mbedtls_ecp_gen_privkey_mx: rename n_bits to high_bit

For Montgomery keys, n_bits is actually the position of the highest
bit and not the number of bits, which would be 1 more (fence vs
posts). Rename the variable accordingly to lessen the confusion.

No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-03-24 12:34:40 +01:00
parent 72fcc98d23
commit 55c46040f6
2 changed files with 9 additions and 9 deletions

View file

@ -3059,32 +3059,32 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_gen_privkey_mx( size_t n_bits, int mbedtls_ecp_gen_privkey_mx( size_t high_bit,
mbedtls_mpi *d, mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
size_t b; size_t b;
size_t n_bytes = ( n_bits + 7 ) / 8; size_t n_bytes = ( high_bit + 7 ) / 8;
/* [Curve25519] page 5 */ /* [Curve25519] page 5 */
do { do {
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_bytes, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_bytes, f_rng, p_rng ) );
} while( mbedtls_mpi_bitlen( d ) == 0); } while( mbedtls_mpi_bitlen( d ) == 0);
/* Make sure the most significant bit is n_bits */ /* Make sure the most significant bit is high_bit */
b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */ b = mbedtls_mpi_bitlen( d ) - 1; /* position of the highest bit in d */
if( b > n_bits ) if( b > high_bit )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - n_bits ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - high_bit ) );
else else
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, n_bits, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) );
/* Make sure the last two bits are unset for Curve448, three bits for /* Make sure the last two bits are unset for Curve448, three bits for
Curve25519 */ Curve25519 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
if( n_bits == 254 ) if( high_bit == 254 )
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
} }

View file

@ -57,7 +57,7 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
* \note - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf * \note - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
* - [RFC7748] https://tools.ietf.org/html/rfc7748 * - [RFC7748] https://tools.ietf.org/html/rfc7748
* *
* \p n_bits The position of the high-order bit of the key to generate. * \p high_bit The position of the high-order bit of the key to generate.
* This is the bit-size of the key minus 1: * This is the bit-size of the key minus 1:
* 254 for Curve25519 or 447 for Curve448. * 254 for Curve25519 or 447 for Curve448.
* \param d The randomly generated key. This is a number of size * \param d The randomly generated key. This is a number of size