From f049dbfe94ec03fd0981a5db42469b96f39b94a6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 18 Jul 2022 23:02:33 +0200 Subject: [PATCH 01/64] Add the new modulus and the residue structures Signed-off-by: Gabor Mezei --- library/bignum_mod.h | 68 +++++++++++++++++++++ library/bignum_new.c | 138 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 206 insertions(+) create mode 100644 library/bignum_mod.h create mode 100644 library/bignum_new.c diff --git a/library/bignum_mod.h b/library/bignum_mod.h new file mode 100644 index 000000000..378c58dd4 --- /dev/null +++ b/library/bignum_mod.h @@ -0,0 +1,68 @@ +/** + * Internal bignum functions + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_BIGNUM_MOD_H +#define MBEDTLS_BIGNUM_MOD_H + +#include "common.h" + +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + + +typedef struct +{ + size_t n; + mbedtls_mpi_uint *p; +} mbedtls_mpi_mod_residue; + +typedef void* mbedtls_mpi_mont_struct; +typedef void* mbedtls_mpi_opt_red_struct; + +typedef struct { + mbedtls_mpi_uint *p; + size_t n; // number of limbs + size_t plen; // bitlen of p + int ext_rep; // signals external representation (eg. byte order) + int int_rep; // selector to signal the active member of the union + union rep + { + mbedtls_mpi_mont_struct mont; + mbedtls_mpi_opt_red_struct ored; + } rep; +} mbedtls_mpi_mod_modulus; + +void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); + +int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, + mbedtls_mpi_mod_modulus *m, + mbedtls_mpi_uint *p ); + +void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); + +void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); + +int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, + mbedtls_mpi_uint *p, + size_t n, + int ext_rep, + int int_rep ); + +#endif /* MBEDTLS_BIGNUM_MOD_H */ diff --git a/library/bignum_new.c b/library/bignum_new.c new file mode 100644 index 000000000..32928610a --- /dev/null +++ b/library/bignum_new.c @@ -0,0 +1,138 @@ +/** + * Internal bignum functions + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_BIGNUM_C) + +#include "mbedtls/error.h" +#include "mbedtls/bignum.h" +#include "bignum_mod.h" + +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) + +/* + * Count leading zero bits in a given integer + */ +static size_t mpi_clz( const mbedtls_mpi_uint x ) +{ + size_t j; + mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); + + for( j = 0; j < biL; j++ ) + { + if( x & mask ) break; + + mask >>= 1; + } + + return j; +} + +/* + * Return the number of bits + */ +static size_t mpi_bitlen( const mbedtls_mpi_uint *X, size_t nx ) +{ + size_t i, j; + + if( nx == 0 ) + return( 0 ); + + for( i = nx - 1; i > 0; i-- ) + if( X[i] != 0 ) + break; + + j = biL - mpi_clz( X[i] ); + + return( ( i * biL ) + j ); +} + +void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) +{ + if ( r == NULL ) + return; + + r->n = 0; + r->p = NULL; +} + +int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, + mbedtls_mpi_mod_modulus *m, + mbedtls_mpi_uint *X ) +{ + if( X == NULL || m == NULL || r == NULL || X >= m->p) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + r->n = m->n; + r->p = X; + + return( 0 ); +} + +void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ) +{ + if ( m == NULL ) + return; + + m->rep.mont = 0; +} + +void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) +{ + if ( m == NULL ) + return; + + m->p = NULL; + m->n = 0; + m->plen = 0; + m->ext_rep = 0; + m->int_rep = 0; + m->rep.mont = NULL; + m->rep.ored = NULL; +} + +int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, + mbedtls_mpi_uint *X, + size_t nx, + int ext_rep, + int int_rep ) +{ + if ( X == NULL || m == NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + m->p = X; + m->n = nx; + m->ext_rep = ext_rep; + m->int_rep = int_rep; + m->plen = mpi_bitlen( X, nx ); + + return( 0 ); +} + +#endif /* MBEDTLS_BIGNUM_C */ From 0c655572dca647e87a5df6dfda0f02a0c81f0c89 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 18 Jul 2022 23:08:26 +0200 Subject: [PATCH 02/64] Build the new bignum_new.c file Signed-off-by: Gabor Mezei --- include/mbedtls/mbedtls_config.h | 2 +- library/CMakeLists.txt | 1 + library/Makefile | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e96a79733..97ad17894 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2009,7 +2009,7 @@ * * Enable the multi-precision integer library. * - * Module: library/bignum.c + * Module: library/bignum.c, library/bignum_new.c * Caller: library/dhm.c * library/ecp.c * library/ecdsa.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index ed58a9e0d..19ba315cf 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -18,6 +18,7 @@ set(src_crypto asn1write.c base64.c bignum.c + bignum_new.c camellia.c ccm.c chacha20.c diff --git a/library/Makefile b/library/Makefile index 3c4c7ea5e..ac8f3318b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -83,6 +83,7 @@ OBJS_CRYPTO= \ asn1write.o \ base64.o \ bignum.o \ + bignum_new.o \ camellia.o \ ccm.o \ chacha20.o \ From b903070cec557f7e88d16652b17969570d6987a1 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 18 Jul 2022 23:09:45 +0200 Subject: [PATCH 03/64] Add a set of I/O functions Signed-off-by: Gabor Mezei --- library/bignum_core.h | 49 ++++++++ library/bignum_new.c | 272 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 321 insertions(+) create mode 100644 library/bignum_core.h diff --git a/library/bignum_core.h b/library/bignum_core.h new file mode 100644 index 000000000..847a57186 --- /dev/null +++ b/library/bignum_core.h @@ -0,0 +1,49 @@ +/** + * Internal bignum functions + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_BIGNUM_CORE_H +#define MBEDTLS_BIGNUM_CORE_H + +#include "common.h" + +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + +int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, + size_t nx, + const unsigned char *buf, + size_t buflen ); + +int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, + size_t nx, + const unsigned char *buf, + size_t buflen ); + +int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, + size_t nx, + unsigned char *buf, + size_t buflen ); + +int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, + size_t nx, + unsigned char *buf, + size_t buflen ); + +#endif /* MBEDTLS_BIGNUM_CORE_H */ diff --git a/library/bignum_new.c b/library/bignum_new.c index 32928610a..977b5d744 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -21,10 +21,19 @@ #if defined(MBEDTLS_BIGNUM_C) +#include + +#include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "mbedtls/bignum.h" +#include "bignum_core.h" #include "bignum_mod.h" +#define MPI_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) +#define MPI_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -73,6 +82,10 @@ static size_t mpi_bitlen( const mbedtls_mpi_uint *X, size_t nx ) return( ( i * biL ) + j ); } +/* Get a specific byte, without range checks. */ +#define GET_BYTE( X, i ) \ + ( ( ( X )[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) + void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) { if ( r == NULL ) @@ -135,4 +148,263 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, return( 0 ); } +/* Check X to have at least n limbs and set it to 0. */ +static int mpi_core_clear( mbedtls_mpi_uint *X, + size_t nx, + size_t limbs ) +{ + if( X == NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + else if( nx < limbs ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + + else + { + memset( X, 0, nx * ciL ); + return( 0 ); + } +} + +/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint + * into the storage form used by mbedtls_mpi. */ + +static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint x ) +{ + uint8_t i; + unsigned char *x_ptr; + mbedtls_mpi_uint tmp = 0; + + for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) + { + tmp <<= CHAR_BIT; + tmp |= (mbedtls_mpi_uint) *x_ptr; + } + + return( tmp ); +} + +static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) +{ +#if defined(__BYTE_ORDER__) + +/* Nothing to do on bigendian systems. */ +#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) + return( x ); +#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ + +#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) + +/* For GCC and Clang, have builtins for byte swapping. */ +#if defined(__GNUC__) && defined(__GNUC_PREREQ) +#if __GNUC_PREREQ(4,3) +#define have_bswap +#endif +#endif + +#if defined(__clang__) && defined(__has_builtin) +#if __has_builtin(__builtin_bswap32) && \ + __has_builtin(__builtin_bswap64) +#define have_bswap +#endif +#endif + +#if defined(have_bswap) + /* The compiler is hopefully able to statically evaluate this! */ + switch( sizeof(mbedtls_mpi_uint) ) + { + case 4: + return( __builtin_bswap32(x) ); + case 8: + return( __builtin_bswap64(x) ); + } +#endif +#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ +#endif /* __BYTE_ORDER__ */ + + /* Fall back to C-based reordering if we don't know the byte order + * or we couldn't use a compiler-specific builtin. */ + return( mpi_bigendian_to_host_c( x ) ); +} + +static void mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, + size_t limbs ) +{ + mbedtls_mpi_uint *cur_limb_left; + mbedtls_mpi_uint *cur_limb_right; + if( limbs == 0 ) + return; + + /* + * Traverse limbs and + * - adapt byte-order in each limb + * - swap the limbs themselves. + * For that, simultaneously traverse the limbs from left to right + * and from right to left, as long as the left index is not bigger + * than the right index (it's not a problem if limbs is odd and the + * indices coincide in the last iteration). + */ + for( cur_limb_left = X, cur_limb_right = X + ( limbs - 1 ); + cur_limb_left <= cur_limb_right; + cur_limb_left++, cur_limb_right-- ) + { + mbedtls_mpi_uint tmp; + /* Note that if cur_limb_left == cur_limb_right, + * this code effectively swaps the bytes only once. */ + tmp = mpi_bigendian_to_host( *cur_limb_left ); + *cur_limb_left = mpi_bigendian_to_host( *cur_limb_right ); + *cur_limb_right = tmp; + } +} + +/* + * Import X from unsigned binary data, little endian + * + * This function is guaranteed to return an MPI with at least the necessary + * number of limbs (in particular, it does not skip 0s in the input). + */ +int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, + size_t nx, + const unsigned char *buf, + size_t buflen ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i; + size_t const limbs = CHARS_TO_LIMBS( buflen ); + + /* Ensure that target MPI has at least the necessary number of limbs */ + MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); + + for( i = 0; i < buflen; i++ ) + X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); + +cleanup: + return( ret ); +} + +/* + * Import X from unsigned binary data, big endian + * + * This function is guaranteed to return an MPI with exactly the necessary + * number of limbs (in particular, it does not skip 0s in the input). + */ +int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, + size_t nx, + const unsigned char *buf, + size_t buflen ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t const limbs = CHARS_TO_LIMBS( buflen ); + size_t const overhead = ( limbs * ciL ) - buflen; + unsigned char *Xp; + + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + + /* Ensure that target MPI has at least the necessary number of limbs */ + MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); + + /* Avoid calling `memcpy` with NULL source or destination argument, + * even if buflen is 0. */ + if( buflen != 0 ) + { + Xp = (unsigned char*) X; + memcpy( Xp + overhead, buf, buflen ); + + mpi_core_bigendian_to_host( X, nx ); + } + +cleanup: + return( ret ); +} + +/* + * Export X into unsigned binary data, little endian + */ +int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, + size_t nx, + unsigned char *buf, + size_t buflen ) +{ + size_t stored_bytes = nx * ciL; + size_t bytes_to_copy; + size_t i; + + if( stored_bytes < buflen ) + { + bytes_to_copy = stored_bytes; + } + else + { + bytes_to_copy = buflen; + + /* The output buffer is smaller than the allocated size of X. + * However X may fit if its leading bytes are zero. */ + for( i = bytes_to_copy; i < stored_bytes; i++ ) + { + if( GET_BYTE( X, i ) != 0 ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + } + } + + for( i = 0; i < bytes_to_copy; i++ ) + buf[i] = GET_BYTE( X, i ); + + if( stored_bytes < buflen ) + { + /* Write trailing 0 bytes */ + memset( buf + stored_bytes, 0, buflen - stored_bytes ); + } + + return( 0 ); +} + +/* + * Export X into unsigned binary data, big endian + */ +int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, + size_t nx, + unsigned char *buf, + size_t buflen ) +{ + size_t stored_bytes; + size_t bytes_to_copy; + unsigned char *p; + size_t i; + + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + + stored_bytes = nx * ciL; + + if( stored_bytes < buflen ) + { + /* There is enough space in the output buffer. Write initial + * null bytes and record the position at which to start + * writing the significant bytes. In this case, the execution + * trace of this function does not depend on the value of the + * number. */ + bytes_to_copy = stored_bytes; + p = buf + buflen - stored_bytes; + memset( buf, 0, buflen - stored_bytes ); + } + else + { + /* The output buffer is smaller than the allocated size of X. + * However X may fit if its leading bytes are zero. */ + bytes_to_copy = buflen; + p = buf; + for( i = bytes_to_copy; i < stored_bytes; i++ ) + { + if( GET_BYTE( X, i ) != 0 ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + } + } + + for( i = 0; i < bytes_to_copy; i++ ) + p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); + + return( 0 ); +} + #endif /* MBEDTLS_BIGNUM_C */ From c5328cf9a67e88c05cd2319afe3f2a201f07920c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 