Merge pull request #6457 from minosgalanakis/minos/6017_update_modulus_lifecycle

Bignum: Updated the modulus lifecyle
2022-10-31 11:28:37 +00:00 · 2022-10-31 11:28:37 +00:00 · 2dc2757cca
commit 2dc2757cca
parent 1a22bef116 0c61a749b7
4 changed files with 68 additions and 3 deletions
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@ -77,7 +77,14 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m )
    switch( m->int_rep )
    {
        case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            mbedtls_free( m->rep.mont );
+            if (m->rep.mont.rr != NULL)
+            {
+                mbedtls_platform_zeroize( (mbedtls_mpi_uint *) m->rep.mont.rr,
+                                           m->limbs );
+                mbedtls_free( (mbedtls_mpi_uint *)m->rep.mont.rr );
+                m->rep.mont.rr = NULL;
+            }
+            m->rep.mont.mm = 0;
            break;
        case MBEDTLS_MPI_MOD_REP_OPT_RED:
            mbedtls_free( m->rep.ored );
@ -93,6 +100,41 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m )
    m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
 }

+static int set_mont_const_square( const mbedtls_mpi_uint **X,
+                                  const mbedtls_mpi_uint *A,
+                                  size_t limbs )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    mbedtls_mpi N;
+    mbedtls_mpi RR;
+    *X = NULL;
+
+    mbedtls_mpi_init( &N );
+    mbedtls_mpi_init( &RR );
+
+    if ( A == NULL || limbs == 0 || limbs >= ( MBEDTLS_MPI_MAX_LIMBS / 2 ) - 2 )
+        goto cleanup;
+
+    if ( mbedtls_mpi_grow( &N, limbs ) )
+        goto cleanup;
+
+    memcpy( N.p, A, sizeof(mbedtls_mpi_uint) * limbs );
+
+    ret = mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N);
+
+    if ( ret == 0 )
+    {
+        *X = RR.p;
+        RR.p = NULL;
+    }
+
+cleanup:
+    mbedtls_mpi_free(&N);
+    mbedtls_mpi_free(&RR);
+    ret = ( ret != 0 ) ? MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED : 0;
+    return( ret );
+}
+
 int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
                                   const mbedtls_mpi_uint *p,
                                   size_t p_limbs,
@ -120,7 +162,8 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
    {
        case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
            m->int_rep = int_rep;
-            m->rep.mont = NULL;
+            m->rep.mont.mm = mbedtls_mpi_core_montmul_init( m->p );
+            ret = set_mont_const_square( &m->rep.mont.rr, m->p, m->limbs );
            break;
        case MBEDTLS_MPI_MOD_REP_OPT_RED:
            m->int_rep = int_rep;
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@ -53,7 +53,11 @@ typedef struct
    size_t limbs;
 } mbedtls_mpi_mod_residue;

-typedef void *mbedtls_mpi_mont_struct;
+typedef struct {
+    mbedtls_mpi_uint const *rr;  /* The residue for 2^{2*n*biL} mod N */
+    mbedtls_mpi_uint mm;         /* Montgomery const for -N^{-1} mod 2^{ciL} */
+} mbedtls_mpi_mont_struct;
+
 typedef void *mbedtls_mpi_opt_red_struct;

 typedef struct {
--- a/tests/suites/test_suite_bignum_mod.function
+++ b/tests/suites/test_suite_bignum_mod.function
@ -25,12 +25,28 @@ void mpi_mod_setup( int ext_rep, int int_rep, int iret )
    ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, ext_rep, int_rep );
    TEST_EQUAL( ret, iret );

+    /* Only test if the constants have been set-up  */
+    if ( ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+    {
+        /* Test that the consts have been calculated */
+        TEST_ASSERT( m.rep.mont.rr != NULL );
+        TEST_ASSERT( m.rep.mont.mm != 0 );
+
+    }
+
    /* Address sanitiser should catch if we try to free mp */
    mbedtls_mpi_mod_modulus_free( &m );

    /* Make sure that the modulus doesn't have reference to mp anymore */
    TEST_ASSERT( m.p != mp );

+    /* Only test if the constants have been set-up  */
+    if ( ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+    {
+        /* Verify the data and pointers allocated have been properly wiped */
+        TEST_ASSERT( m.rep.mont.rr == NULL );
+        TEST_ASSERT( m.rep.mont.mm == 0 );
+    }
 exit:
    /* It should be safe to call an mbedtls free several times */
    mbedtls_mpi_mod_modulus_free( &m );
--- a/tests/suites/test_suite_bignum_mod_raw.function
+++ b/tests/suites/test_suite_bignum_mod_raw.function
@ -134,6 +134,7 @@ void mpi_mod_raw_cond_assign( data_t * input_X,
    ASSERT_ALLOC( Y, limbs );

    ASSERT_ALLOC( buff_m, limbs );
+    memset( buff_m, 0xFF, copy_bytes );
    TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
                        &m, buff_m, copy_limbs,
                        MBEDTLS_MPI_MOD_EXT_REP_BE,
@ -214,6 +215,7 @@ void mpi_mod_raw_cond_swap( data_t * input_X,
    ASSERT_ALLOC( tmp_Y, limbs );

    ASSERT_ALLOC( buff_m, copy_limbs );
+    memset( buff_m, 0xFF, copy_bytes );
    TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
                        &m, buff_m, copy_limbs,
                        MBEDTLS_MPI_MOD_EXT_REP_BE,