lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Fix output width of mbedtls_ecp_mod_p448() to 448 bits

Browse Source 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott
2023-05-19 18:34:13 +01:00
parent 981d8b6fc7
commit edc97680d5
2 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
library/ecp_curves.c
View File

@@ -28,6 +28,8 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#include "constant_time_internal.h"
#include "bn_mul.h" #include "bn_mul.h"
#include "bignum_core.h" #include "bignum_core.h"
#include "ecp_invasive.h" #include "ecp_invasive.h"
@@ -5502,13 +5504,18 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs)
/* Extra limb for carry below. */ /* Extra limb for carry below. */
M_limbs++; M_limbs++;
mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); mbedtls_mpi_uint *M = NULL;
mbedtls_mpi_uint *Q = NULL;
const mbedtls_mpi_uint *P = (mbedtls_mpi_uint *) curve448_p;
const size_t P_limbs = CHARS_TO_LIMBS(sizeof(curve448_p));
M = mbedtls_calloc(M_limbs, ciL);
if (M == NULL) { if (M == NULL) {
return MBEDTLS_ERR_ECP_ALLOC_FAILED; return MBEDTLS_ERR_ECP_ALLOC_FAILED;
} }
mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL); Q = mbedtls_calloc(Q_limbs, ciL);
if (Q == NULL) { if (Q == NULL) {
ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
@@ -5527,9 +5534,15 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs)
X[i] = 0; X[i] = 0;
} }
/* X += A1 - Carry here dealt with by oversize M and X. */ /* X += A1 - Carry here fits in oversize X. Oversize M means it will get
* added in, not returned as carry. */
(void) mbedtls_mpi_core_add(X, X, M, M_limbs); (void) mbedtls_mpi_core_add(X, X, M, M_limbs);
/* Deal with carry bit from add by subtracting P if necessary. */
if (X[P448_WIDTH] != 0) {
mbedtls_mpi_core_sub(X, X, P, P_limbs);
}
/* Q = B1, X += B1 */ /* Q = B1, X += B1 */
memcpy(Q, M, (Q_limbs * ciL)); memcpy(Q, M, (Q_limbs * ciL));
@@ -5548,10 +5561,22 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs)
(void) mbedtls_mpi_core_add(M, M, Q, Q_limbs); (void) mbedtls_mpi_core_add(M, M, Q, Q_limbs);
/* Shifted carry bit from the addition is dealt with by oversize M */ /* Shifted carry bit from the addition fits in oversize M */
mbedtls_mpi_core_shift_l(M, M_limbs, 224); mbedtls_mpi_core_shift_l(M, M_limbs, 224);
(void) mbedtls_mpi_core_add(X, X, M, M_limbs); (void) mbedtls_mpi_core_add(X, X, M, M_limbs);
/* Deal with carry bit by subtracting P if necessary. */
if (X[P448_WIDTH] != 0) {
mbedtls_mpi_core_sub(X, X, P, P_limbs);
}
/* Returned result should be 0 < X < P. Although we have controlled bit
* width, we may still have a result which is greater than P. Subtract P
* if this is the case. */
if (mbedtls_mpi_core_lt_ct(P, X, P_limbs)) {
mbedtls_mpi_core_sub(X, X, P, P_limbs);
}
ret = 0; ret = 0;
cleanup: cleanup:

1
tests/suites/test_suite_ecp.function
View File

@@ -1404,7 +1404,6 @@ void ecp_mod_p448(char *input_N,
TEST_EQUAL(res.n, limbs); TEST_EQUAL(res.n, limbs);
TEST_EQUAL(mbedtls_ecp_mod_p448(X.p, X.n), 0); TEST_EQUAL(mbedtls_ecp_mod_p448(X.p, X.n), 0);
TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 448); TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 448);
ASSERT_COMPARE(X.p, bytes, res.p, bytes); ASSERT_COMPARE(X.p, bytes, res.p, bytes);