18 Jul 2022 23:13:13 +0200 Subject: [PATCH 04/64] Add a set of I/O functions for the modulus structure Signed-off-by: Gabor Mezei --- library/bignum_mod.h | 10 ++++++++++ library/bignum_mod_raw.h | 39 +++++++++++++++++++++++++++++++++++++++ library/bignum_new.c | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 library/bignum_mod_raw.h diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 378c58dd4..62ecf2b0d 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -49,6 +49,16 @@ typedef struct { } rep; } mbedtls_mpi_mod_modulus; +typedef enum +{ + MBEDTLS_MPI_MOD_REP_INVALID = 0, + MBEDTLS_MPI_MOD_REP_MONTGOMERY, + MBEDTLS_MPI_MOD_REP_OPT_RED +} mbedtls_mpi_mod_rep_selector; + +#define MBEDTLS_MI_MOD_EXT_REP_LE 0x1 +#define MBEDTLS_MI_MOD_EXT_REP_BE 0x2 + void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h new file mode 100644 index 000000000..8a202baa9 --- /dev/null +++ b/library/bignum_mod_raw.h @@ -0,0 +1,39 @@ +/** + * Internal bignum functions + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_BIGNUM_CORE_H +#define MBEDTLS_BIGNUM_CORE_H + +#include "common.h" + +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + +int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ); + +int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ); + +#endif /* MBEDTLS_BIGNUM_CORE_H */ diff --git a/library/bignum_new.c b/library/bignum_new.c index 977b5d744..976301d91 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -28,6 +28,7 @@ #include "mbedtls/bignum.h" #include "bignum_core.h" #include "bignum_mod.h" +#include "bignum_mod_raw.h" #define MPI_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) @@ -407,4 +408,38 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, return( 0 ); } +int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ) +{ + if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_LE ) + return mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); + + else if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_BE ) + return mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); + + else + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + return( 0 ); +} + +int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ) +{ + if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_LE ) + return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); + + else if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_BE ) + return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); + + else + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + return( 0 ); +} + #endif /* MBEDTLS_BIGNUM_C */ From 5005edb36cd2a51d86cfec72c8568121897aa5d1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 19 Jul 2022 12:45:13 +0100 Subject: [PATCH 05/64] Fix typos Signed-off-by: Janos Follath --- library/bignum_mod.h | 6 +++--- library/bignum_mod_raw.h | 6 +++--- library/bignum_new.c | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 62ecf2b0d..7eac1df1c 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -56,8 +56,8 @@ typedef enum MBEDTLS_MPI_MOD_REP_OPT_RED } mbedtls_mpi_mod_rep_selector; -#define MBEDTLS_MI_MOD_EXT_REP_LE 0x1 -#define MBEDTLS_MI_MOD_EXT_REP_BE 0x2 +#define MBEDTLS_MPI_MOD_EXT_REP_LE 0x1 +#define MBEDTLS_MPI_MOD_EXT_REP_BE 0x2 void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); @@ -67,7 +67,7 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); -void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); +void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 8a202baa9..21743e0d0 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -17,8 +17,8 @@ * limitations under the License. */ -#ifndef MBEDTLS_BIGNUM_CORE_H -#define MBEDTLS_BIGNUM_CORE_H +#ifndef MBEDTLS_BIGNUM_MOD_RAW_H +#define MBEDTLS_BIGNUM_MOD_RAW_H #include "common.h" @@ -36,4 +36,4 @@ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, unsigned char *buf, size_t buflen ); -#endif /* MBEDTLS_BIGNUM_CORE_H */ +#endif /* MBEDTLS_BIGNUM_MOD_RAW_H */ diff --git a/library/bignum_new.c b/library/bignum_new.c index 976301d91..b6a806ecb 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -413,10 +413,10 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, unsigned char *buf, size_t buflen ) { - if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_LE ) + if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_LE ) return mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); - else if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_BE ) + else if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_BE ) return mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); else @@ -430,10 +430,10 @@ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, unsigned char *buf, size_t buflen ) { - if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_LE ) + if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_LE ) return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); - else if( m->ext_rep & MBEDTLS_MI_MOD_EXT_REP_BE ) + else if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_BE ) return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); else From 281ccda8a549bb75c2786f9d872427a5e466fc21 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 19 Jul 2022 13:14:36 +0100 Subject: [PATCH 06/64] Clean up mpi_mod_init/free Signed-off-by: Janos Follath --- library/bignum_mod.h | 8 ++++++-- library/bignum_new.c | 12 +++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 7eac1df1c..432cd0070 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -56,8 +56,12 @@ typedef enum MBEDTLS_MPI_MOD_REP_OPT_RED } mbedtls_mpi_mod_rep_selector; -#define MBEDTLS_MPI_MOD_EXT_REP_LE 0x1 -#define MBEDTLS_MPI_MOD_EXT_REP_BE 0x2 +typedef enum +{ + MBEDTLS_MPI_MOD_EXT_REP_INVALID = 0, + MBEDTLS_MPI_MOD_EXT_REP_LE, + MBEDTLS_MPI_MOD_EXT_REP_BE +} mbedtls_mpi_mod_ext_rep; void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); diff --git a/library/bignum_new.c b/library/bignum_new.c index b6a806ecb..5f10eadcd 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -114,7 +114,11 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ) if ( m == NULL ) return; - m->rep.mont = 0; + m->p = NULL; + m->n = 0; + m->plen = 0; + m->ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; + m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID; } void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) @@ -125,10 +129,8 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) m->p = NULL; m->n = 0; m->plen = 0; - m->ext_rep = 0; - m->int_rep = 0; - m->rep.mont = NULL; - m->rep.ored = NULL; + m->ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; + m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID; } int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, From ba5c139e4ccdbcf0d3672f5851010874fef4fca2 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 19 Jul 2022 13:42:07 +0100 Subject: [PATCH 07/64] Add more validation to modulus life cycle Signed-off-by: Janos