py
+++ b/scripts/mbedtls_dev/bignum_core.py
@ -757,15 +757,7 @@ class BignumCoreExpMod(BignumCoreTarget, bignum_common.ModOperationCommon):
    test_function = "mpi_core_exp_mod"
    test_name = "Core modular exponentiation (Mongtomery form only)"
    input_style = "fixed"
-
-    def arguments(self) -> List[str]:
-        # Input 'a' has to be given in Montgomery form
-        mont_a = self.to_montgomery(self.int_a)
-        arg_mont_a = self.format_arg('{:x}'.format(mont_a))
-        return [bignum_common.quote_str(n) for n in [self.arg_n,
-                                                     arg_mont_a,
-                                                     self.arg_b]
-               ] + self.result()
+    montgomery_form_a = True

    def result(self) -> List[str]:
        # Result has to be given in Montgomery form too
@ -818,6 +810,20 @@ class BignumCoreSubInt(BignumCoreTarget, bignum_common.OperationCommon):
            str(-borrow)
        ]

+class BignumCoreZeroCheckCT(BignumCoreTarget, bignum_common.OperationCommon):
+    """Test cases for bignum core zero check (constant flow)."""
+    count = 0
+    symbol = "== 0"
+    test_function = "mpi_core_check_zero_ct"
+    test_name = "mpi_core_check_zero_ct"
+    input_style = "variable"
+    arity = 1
+    suffix = True
+
+    def result(self) -> List[str]:
+        result = 1 if self.int_a == 0 else 0
+        return [str(result)]
+
 # END MERGE SLOT 3

 # BEGIN MERGE SLOT 4
--- a/scripts/mbedtls_dev/bignum_data.py
+++ b/scripts/mbedtls_dev/bignum_data.py
@ -121,6 +121,9 @@ MODULI_DEFAULT = [
 ONLY_PRIME_MODULI = [
        "53", # safe prime
        "8ac72304057392b5",     # 9999999997777777333 (longer, not safe, prime)
+        # The next prime has a different R in Montgomery form depending on
+        # whether 32- or 64-bit MPIs are used.
+        "152d02c7e14af67fe0bf", # 99999999999999999991999
        SAFE_PRIME_192_BIT_SEED_1,  # safe prime
        SAFE_PRIME_1024_BIT_SEED_3, # safe prime
        ]
--- a/scripts/mbedtls_dev/bignum_mod.py
+++ b/scripts/mbedtls_dev/bignum_mod.py
@ -18,6 +18,7 @@ from typing import Dict, List

 from . import test_data_generation
 from . import bignum_common
+from .bignum_data import ONLY_PRIME_MODULI

 class BignumModTarget(test_data_generation.BaseTarget):
    #pylint: disable=abstract-method, too-few-public-methods
@ -48,6 +49,42 @@ class BignumModSub(bignum_common.ModOperationCommon, BignumModTarget):
        # generated cases
        return [self.format_result(result), "0"]

+class BignumModInvNonMont(bignum_common.ModOperationCommon, BignumModTarget):
+    """Test cases for bignum mpi_mod_inv() - not in Montgomery form."""
+    moduli = ONLY_PRIME_MODULI  # for now only prime moduli supported
+    symbol = "^ -1"
+    test_function = "mpi_mod_inv_non_mont"
+    test_name = "mbedtls_mpi_mod_inv non-Mont. form"
+    input_style = "fixed"
+    arity = 1
+    suffix = True
+    disallow_zero_a = True
+
+    def result(self) -> List[str]:
+        result = bignum_common.invmod_positive(self.int_a, self.int_n)
+        # To make negative tests easier, append 0 for success to the
+        # generated cases
+        return [self.format_result(result), "0"]
+
+class BignumModInvMont(bignum_common.ModOperationCommon, BignumModTarget):
+    """Test cases for bignum mpi_mod_inv() - Montgomery form."""
+    moduli = ONLY_PRIME_MODULI  # for now only prime moduli supported
+    symbol = "^ -1"
+    test_function = "mpi_mod_inv_mont"
+    test_name = "mbedtls_mpi_mod_inv Mont. form"
+    input_style = "arch_split"  # Mont. form requires arch_split
+    arity = 1
+    suffix = True
+    disallow_zero_a = True
+    montgomery_form_a = True
+
+    def result(self) -> List[str]:
+        result = bignum_common.invmod_positive(self.int_a, self.int_n)
+        mont_result = self.to_montgomery(result)
+        # To make negative tests easier, append 0 for success to the
+        # generated cases
+        return [self.format_result(mont_result), "0"]
+
 # END MERGE SLOT 3

 # BEGIN MERGE SLOT 4
--- a/scripts/mbedtls_dev/bignum_mod_raw.py
+++ b/scripts/mbedtls_dev/bignum_mod_raw.py
@ -80,24 +80,14 @@ class BignumModRawInvPrime(bignum_common.ModOperationCommon,
    symbol = "^ -1"
    test_function = "mpi_mod_raw_inv_prime"
    test_name = "mbedtls_mpi_mod_raw_inv_prime (Montgomery form only)"
-    input_style = "fixed"
+    input_style = "arch_split"
    arity = 1
    suffix = True
-
-    @property
-    def is_valid(self) -> bool:
-        return self.int_a > 0 and self.int_a < self.int_n
-
-    @property
-    def arg_a(self) -> str:
-        # Input has to be given in Montgomery form
-        mont_a = self.to_montgomery(self.int_a)
-        return self.format_arg('{:x}'.format(mont_a))
+    montgomery_form_a = True
+    disallow_zero_a = True

    def result(self) -> List[str]:
-        result = bignum_common.invmod(self.int_a, self.int_n)
-        if result < 0:
-            result += self.int_n
+        result = bignum_common.invmod_positive(self.int_a, self.int_n)
        mont_result = self.to_montgomery(result)
        return [self.format_result(mont_result)]