lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-24 01:41:35 +03:00
Code Activity
26,502 Commits 173 Branches 268 Tags
c5eb13d2a986b04b5329400f72f53a971a21de1c
Commit Graph

118 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
54da1a69a2 Merge pull request #7578 from daverodgman/safer-ct5 
Improve constant-time interface
 2023-08-10 16:57:39 +00:00
Dave Rodgman
98ddc01a7c Rename ...if0 to ...else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-10 12:11:31 +01:00
Dave Rodgman
b7825ceb3e Rename uint->bool operators to reflect input types 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-10 11:58:18 +01:00
Dave Rodgman
4883f109a0 Reduce code size for exp_mod_get_window_size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-09 20:42:54 +01:00
Dave Rodgman
c98f8d996a Merge branch 'development' into safer-ct5 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-07 11:47:35 +01:00
Agathiyan Bragadeesh
5058a5b5ad Remove trailing whitespace bignum_core 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 15:23:52 +01:00
Agathiyan Bragadeesh
e55a1e1cf4 Refactor preprocessing for arm none 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 15:00:19 +01:00
Agathiyan Bragadeesh
271a95331e Remove tautology in mbedtls_mpi_core_clz 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-14 14:07:18 +01:00
Dave Rodgman
3b25c40f52 Fix RSA perf regression 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Dave Rodgman
fd492ab1be Use new CT interface in mbedtls_mpi_core_random 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Dave Rodgman
b59b73e2bc Use new CT interface in mbedtls_mpi_core_add_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Dave Rodgman
8ac9a1df24 Use new CT interface in mbedtls_mpi_core_lt_ct 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Dave Rodgman
231a516682 Remove not-needed mbedtls_ct_mpi_uint_cond_assign 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Dave Rodgman
fd7fab4073 Update mbedtls_mpi_core_uint_le_mpi to new CT interface 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Dave Rodgman
cd2e38b906 Update mbedtls_mpi_safe_cond_(assign|swap) to use new CT interface 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Dave Rodgman
7d4f019810 Move some bignum functions out of constant_time module 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Paul Elliott
f0806bee66 Merge pull request #7489 from minosgalanakis/ecp/7246_xtrack_core_shift_l 
[Bignum]: Introduce left shift from prototype
 2023-05-16 17:13:19 +01:00
Minos Galanakis
b89440394f bignum_core: Removed input checking for mbedtls_mpi_core_shift_l 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-05-04 14:40:40 +01:00
Dave Rodgman
914347bfa3 Don't explicitly inline mbedtls_mpi_core_clz 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-27 14:20:30 +01:00
Dave Rodgman
3b29364d61 Fix VS2022 build error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-26 21:53:30 +01:00
Dave Rodgman
2e863ecde9 Remove unnecessary if to save 16 bytes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-25 17:40:49 +01:00
Minos Galanakis
ec09e25251 bignum_core: Aligned xxx_core_shift_l to xxx_core_shift_r 
This patch modifies the left-shift implementation to closely
align in interface and behaviour to the existing right-shift
method.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-25 12:23:34 +01:00
Minos Galanakis
ad808dd5f1 bignum_core: Extracted mbedtls_mpi_shift_l from prototype 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-25 12:23:33 +01:00
Dave Rodgman
0f16d560aa Fix documentation 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-24 12:53:45 +01:00
Dave Rodgman
bbf881053d Document undefined case. Clarify test code. 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-21 12:54:40 +01:00
Dave Rodgman
880a6b34c2 Further size optimisation 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-20 11:52:55 +01:00
Dave Rodgman
fe8a8cd100 Size/perf optimisation for mbedtls_mpi_core_clz 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-19 17:59:12 +01:00
Minos Galanakis
00bd8925a7 bignum: Removed merge scaffolding. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-05 16:13:11 +01:00
Tom Cosgrove
6af26f3838 Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_mul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-31 16:16:00 +02:00
Hanno Becker
4ae890bbd0 Extract MPI_CORE(mul) from the prototype 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-31 16:10:34 +02:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Gilles Peskine
e162b4725c Merge pull request #6777 from tom-cosgrove-arm/issue-6292-mod_inv 
Bignum: Implement high level fixed width modular inversion
 2022-12-17 13:26:02 +01:00
Manuel Pégourié-Gonnard
5bf8629b2c Merge pull request #6303 from gilles-peskine-arm/bignum-core-random 
Bignum: Implement mbedtls_mpi_core_random
 2022-12-16 09:58:07 +01:00
Tom Cosgrove
786848b5c5 Add low-level Montgomery conversion functions to bignum_core 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove
30f3b4d601 Add mbedtls_mpi_core_check_zero_ct() and tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Gilles Peskine
6b7ce968d2 Clarify some comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-15 15:04:33 +01:00
Manuel Pégourié-Gonnard
a9ac61203b Merge pull request #6666 from daverodgman/fast_unaligned 
Fast unaligned memory access macros
 2022-12-12 12:18:17 +01:00
Tom Cosgrove
0a0ddedfb7 Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory 
Last PR needed for #6293

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-06 14:37:18 +00:00
Tom Cosgrove
ecda186893 Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-06 10:46:30 +00:00
Gilles Peskine
70375b2028 Move mbedtls_mpi_core_random to the proper source file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:46:26 +01:00
Gilles Peskine
6f949ea67b New constant-flow function mbedtls_mpi_core_uint_le_mpi 
Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but
will be useful for mbedtls_mpi_core_random.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:06:43 +01:00
Gilles Peskine
edaa17b350 Merge pull request #6547 from yanesca/extract_mod_exp_from_prototype 
Bignum: Extract mod exp from prototype
 2022-11-29 21:40:07 +01:00
Dave Rodgman
6d23ff60dd Make use of optimised bswap from bignum 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Janos Follath
3321b5842c mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine
7d89d351e6 Zeroize sensitive data 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine
0b270a5603 Explain a little more 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine
4380d7b7f3 Simplify cleanup logic 
Take advantage of the fact that there's a single point of failure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine
3b63d09fea Make the main loop's logic clearer 
The loop ends when there are no more bits to process, with one twist: when
that happens, we need to clear the window one last time. Since the window
does not start empty (E_limbs==0 is not supported), the loop always starts
with a non-empty window and some bits to process. So it's correct to move
the window clearing logic to the end of the loop. This lets us exit the loop
when the end of the exponent is reached.

It would be clearer not to do the final window clearing inside the loop, so
we wouldn't need to repeat the loop termination condition (end of exponent
reached) inside the loop. However, this requires duplicating the code to
clear the window. Empirically, this causes a significant code size increase,
even if the window clearing code is placed into a function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine
c718a3ce94 Simplify exponent bit selection 
Use indices instead of mutating data to extract the bits of the exponent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine
d83b5cb504 Local readability improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00