Follath --- library/bignum_new.c | 56 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 3 deletions(-) diff --git a/library/bignum_new.c b/library/bignum_new.c index 5f10eadcd..1c5cb8ca1 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -30,6 +30,16 @@ #include "bignum_mod.h" #include "bignum_mod_raw.h" +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_printf printf +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + #define MPI_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) #define MPI_VALIDATE( cond ) \ @@ -126,6 +136,16 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) if ( m == NULL ) return; + switch( m->int_rep ) + { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + mbedtls_free( m->rep.mont ); break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + mbedtls_free( m->rep.mont ); break; + default: + break; + } + m->p = NULL; m->n = 0; m->plen = 0; @@ -139,16 +159,46 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, int ext_rep, int int_rep ) { + int ret = 0; + if ( X == NULL || m == NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); m->p = X; m->n = nx; - m->ext_rep = ext_rep; - m->int_rep = int_rep; m->plen = mpi_bitlen( X, nx ); - return( 0 ); + switch( ext_rep ) + { + case MBEDTLS_MPI_MOD_EXT_REP_LE: + case MBEDTLS_MPI_MOD_EXT_REP_BE: + m->ext_rep = ext_rep; break; + default: + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto exit; + } + + switch( int_rep ) + { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + m->int_rep = int_rep; + m->rep.mont = NULL; break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + m->int_rep = int_rep; + m->rep.ored = NULL; break; + default: + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto exit; + } + +exit: + + if( ret != 0 ) + { + mbedtls_mpi_mod_modulus_free( m ); + } + + return( ret ); } /* Check X to have at least n limbs and set it to 0. */ From f1d617deb8a72b697706328571136b0edd271507 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 21 Jul 2022 09:29:32 +0100 Subject: [PATCH 08/64] Add tests for big endian core I/O The test case where there were extra limbs in the MPI failed and this commit contains the corresponding fix as well. (We used to use the minimum required limbs instead of the actual limbs present.) Signed-off-by: Janos Follath --- library/bignum_new.c | 6 ++- tests/suites/test_suite_mpi.data | 57 +++++++++++++++++++++++++ tests/suites/test_suite_mpi.function | 62 ++++++++++++++++++++++++++++ 3 files changed, 123 insertions(+), 2 deletions(-) diff --git a/library/bignum_new.c b/library/bignum_new.c index 1c5cb8ca1..b01f742df 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -347,8 +347,8 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, size_t buflen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - size_t const overhead = ( limbs * ciL ) - buflen; + size_t const limbs = CHARS_TO_LIMBS( buflen ); + size_t overhead; unsigned char *Xp; MPI_VALIDATE_RET( X != NULL ); @@ -357,6 +357,8 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, /* Ensure that target MPI has at least the necessary number of limbs */ MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); + overhead = ( nx * ciL ) - buflen; + /* Avoid calling `memcpy` with NULL source or destination argument, * even if buflen is 0. */ if( buflen != 0 ) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index f29dcabd4..544149318 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -82,6 +82,63 @@ mpi_read_write_string:16:"":2:"0":4:0:0 Test mpi_write_string #10 (Negative hex with odd number of digits) mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_core_io_be #1 (Buffer and limbs just fit, input limb-aligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:0:0 + +Test mbedtls_mpi_core_io_be #2 (Buffer and limbs just fit, input unaligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:0:0 + +Test mbedtls_mpi_core_io_be #3 (Buffer just fits, extra limbs, input limb-aligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:0:0 + +Test mbedtls_mpi_core_io_be #4 (Buffer just fits, extra limbs, input unaligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:0:0 + +Test mbedtls_mpi_core_io_be #5 (Extra limbs, buffer aligned to extra limbs, input limb-aligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:0:0 + +Test mbedtls_mpi_core_io_be #6 (Extra limbs, buffer aligned to extra limbs, input unaligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:0:0 + +Test mbedtls_mpi_core_io_be #7 (Buffer and limbs just fit, input limb-aligned with leading zeroes) +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:12:0:0 + +Test mbedtls_mpi_core_io_be #8 (Buffer and limbs just fit, input unaligned with leading zeroes) +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:12:0:0 + +Test mbedtls_mpi_core_io_be #9 (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:14:0:0 + +Test mbedtls_mpi_core_io_be #10 (Buffer just fits, extra limbs, input unaligned with leading zeroes) +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:14:0:0 + +Test mbedtls_mpi_core_io_be #11 (Zero) +mbedtls_mpi_core_io_be:"00":1:1:0:0 + +Test mbedtls_mpi_core_io_be #12 (Zero, empty output) +mbedtls_mpi_core_io_be:"00":0:1:0:0 + +Test mbedtls_mpi_core_io_be #13 (Zero, empty input) +mbedtls_mpi_core_io_be:"":1:1:0:0 + +Test mbedtls_mpi_core_io_be #14 (One) +mbedtls_mpi_core_io_be:"01":1:1:0:0 + +Test mbedtls_mpi_core_io_be #14 (One limb) +mbedtls_mpi_core_io_be:"ff00000000000000":8:1:0:0 + +Test mbedtls_mpi_core_io_be #15 (not enough limbs, input limb-aligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_core_io_be #16 (not enough limbs, input unaligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_core_io_be #17 (buffer too small, input limb-aligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_core_io_be #18 (buffer too small, input unaligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + Base test mbedtls_mpi_read_binary #1 mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424" diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 2694a44b6..c3e9572f5 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/bignum.h" #include "mbedtls/entropy.h" +#include "bignum_core.h" #if MBEDTLS_MPI_MAX_BITS > 792 #define MPI_MAX_BITS_LARGER_THAN_792 @@ -196,6 +197,67 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_64_int, int iret, + int oret ) +{ + #define BMAX 1024 + unsigned char buf[BMAX]; + #define XMAX BMAX / sizeof( mbedtls_mpi_uint ) + mbedtls_mpi_uint X[XMAX]; + size_t nx, nb; + int ret; + + if( iret != 0 ) + TEST_ASSERT( oret == 0 ); + + TEST_ASSERT( 0 <= nb_int ); + nb = nb_int; + TEST_ASSERT( nb <= BMAX ); + + TEST_ASSERT( 0 <= nx_64_int ); + nx = nx_64_int; + /* nx_64_int is the number of 64 bit limbs, if we have 32 bit limbs we need + * to double the number of limbs to have the same size. */ + if( sizeof( mbedtls_mpi_uint ) == 4 ) + nx *= 2; + TEST_ASSERT( nx <= XMAX ); + + ret = mbedtls_mpi_core_read_be( X, nx, input->x, input->len ); + TEST_ASSERT( ret == iret ); + + if( iret == 0 ) + { + ret = mbedtls_mpi_core_write_be( X, nx, buf, nb ); + TEST_ASSERT( ret == oret ); + } + + if( ( iret == 0 ) && ( oret == 0 ) ) + { + if( nb > input->len ) + { + size_t leading_zeroes = nb - input->len; + TEST_ASSERT( memcmp( buf + nb - input->len, input->x, input->len ) == 0 ); + for( size_t i = 0; i < leading_zeroes; i++ ) + TEST_ASSERT( buf[i] == 0 ); + } + else + { + size_t leading_zeroes = input->len - nb; + TEST_ASSERT( memcmp( input->x + input->len - nb, buf, nb ) == 0 ); + for( size_t i = 0; i < leading_zeroes; i++ ) + TEST_ASSERT( input->x[i] == 0 ); + } + } + +exit: + ; + + #undef BMAX + #undef XMAX +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_mpi_read_binary_le( data_t * buf, char * input_A ) { From 6ff3536de50907b71f77d2d6e46e4a30bc598e02 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 21 Jul 2022 15:27:21 +0100 Subject: [PATCH 09/64] Add tests for little endian core I/O Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.data | 57 +++++++++++++++++++++++++++ tests/suites/test_suite_mpi.function | 59 ++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 544149318..30447a6a3 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -139,6 +139,63 @@ mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66 Test mbedtls_mpi_core_io_be #18 (buffer too small, input unaligned) mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_core_io_le #1 (Buffer and limbs just fit, input limb-aligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:0:0 + +Test mbedtls_mpi_core_io_le #2 (Buffer and limbs just fit, input unaligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:0:0 + +Test mbedtls_mpi_core_io_le #3 (Buffer just fits, extra limbs, input limb-aligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:0:0 + +Test mbedtls_mpi_core_io_le #4 (Buffer just fits, extra limbs, input unaligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:0:0 + +Test mbedtls_mpi_core_io_le #5 (Extra limbs, buffer aligned to extra limbs, input limb-aligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:0:0 + +Test mbedtls_mpi_core_io_le #6 (Extra limbs, buffer aligned to extra limbs, input unaligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:0:0 + +Test mbedtls_mpi_core_io_le #7 (Buffer and limbs just fit, input limb-aligned with leading zeroes) +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:12:0:0 + +Test mbedtls_mpi_core_io_le #8 (Buffer and limbs just fit, input unaligned with leading zeroes) +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:12:0:0 + +Test mbedtls_mpi_core_io_le #9 (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:14:0:0 + +Test mbedtls_mpi_core_io_le #10 (Buffer just fits, extra limbs, input unaligned with leading zeroes) +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:14:0:0 + +Test mbedtls_mpi_core_io_le #11 (Zero) +mbedtls_mpi_core_io_le:"00":1:1:0:0 + +Test mbedtls_mpi_core_io_le #12 (Zero, empty output) +mbedtls_mpi_core_io_le:"00":0:1:0:0 + +Test mbedtls_mpi_core_io_le #13 (Zero, empty input) +mbedtls_mpi_core_io_le:"":1:1:0:0 + +Test mbedtls_mpi_core_io_le #14 (One) +mbedtls_mpi_core_io_le:"01":1:1:0:0 + +Test mbedtls_mpi_core_io_le #14 (One limb) +mbedtls_mpi_core_io_le:"00000000000000ff":8:1:0:0 + +Test mbedtls_mpi_core_io_le #15 (not enough limbs, input limb-aligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_core_io_le #16 (not enough limbs, input unaligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_core_io_le #17 (buffer too small, input limb-aligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_core_io_le #18 (buffer too small, input unaligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + Base test mbedtls_mpi_read_binary #1 mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424" diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index c3e9572f5..34710c430 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -258,6 +258,65 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_64_int, int iret, + int oret ) +{ + #define BMAX 1024 + unsigned char buf[BMAX]; + #define XMAX BMAX / sizeof( mbedtls_mpi_uint ) + mbedtls_mpi_uint X[XMAX]; + size_t nx, nb; + int ret; + + if( iret != 0 ) + TEST_ASSERT( oret == 0 ); + + TEST_ASSERT( 0 <= nb_int ); + nb = nb_int; + TEST_ASSERT( nb <= BMAX ); + + TEST_ASSERT( 0 <= nx_64_int ); + nx = nx_64_int; + /* nx_64_int is the number of 64 bit limbs, if we have 32 bit limbs we need + * to double the number of limbs to have the same size. */ + if( sizeof( mbedtls_mpi_uint ) == 4 ) + nx *= 2; + TEST_ASSERT( nx <= XMAX ); + + ret = mbedtls_mpi_core_read_le( X, nx, input->x, input->len ); + TEST_ASSERT( ret == iret ); + + if( iret == 0 ) + { + ret = mbedtls_mpi_core_write_le( X, nx, buf, nb ); + TEST_ASSERT( ret == oret ); + } + + if( ( iret == 0 ) && ( oret == 0 ) ) + { + if( nb > input->len ) + { + TEST_ASSERT( memcmp( buf, input->x, input->len ) == 0 ); + for( size_t i = input->len; i < nb; i++ ) + TEST_ASSERT( buf[i] == 0 ); + } + else + { + TEST_ASSERT( memcmp( input->x, buf, nb ) == 0 ); + for( size_t i = nb; i < input->len; i++ ) + TEST_ASSERT( input->x[i] == 0 ); + } + } + +exit: + ; + + #undef BMAX + #undef XMAX +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_mpi_read_binary_le( data_t * buf, char * input_A ) { From 4614b9ad1be3a9a04883afa9d7b582914f7d6341 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 21 Jul 2022 15:34:47 +0100 Subject: [PATCH 10/64] Move Bignum macros to common header Signed-off-by: Janos Follath --- library/bignum.c | 17 +---------------- library/bignum_core.h | 16 ++++++++++++++++ library/bignum_new.c | 16 ---------------- 3 files changed, 17 insertions(+), 32 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 55325b4c2..870365dd6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -39,6 +39,7 @@ #include "mbedtls/bignum.h" #include "bignum_internal.h" +#include "bignum_core.h" #include "bn_mul.