yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Switch to restart context internally

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-04-20 09:31:00 +02:00
parent 8f28addb27
commit 3cade22f96
2 changed files with 127 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
include/mbedtls/ecp.h
View file

@ -112,16 +112,6 @@ typedef struct
} }
mbedtls_ecp_point; mbedtls_ecp_point;
#if defined(MBEDTLS_ECP_EARLY_RETURN)
/**
* \brief ECP context for resuming multiplication after returning
* \c MBEDTLS_ERR_ECP_IN_PROGRESS
*
* \note Opaque struct
*/
typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
#endif
/** /**
* \brief ECP group structure * \brief ECP group structure
* *
@ -163,9 +153,6 @@ typedef struct
void *t_data; /*!< unused */ void *t_data; /*!< unused */
mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */
size_t T_size; /*!< number for pre-computed points */ size_t T_size; /*!< number for pre-computed points */
#if defined(MBEDTLS_ECP_EARLY_RETURN)
mbedtls_ecp_restart_mul_ctx *rsm; /*!< temporary */
#endif
} }
mbedtls_ecp_group; mbedtls_ecp_group;
@ -185,6 +172,13 @@ typedef struct
mbedtls_ecp_keypair; mbedtls_ecp_keypair;
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
/**
* \brief Internal restart context for multiplication
*
* \note Opaque struct
*/
typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
/** /**
* \brief General context for resuming ECC operations * \brief General context for resuming ECC operations
*/ */

200
library/ecp.c
View file

@ -183,9 +183,11 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
/* /*
* Check if we can do the next step * Check if we can do the next step
*/ */
static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops ) static int ecp_check_budget( const mbedtls_ecp_group *grp,
mbedtls_ecp_restart_ctx *rs_ctx,
unsigned ops )
{ {
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
{ {
/* scale depending on curve size: the chosen reference is 256-bit, /* scale depending on curve size: the chosen reference is 256-bit,
* and multiplication is quadratic. Round to the closest integer. */ * and multiplication is quadratic. Round to the closest integer. */
@ -195,19 +197,22 @@ static int ecp_check_budget( const mbedtls_ecp_group *grp, unsigned ops )
ops *= 2; ops *= 2;
/* avoid infinite loops: always allow first step */ /* avoid infinite loops: always allow first step */
if( grp->rsm->ops_done != 0 && grp->rsm->ops_done + ops > ecp_max_ops ) if( rs_ctx->rsm->ops_done != 0 && rs_ctx->rsm->ops_done + ops > ecp_max_ops )
return( MBEDTLS_ERR_ECP_IN_PROGRESS ); return( MBEDTLS_ERR_ECP_IN_PROGRESS );
/* update running count */ /* update running count */
grp->rsm->ops_done += ops; rs_ctx->rsm->ops_done += ops;
} }
return( 0 ); return( 0 );
} }
#define ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( ecp_check_budget( grp, ops ) ); #define ECP_BUDGET( ops ) MBEDTLS_MPI_CHK( ecp_check_budget( grp, rs_ctx, ops ) );
#else #else
#define ECP_BUDGET( ops ) #define ECP_BUDGET( ops ) /* no-op */
/* We also need that type to make our life simpler for internal functions */
typedef void mbedtls_ecp_restart_ctx;
#endif /* MBEDTLS_ECP_EARLY_RETURN */ #endif /* MBEDTLS_ECP_EARLY_RETURN */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
@ -471,11 +476,6 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
mbedtls_free( grp->T ); mbedtls_free( grp->T );
} }
#if defined(MBEDTLS_ECP_EARLY_RETURN)
ecp_restart_mul_free( grp->rsm );
mbedtls_free( grp->rsm );
#endif
mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) );
} }
@ -1360,7 +1360,8 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d,
*/ */
static int ecp_precompute_comb( const mbedtls_ecp_group *grp, static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
mbedtls_ecp_point T[], const mbedtls_ecp_point *P, mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
unsigned char w, size_t d ) unsigned char w, size_t d,
mbedtls_ecp_restart_ctx *rs_ctx )
{ {
int ret; int ret;
unsigned char i; unsigned char i;
@ -1368,14 +1369,18 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
const unsigned char T_len = 1U << ( w - 1 ); const unsigned char T_len = 1U << ( w - 1 );
mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
#if !defined(MBEDTLS_ECP_EARLY_RETURN)
(void) rs_ctx;
#endif
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
{ {
if( grp->rsm->state == ecp_rsm_pre_norm_add ) if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add )
goto norm_add; goto norm_add;
if( grp->rsm->state == ecp_rsm_pre_add ) if( rs_ctx->rsm->state == ecp_rsm_pre_add )
goto add; goto add;
if( grp->rsm->state == ecp_rsm_pre_norm_dbl ) if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl )
goto norm_dbl; goto norm_dbl;
} }
#endif #endif
