Add _raw function to P256K1

Modified the testing to use the generic fast reduction test function.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei 2023-05-02 14:12:25 +02:00
parent e42bb6294e
commit 03558b847e
No known key found for this signature in database
GPG key ID: F072ACA227ACD71D
4 changed files with 32 additions and 56 deletions

View file

@ -4623,7 +4623,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
static int ecp_mod_p256k1(mbedtls_mpi *); static int ecp_mod_p256k1(mbedtls_mpi *);
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p256k1(mbedtls_mpi *); int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif #endif
#if defined(ECP_LOAD_GROUP) #if defined(ECP_LOAD_GROUP)
@ -5680,30 +5680,31 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
/*
* Fast quasi-reduction modulo p256k1 = 2^256 - R,
* with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
*/
static int ecp_mod_p256k1(mbedtls_mpi *N) static int ecp_mod_p256k1(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((256 + biL - 1) / biL); size_t expected_width = 2 * ((256 + biL - 1) / biL);
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p256k1(N); ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width);
cleanup: cleanup:
return ret; return ret;
} }
/*
* Fast quasi-reduction modulo p256k1 = 2^256 - R,
* with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
*/
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N) int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{ {
static mbedtls_mpi_uint Rp[] = { static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00,
0x00) 0x01, 0x00, 0x00, 0x00)
}; };
return ecp_mod_koblitz(N->p, N->n, Rp, 256); return ecp_mod_koblitz(X, X_limbs, Rp, 256);
} }
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_TEST_HOOKS) #if defined(MBEDTLS_TEST_HOOKS)

View file

@ -190,7 +190,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N); int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */

View file

@ -639,8 +639,8 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon,
EcpTarget): EcpTarget):
"""Test cases for ECP P256 fast reduction.""" """Test cases for ECP P256 fast reduction."""
symbol = "-" symbol = "-"
test_function = "ecp_mod_p256k1" test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p256k1" test_name = "ecp_mod_p256k1_raw"
input_style = "fixed" input_style = "fixed"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP256K1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP256K1_ENABLED"]
@ -659,9 +659,13 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon,
# 2^256 - 1 # 2^256 - 1
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
# Maximum canonical P256 multiplication result # Maximum canonical P256K1 multiplication result
("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c0" ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c"
"00000000000000000000000000000000000000000000001000007a4000e9844"), "000000000000000000000000000000000000000000000001000007a4000e9844"),
# Test case for overflow during addition
("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562"
"00000000000000000000000000000000000000000000000000000000585674fd"),
# Test case for overflow during addition # Test case for overflow during addition
("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562" ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562"
@ -702,6 +706,10 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon,
def is_valid(self) -> bool: def is_valid(self) -> bool:
return True return True
def arguments(self):
args = super().arguments()
return ["MBEDTLS_ECP_DP_SECP256K1"] + args
class EcpP448Raw(bignum_common.ModOperationCommon, class EcpP448Raw(bignum_common.ModOperationCommon,
EcpTarget): EcpTarget):

View file

@ -1341,6 +1341,13 @@ void ecp_mod_p_generic_raw(int curve_id,
curve_bits = 224; curve_bits = 224;
curve_func = &mbedtls_ecp_mod_p224k1_raw; curve_func = &mbedtls_ecp_mod_p224k1_raw;
break; break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
limbs = 2 * limbs_N;
curve_bits = 256;
curve_func = &mbedtls_ecp_mod_p256k1_raw;
break;
#endif #endif
default: default:
mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__); mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__);
@ -1369,46 +1376,6 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256K1_ENABLED */
void ecp_mod_p256k1(char *input_N,
char *input_X,
char *result)
{
mbedtls_mpi X;
mbedtls_mpi N;
mbedtls_mpi res;
mbedtls_mpi_init(&X);
mbedtls_mpi_init(&N);
mbedtls_mpi_init(&res);
TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
size_t limbs = N.n;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_LE_U(X.n, 2 * limbs);
TEST_EQUAL(res.n, limbs);
TEST_EQUAL(mbedtls_ecp_mod_p256k1(&X), 0);
TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 256);
ASSERT_COMPARE(X.p, bytes, res.p, bytes);
exit:
mbedtls_mpi_free(&X);
mbedtls_mpi_free(&N);
mbedtls_mpi_free(&res);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_CURVE448_ENABLED */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_CURVE448_ENABLED */
void ecp_mod_p448(char *input_N, void ecp_mod_p448(char *input_N,
char *input_X, char *input_X,