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -57,24 +58,8 @@ #define mbedtls_free free #endif -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) -#define MPI_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ - #define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { diff --git a/library/bignum_core.h b/library/bignum_core.h index 847a57186..8f48debe2 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -26,6 +26,22 @@ #include "mbedtls/bignum.h" #endif +#define MPI_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) +#define MPI_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) + int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, size_t nx, const unsigned char *buf, diff --git a/library/bignum_new.c b/library/bignum_new.c index b01f742df..e60d42892 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -40,22 +40,6 @@ #define mbedtls_free free #endif -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) -#define MPI_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ - -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - /* * Count leading zero bits in a given integer */ From 4670f8899135837b17cbaf2255b7f8614b9cd9ba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 21 Jul 2022 18:25:42 +0100 Subject: [PATCH 11/64] Reuse Bignum helper functions Signed-off-by: Janos Follath --- library/bignum.c | 128 ++---------------------------------------- library/bignum_core.h | 7 +++ library/bignum_new.c | 14 ++--- 3 files changed, 18 insertions(+), 131 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 870365dd6..a238f8ce8 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -337,41 +337,12 @@ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ) return( 0 ); } -/* - * Count leading zero bits in a given integer - */ -static size_t mbedtls_clz( const mbedtls_mpi_uint x ) -{ - size_t j; - mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); - - for( j = 0; j < biL; j++ ) - { - if( x & mask ) break; - - mask >>= 1; - } - - return j; -} - /* * Return the number of bits */ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ) { - size_t i, j; - - if( X->n == 0 ) - return( 0 ); - - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) - break; - - j = biL - mbedtls_clz( X->p[i] ); - - return( ( i * biL ) + j ); + return mbedtls_mpi_core_bitlen( X->p, X->n ); } /* @@ -678,97 +649,6 @@ cleanup: } #endif /* MBEDTLS_FS_IO */ - -/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint - * into the storage form used by mbedtls_mpi. */ - -static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x ) -{ - uint8_t i; - unsigned char *x_ptr; - mbedtls_mpi_uint tmp = 0; - - for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) - { - tmp <<= CHAR_BIT; - tmp |= (mbedtls_mpi_uint) *x_ptr; - } - - return( tmp ); -} - -static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) -{ -#if defined(__BYTE_ORDER__) - -/* Nothing to do on bigendian systems. */ -#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) - return( x ); -#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ - -#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) - -/* For GCC and Clang, have builtins for byte swapping. */ -#if defined(__GNUC__) && defined(__GNUC_PREREQ) -#if __GNUC_PREREQ(4,3) -#define have_bswap -#endif -#endif - -#if defined(__clang__) && defined(__has_builtin) -#if __has_builtin(__builtin_bswap32) && \ - __has_builtin(__builtin_bswap64) -#define have_bswap -#endif -#endif - -#if defined(have_bswap) - /* The compiler is hopefully able to statically evaluate this! */ - switch( sizeof(mbedtls_mpi_uint) ) - { - case 4: - return( __builtin_bswap32(x) ); - case 8: - return( __builtin_bswap64(x) ); - } -#endif -#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ -#endif /* __BYTE_ORDER__ */ - - /* Fall back to C-based reordering if we don't know the byte order - * or we couldn't use a compiler-specific builtin. */ - return( mpi_uint_bigendian_to_host_c( x ) ); -} - -static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) -{ - mbedtls_mpi_uint *cur_limb_left; - mbedtls_mpi_uint *cur_limb_right; - if( limbs == 0 ) - return; - - /* - * Traverse limbs and - * - adapt byte-order in each limb - * - swap the limbs themselves. - * For that, simultaneously traverse the limbs from left to right - * and from right to left, as long as the left index is not bigger - * than the right index (it's not a problem if limbs is odd and the - * indices coincide in the last iteration). - */ - for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 ); - cur_limb_left <= cur_limb_right; - cur_limb_left++, cur_limb_right-- ) - { - mbedtls_mpi_uint tmp; - /* Note that if cur_limb_left == cur_limb_right, - * this code effectively swaps the bytes only once. */ - tmp = mpi_uint_bigendian_to_host( *cur_limb_left ); - *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right ); - *cur_limb_right = tmp; - } -} - /* * Import X from unsigned binary data, little endian * @@ -824,7 +704,7 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu Xp = (unsigned char*) X->p; memcpy( Xp + overhead, buf, buflen ); - mpi_bigendian_to_host( X->p, limbs ); + mbedtls_mpi_core_bigendian_to_host( X->p, limbs ); } cleanup: @@ -1530,7 +1410,7 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Normalize the divisor, d, and dividend, u0, u1 */ - s = mbedtls_clz( d ); + s = mbedtls_mpi_core_clz( d ); d = d << s; u1 = u1 << s; @@ -2319,7 +2199,7 @@ static int mpi_fill_random_internal( memset( X->p, 0, overhead ); memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL ); MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) ); - mpi_bigendian_to_host( X->p, limbs ); + mbedtls_mpi_core_bigendian_to_host( X->p, limbs ); cleanup: return( ret ); diff --git a/library/bignum_core.h b/library/bignum_core.h index 8f48debe2..376a267de 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -42,6 +42,13 @@ #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ); + +size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ); + +void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, + size_t limbs ); + int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, size_t nx, const unsigned char *buf, diff --git a/library/bignum_new.c b/library/bignum_new.c index e60d42892..6cbc8678c 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -43,7 +43,7 @@ /* * Count leading zero bits in a given integer */ -static size_t mpi_clz( const mbedtls_mpi_uint x ) +size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) { size_t j; mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); @@ -61,7 +61,7 @@ static size_t mpi_clz( const mbedtls_mpi_uint x ) /* * Return the number of bits */ -static size_t mpi_bitlen( const mbedtls_mpi_uint *X, size_t nx ) +size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) { size_t i, j; @@ -72,7 +72,7 @@ static size_t mpi_bitlen( const mbedtls_mpi_uint *X, size_t nx ) if( X[i] != 0 ) break; - j = biL - mpi_clz( X[i] ); + j = biL - mbedtls_mpi_core_clz( X[i] ); return( ( i * biL ) + j ); } @@ -150,7 +150,7 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, m->p = X; m->n = nx; - m->plen = mpi_bitlen( X, nx ); + m->plen = mbedtls_mpi_core_bitlen( X, nx ); switch( ext_rep ) { @@ -264,8 +264,8 @@ static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) return( mpi_bigendian_to_host_c( x ) ); } -static void mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, - size_t limbs ) +void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, + size_t limbs ) { mbedtls_mpi_uint *cur_limb_left; mbedtls_mpi_uint *cur_limb_right; @@ -350,7 +350,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, Xp = (unsigned char*) X; memcpy( Xp + overhead, buf, buflen ); - mpi_core_bigendian_to_host( X, nx ); + mbedtls_mpi_core_bigendian_to_host( X, nx ); } cleanup: From 91dc67d31ca12b1ac2bbfdbfd4a55059713497f9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 