@ -1387,8 +1392,8 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL && grp->rsm->i != 0 ) if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
j = grp->rsm->i; j = rs_ctx->rsm->i;
else else
#endif #endif
j = 0; j = 0;
@ -1407,10 +1412,10 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
} }
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
{ {
grp->rsm->i = 0; rs_ctx->rsm->i = 0;
grp->rsm->state++; rs_ctx->rsm->state++;
} }
#endif #endif
@ -1431,8 +1436,8 @@ norm_dbl:
MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
grp->rsm->state++; rs_ctx->rsm->state++;
#endif #endif
/* /*
@ -1453,8 +1458,8 @@ add:
} }
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
grp->rsm->state++; rs_ctx->rsm->state++;
#endif #endif
/* /*
@ -1474,16 +1479,17 @@ norm_add:
MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
grp->rsm->state++; rs_ctx->rsm->state++;
#endif #endif
cleanup: cleanup:
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
{ {
if( grp->rsm->state == ecp_rsm_init ) if( rs_ctx->rsm->state == ecp_rsm_init )
grp->rsm->i = j; rs_ctx->rsm->i = j;
} }
#endif #endif
@ -1527,7 +1533,8 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
const mbedtls_ecp_point T[], unsigned char t_len, const mbedtls_ecp_point T[], unsigned char t_len,
const unsigned char x[], size_t d, const unsigned char x[], size_t d,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{ {
int ret; int ret;
mbedtls_ecp_point Txi; mbedtls_ecp_point Txi;
@ -1535,11 +1542,15 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
mbedtls_ecp_point_init( &Txi ); mbedtls_ecp_point_init( &Txi );
#if !defined(MBEDTLS_ECP_EARLY_RETURN)
(void) rs_ctx;
#endif
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL && grp->rsm->i != 0 ) if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
{ {
/* restore current index (R already pointing to grp->rsm->R) */ /* restore current index (R already pointing to rs_ctx->rsm->R) */
i = grp->rsm->i; i = rs_ctx->rsm->i;
} }
else else
#endif #endif
@ -1565,18 +1576,18 @@ cleanup:
mbedtls_ecp_point_free( &Txi ); mbedtls_ecp_point_free( &Txi );
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
{ {
if( ret == 0 ) if( ret == 0 )
{ {
grp->rsm->state++; rs_ctx->rsm->state++;
grp->rsm->i = 0; rs_ctx->rsm->i = 0;
} }
else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
{ {
/* was decreased before actually doing it */ /* was decreased before actually doing it */
grp->rsm->i = i + 1; rs_ctx->rsm->i = i + 1;
/* no need to save R, already pointing to grp->rsm->R */ /* no need to save R, already pointing to rs_ctx->rsm->R */
} }
} }
#endif #endif
@ -1641,31 +1652,37 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
unsigned char w, unsigned char w,
size_t d, size_t d,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{ {
int ret; int ret;
unsigned char parity_trick; unsigned char parity_trick;
unsigned char k[COMB_MAX_D + 1]; unsigned char k[COMB_MAX_D + 1];
mbedtls_ecp_point *RR = R; mbedtls_ecp_point *RR = R;
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if !defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) (void) rs_ctx;
RR = &grp->rsm->R;
#endif #endif
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm == NULL || grp->rsm->state < ecp_rsm_final_norm ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
RR = &rs_ctx->rsm->R;
#endif
#if defined(MBEDTLS_ECP_EARLY_RETURN)
if( rs_ctx == NULL || rs_ctx->rsm == NULL ||
rs_ctx->rsm->state < ecp_rsm_final_norm )
#endif #endif
{ {
MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w,
&parity_trick ) ); &parity_trick ) );
MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d, MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d,
f_rng, p_rng ) ); f_rng, p_rng, rs_ctx ) );
MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
grp->rsm->state++; rs_ctx->rsm->state++;
#endif #endif
} }
@ -1732,7 +1749,8 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{ {
int ret; int ret;
unsigned char w, p_eq_g = 0, i; unsigned char w, p_eq_g = 0, i;
@ -1740,34 +1758,38 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
unsigned char pre_len = 0, T_ok = 0; unsigned char pre_len = 0, T_ok = 0;
mbedtls_ecp_point *T = NULL; mbedtls_ecp_point *T = NULL;
#if !defined(MBEDTLS_ECP_EARLY_RETURN)
(void) rs_ctx;
#endif
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
/* check for restart with new arguments */ /* check for restart with new arguments */
if( grp->rsm != NULL && if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm != NULL &&
( mbedtls_mpi_cmp_mpi( m, &grp->rsm->m ) != 0 || ( mbedtls_mpi_cmp_mpi( m, &rs_ctx->rsm->m ) != 0 ||
mbedtls_mpi_cmp_mpi( &P->X, &grp->rsm->P.X ) != 0 || mbedtls_mpi_cmp_mpi( &P->X, &rs_ctx->rsm->P.X ) != 0 ||
mbedtls_mpi_cmp_mpi( &P->Y, &grp->rsm->P.Y ) != 0 ) ) mbedtls_mpi_cmp_mpi( &P->Y, &rs_ctx->rsm->P.Y ) != 0 ) )
