diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 98e2f9519..fe62fec4d 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5420,7 +5420,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((256 + biL - 1) / biL); + size_t expected_width = 2 * ((255 + biL - 1) / biL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); cleanup: @@ -5433,32 +5433,26 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) mbedtls_mpi_uint carry[P255_WIDTH]; memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH); - if (X_Limbs > 2*P255_WIDTH) { - X_Limbs = 2*P255_WIDTH; - } else if (X_Limbs < P255_WIDTH) { - return 0; - } - /* Step 1: Reduction to P255_WIDTH limbs */ if (X_Limbs > P255_WIDTH) { - /* Helper references for top part of N */ - mbedtls_mpi_uint * const NT_p = X + P255_WIDTH; - const size_t NT_n = X_Limbs - P255_WIDTH; + /* Helper references for top part of X */ + mbedtls_mpi_uint * const A1 = X + P255_WIDTH; + const size_t A1_limbs = X_Limbs - P255_WIDTH; - /* N = A0 + 38 * A1, capture carry out */ - carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, NT_p, NT_n, 38); + /* X = A0 + 38 * A1, capture carry out */ + carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); /* Clear top part */ - memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); + memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); } /* Step 2: Reduce to

> (biL - 1)); + carry[0] += (X[P255_WIDTH - 1] >> (biL - 1)); carry[0] *= 19; /* Clear top bit */ - X[P255_WIDTH-1] <<= 1; X[P255_WIDTH-1] >>= 1; + X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH); return 0; diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 7626eda40..02db438a7 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -728,53 +728,39 @@ class EcpP255Raw(bignum_common.ModOperationCommon, "0", "1", # Modulus - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"), # Modulus + 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffee"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee"), # 2^255 - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffff"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), # Maximum canonical P255 multiplication result - ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec000000000000000000000000000000000000000000000000" - "0000000000000190"), + ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec" + "0000000000000000000000000000000000000000000000000000000000000190"), # First 8 number generated by random.getrandbits(510) - seed(2,2) - ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5" - "e341245c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4" - "bb99f4bea973"), - ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e" - "405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653" - "f8dd9b1f282e"), - ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09" - "325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f" - "57ebf30b94fa"), - ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c" - "7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71" - "c4a66148a86f"), - ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4" - "c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14" - "bc4a829e07b0"), - ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf6" - "3f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3f" - "d983c34c769f"), - ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80" - "371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a8" - "3ee0761ebfd2"), - ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9" - "492f258ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e736" - "95c3e652c71a"), + ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" + "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), + ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93" + "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"), + ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626" + "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"), + ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578" + "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), + ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2" + "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"), + ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0" + "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"), + ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9" + "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"), + ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25" + "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), # Next 2 number generated by random.getrandbits(255) - ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3" - "172062"), - ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9" - "500ec9"), + ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"), + ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"), ] @property