22 Jul 2022 14:24:58 +0100 Subject: [PATCH 12/64] Allow (NULL, 0) as a representation of 0 - We don't check for NULL pointers this deep in the library - Accessing a NULL pointer when the limb number is 0 as a mistake is the very similar to any other out of bounds access - We could potentially mandate at least 1 limb representation for 0 but we either would need to enforce it or the implementation would be less robust. - Allowing zero limb representation - (NULL, 0) in particular - for zero is present in the legacy interface, if we disallow it, the compatibility code will need to deal with this (more code size and opportunities for mistakes) In summary, interpreting (NULL, 0) as the number zero in the core interface is the least of the two evils. Signed-off-by: Janos Follath --- library/bignum_new.c | 12 ++++------- tests/suites/test_suite_mpi.data | 3 +++ tests/suites/test_suite_mpi.function | 31 ++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 8 deletions(-) diff --git a/library/bignum_new.c b/library/bignum_new.c index 6cbc8678c..04f604923 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -190,17 +190,13 @@ static int mpi_core_clear( mbedtls_mpi_uint *X, size_t nx, size_t limbs ) { - if( X == NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - else if( nx < limbs ) + if( nx < limbs ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - else - { + if( X != NULL ) memset( X, 0, nx * ciL ); - return( 0 ); - } + + return( 0 ); } /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 30447a6a3..1974e3fc3 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -82,6 +82,9 @@ mpi_read_write_string:16:"":2:"0":4:0:0 Test mpi_write_string #10 (Negative hex with odd number of digits) mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_core_io functions with null pointers +mbedtls_mpi_core_io_null + Test mbedtls_mpi_core_io_be #1 (Buffer and limbs just fit, input limb-aligned) mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 34710c430..b0d947c9d 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -197,6 +197,37 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_core_io_null() +{ + mbedtls_mpi_uint X = 0; + int ret; + + ret = mbedtls_mpi_core_read_be( &X, 1, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + ret = mbedtls_mpi_core_write_be( &X, 1, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_mpi_core_read_be( NULL, 0, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + ret = mbedtls_mpi_core_write_be( NULL, 0, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_mpi_core_read_le( &X, 1, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + ret = mbedtls_mpi_core_write_le( &X, 1, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + + ret = mbedtls_mpi_core_read_le( NULL, 0, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + ret = mbedtls_mpi_core_write_le( NULL, 0, NULL, 0 ); + TEST_ASSERT( ret == 0 ); + +exit: + ; +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_64_int, int iret, int oret ) From 5f016650d72f448fcf77df7d04bea657025631b4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 22 Jul 2022 16:18:41 +0100 Subject: [PATCH 13/64] Reuse Bignum core I/O functions Signed-off-by: Janos Follath --- library/bignum.c | 89 +++--------------------------------------------- 1 file changed, 5 insertions(+), 84 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index a238f8ce8..391ff8776 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -659,14 +659,12 @@ int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; size_t const limbs = CHARS_TO_LIMBS( buflen ); /* Ensure that target MPI has exactly the necessary number of limbs */ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) ); - for( i = 0; i < buflen; i++ ) - X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); + MBEDTLS_MPI_CHK( mbedtls_mpi_core_read_le( X->p, X->n, buf, buflen ) ); cleanup: @@ -687,9 +685,7 @@ cleanup: int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - size_t const overhead = ( limbs * ciL ) - buflen; - unsigned char *Xp; + size_t const limbs = CHARS_TO_LIMBS( buflen ); MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); @@ -697,15 +693,7 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu /* Ensure that target MPI has exactly the necessary number of limbs */ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) ); - /* Avoid calling `memcpy` with NULL source or destination argument, - * even if buflen is 0. */ - if( buflen != 0 ) - { - Xp = (unsigned char*) X->p; - memcpy( Xp + overhead, buf, buflen ); - - mbedtls_mpi_core_bigendian_to_host( X->p, limbs ); - } + MBEDTLS_MPI_CHK( mbedtls_mpi_core_read_be( X->p, X->n, buf, buflen ) ); cleanup: @@ -723,37 +711,7 @@ cleanup: int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, unsigned char *buf, size_t buflen ) { - size_t stored_bytes = X->n * ciL; - size_t bytes_to_copy; - size_t i; - - if( stored_bytes < buflen ) - { - bytes_to_copy = stored_bytes; - } - else - { - bytes_to_copy = buflen; - - /* The output buffer is smaller than the allocated size of X. - * However X may fit if its leading bytes are zero. */ - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - } - } - - for( i = 0; i < bytes_to_copy; i++ ) - buf[i] = GET_BYTE( X, i ); - - if( stored_bytes < buflen ) - { - /* Write trailing 0 bytes */ - memset( buf + stored_bytes, 0, buflen - stored_bytes ); - } - - return( 0 ); + return( mbedtls_mpi_core_write_le( X->p, X->n, buf, buflen) ); } /* @@ -762,44 +720,7 @@ int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen ) { - size_t stored_bytes; - size_t bytes_to_copy; - unsigned char *p; - size_t i; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - - stored_bytes = X->n * ciL; - - if( stored_bytes < buflen ) - { - /* There is enough space in the output buffer. Write initial - * null bytes and record the position at which to start - * writing the significant bytes. In this case, the execution - * trace of this function does not depend on the value of the - * number. */ - bytes_to_copy = stored_bytes; - p = buf + buflen - stored_bytes; - memset( buf, 0, buflen - stored_bytes ); - } - else - { - /* The output buffer is smaller than the allocated size of X. - * However X may fit if its leading bytes are zero. */ - bytes_to_copy = buflen; - p = buf; - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - } - } - - for( i = 0; i < bytes_to_copy; i++ ) - p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); - - return( 0 ); + return( mbedtls_mpi_core_write_be( X->p, X->n, buf, buflen ) ); } /* From 23bdeca64d85ccb0c2d602643d814a291b262916 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 22 Jul 2022 18:24:06 +0100 Subject: [PATCH 14/64] Add core constant time comparison Unfortunately reusing the new function from the signed constant time comparison is not trivial. One option would be to do temporary conditional swaps which would prevent qualifying