{ {
ecp_restart_mul_free( grp->rsm ); ecp_restart_mul_free( rs_ctx->rsm );
mbedtls_free( grp->rsm ); mbedtls_free( rs_ctx->rsm );
grp->rsm = NULL; rs_ctx->rsm = NULL;
} }
/* set up restart context if needed */ /* set up restart context if needed */
if( ecp_max_ops != 0 && grp->rsm == NULL ) if( ecp_max_ops != 0 && rs_ctx != NULL && rs_ctx->rsm == NULL )
{ {
grp->rsm = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_mul_ctx ) ); rs_ctx->rsm = mbedtls_calloc( 1, sizeof( mbedtls_ecp_restart_mul_ctx ) );
if( grp->rsm == NULL ) if( rs_ctx->rsm == NULL )
return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
ecp_restart_mul_init( grp->rsm ); ecp_restart_mul_init( rs_ctx->rsm );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &grp->rsm->m, m ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &rs_ctx->rsm->m, m ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &grp->rsm->P, P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &rs_ctx->rsm->P, P ) );
} }
/* reset ops count for this call */ /* reset ops count for this call */
if( grp->rsm != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL )
grp->rsm->ops_done = 0; rs_ctx->rsm->ops_done = 0;
#endif #endif
/* Is P the base point ? */ /* Is P the base point ? */
@ -1792,14 +1814,14 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
/* Pre-computed table: do we have one in progress? complete? */ /* Pre-computed table: do we have one in progress? complete? */
if( grp->rsm != NULL && grp->rsm->T != NULL && T == NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL && T == NULL )
{ {
/* transfer ownership of T from rsm to local function */ /* transfer ownership of T from rsm to local function */
T = grp->rsm->T; T = rs_ctx->rsm->T;
grp->rsm->T = NULL; rs_ctx->rsm->T = NULL;
grp->rsm->T_size = 0; rs_ctx->rsm->T_size = 0;
if( grp->rsm->state >= ecp_rsm_T_done ) if( rs_ctx->rsm->state >= ecp_rsm_T_done )
T_ok = 1; T_ok = 1;
} }
#endif #endif
@ -1818,7 +1840,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
/* Compute table (or finish computing it) if not done already */ /* Compute table (or finish computing it) if not done already */
if( !T_ok ) if( !T_ok )
{ {
MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d ) ); MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) );
if( p_eq_g ) if( p_eq_g )
{ {
@ -1831,7 +1853,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
/* Actual comb multiplication using precomputed points */ /* Actual comb multiplication using precomputed points */
MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m,
T, pre_len, w, d, T, pre_len, w, d,
f_rng, p_rng ) ); f_rng, p_rng, rs_ctx ) );
cleanup: cleanup:
@ -1841,11 +1863,11 @@ cleanup:
/* does T belong to the restart context? */ /* does T belong to the restart context? */
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL )
{ {
/* transfer ownership of T from local function to rsm */ /* transfer ownership of T from local function to rsm */
grp->rsm->T_size = pre_len; rs_ctx->rsm->T_size = pre_len;
grp->rsm->T = T; rs_ctx->rsm->T = T;
T = NULL; T = NULL;
} }
#endif #endif
@ -1868,10 +1890,10 @@ cleanup:
/* clear restart context when not in progress (done or error) */ /* clear restart context when not in progress (done or error) */
#if defined(MBEDTLS_ECP_EARLY_RETURN) #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( grp->rsm != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) { if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) {
ecp_restart_mul_free( grp->rsm ); ecp_restart_mul_free( rs_ctx->rsm );
mbedtls_free( grp->rsm ); mbedtls_free( rs_ctx->rsm );
grp->rsm = NULL; rs_ctx->rsm = NULL;
} }
#endif #endif
@ -2117,7 +2139,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
#endif #endif
#if defined(ECP_SHORTWEIERSTRASS) #if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng ); ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng, NULL );
#endif #endif
#if defined(MBEDTLS_ECP_INTERNAL_ALT) #if defined(MBEDTLS_ECP_INTERNAL_ALT)
@ -2141,8 +2163,26 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx ) mbedtls_ecp_restart_ctx *rs_ctx )
{ {
(void) rs_ctx; /* cheating for now */ /* temporary code duplication with non-restartable version */
return( mbedtls_ecp_mul( grp, R, m, P, f_rng, p_rng ) ); int ret;
/* Common sanity checks */
if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 ||
( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 )
return( ret );
#if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
return( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
#endif
#if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
return( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
#endif
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
} }
#endif #endif