input to const. Another way would be to add an additional flag for the sign and make it an integral part of the computation, which would defeat the purpose of having an unsigned core comparison. Going with two separate function for now and the signed version can be retired/compiled out with the legacy API eventually. The new function in theory could be placed into either `library/constant_time.c` or `library/bignum_new.c`. Going with the first as the other functions in the second are not constant time yet and this distinction seems more valuable for new (as opposed to belonging to the `_core` functions. Signed-off-by: Janos Follath --- library/constant_time.c | 44 +++++++++++++++++++++ library/constant_time_internal.h | 16 ++++++++ tests/suites/test_suite_mpi.data | 57 ++++++++++++++++++++++++++++ tests/suites/test_suite_mpi.function | 38 +++++++++++++++++++ 4 files changed, 155 insertions(+) diff --git a/library/constant_time.c b/library/constant_time.c index 47e9b02d6..cd3ec1064 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -741,6 +741,50 @@ cleanup: return( ret ); } +/* + * Compare unsigned values in constant time + */ +unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *Y, + size_t len ) +{ + size_t i; + /* The value of any of these variables is either 0 or 1 at all times. */ + unsigned ret, cond, done; + + ret = cond = done = 0; + + for( i = len; i > 0; i-- ) + { + /* + * If Y[i - 1] < X[i - 1] then X < Y is false and the result must + * remain 0. + * + * Again even if we can make a decision, we just mark the result and + * the fact that we are done and continue looping. + */ + cond = mbedtls_ct_mpi_uint_lt( Y[i - 1], X[i - 1] ); + done |= cond; + + /* + * If X[i - 1] < Y[i - 1] then X < Y is true. + * + * Again even if we can make a decision, we just mark the result and + * the fact that we are done and continue looping. + */ + cond = mbedtls_ct_mpi_uint_lt( X[i - 1], Y[i - 1] ); + ret |= cond & ( 1 - done ); + done |= cond; + } + + /* + * If all the limbs were equal, then the numbers are equal, X < Y is false + * and leaving the result 0 is correct. + */ + + return( ret ); +} + /* * Compare signed values in constant time */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 9466bc378..7255b2a85 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -129,6 +129,22 @@ unsigned mbedtls_ct_size_bool_eq( size_t x, unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, const mbedtls_mpi_uint y ); +/** + * \brief Check if an MPI is less than the other in constant time. + * + * \param X The left-hand MPI. This must point to an array of limbs + * with the same allocated length as Y. + * \param Y The right-hand MPI. This must point to an array of limbs + * with the same allocated length as X. + * \param len The number of limbs in X and Y. + * + * \return The result of the comparison: + * \c 1 if \p X is less than \p Y. + * \c 0 if \p X is greater than or equal to \p Y. + */ +unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *Y, + size_t len ); #endif /* MBEDTLS_BIGNUM_C */ /** Choose between two integer values without branches. diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 1974e3fc3..e52953c7f 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -409,6 +409,63 @@ mbedtls_mpi_cmp_mpi:"-1230000000000000000":"":-1 Test mbedtls_mpi_cmp_mpi: large negative < 0 (1 limb) mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0":-1 +Base test mbedtls_mpi_core_lt_ct #1 +mbedtls_mpi_core_lt_ct:"02B5":"02B5":0 + +Base test mbedtls_mpi_core_lt_ct #2 +mbedtls_mpi_core_lt_ct:"02B5":"02B4":0 + +Base test mbedtls_mpi_core_lt_ct #3 +mbedtls_mpi_core_lt_ct:"02B5":"02B6":1 + +Base test mbedtls_mpi_core_lt_ct (length=0) +mbedtls_mpi_core_lt_ct:"":"":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 64 bit) #1 +mbedtls_mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"FF":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 64 bit) #2 +mbedtls_mpi_core_lt_ct:"8000000000000000":"7FFFFFFFFFFFFFFF":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 64 bit) #3 +mbedtls_mpi_core_lt_ct:"8000000000000000":"01":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 64 bit) #4 +mbedtls_mpi_core_lt_ct:"8000000000000000":"00":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 64 bit) #5 +mbedtls_mpi_core_lt_ct:"FFFFFFFFFFFFFFFF":"FF":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #1 +mbedtls_mpi_core_lt_ct:"7FFFFFFF":"FF":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #2 +mbedtls_mpi_core_lt_ct:"80000000":"7FFFFFFF":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #3 +mbedtls_mpi_core_lt_ct:"80000000":"01":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #4 +mbedtls_mpi_core_lt_ct:"80000000":"00":0 + +Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #5 +mbedtls_mpi_core_lt_ct:"FFFFFFFF":"FF":0 + +Multi-limb mbedtls_mpi_core_lt_ct (XY, equal MS limbs) +mbedtls_mpi_core_lt_ct:"EEFFFFFFFFFFFFFFFF":"EEFFFFFFFFFFFFFFF1":0 + +Multi-limb mbedtls_mpi_core_lt_ct (X=Y) +mbedtls_mpi_core_lt_ct:"EEFFFFFFFFFFFFFFFF":"EEFFFFFFFFFFFFFFFF":0 + +Multi-limb mbedtls_mpi_core_lt_ct (Alternating limbs) #1 +mbedtls_mpi_core_lt_ct:"11FFFFFFFFFFFFFFFF":"FF1111111111111111":1 + +Multi-limb mbedtls_mpi_core_lt_ct (Alternating limbs) #2 +mbedtls_mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 + Base test mbedtls_mpi_lt_mpi_ct #1 mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index b0d947c9d..ff87ea44a 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -2,6 +2,8 @@ #include "mbedtls/bignum.h" #include "mbedtls/entropy.h" #include "bignum_core.h" +#include "constant_time_internal.h" +#include "test/constant_flow.h" #if MBEDTLS_MPI_MAX_BITS > 792 #define MPI_MAX_BITS_LARGER_THAN_792 @@ -607,6 +609,42 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_core_lt_ct( data_t * input_X, data_t * input_Y, int input_ret ) +{ + #define MAX_LEN 64 + mbedtls_mpi_uint X[MAX_LEN]; + mbedtls_mpi_uint Y[MAX_LEN]; + unsigned exp_ret = input_ret; + unsigned ret; + size_t len = CHARS_TO_LIMBS( + input_X->len > input_Y->len ? input_X->len : input_Y->len ); + + TEST_ASSERT( len <= MAX_LEN ); + + TEST_ASSERT( mbedtls_mpi_core_read_be( X, len, input_X->x, input_X->len ) + == 0 ); + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len, input_Y->x, input_Y->len ) + == 0 ); + + TEST_CF_SECRET( X, len * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len * sizeof( mbedtls_mpi_uint ) ); + + ret = mbedtls_mpi_core_lt_ct( X, Y, len ); + + TEST_CF_PUBLIC( X, len * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( &ret, sizeof( ret ) ); + + TEST_ASSERT( ret == exp_ret ); + +exit: + ; + + #undef MAX_LEN +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X, int size_Y, char * input_Y, From 8b718b5a6663609b1ae29e2d2ec661cac38a8cad Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 25 Jul 2022 11:31:02 +0100 Subject: [PATCH 15/64] Add bounds check to residue input Signed-off-by: Janos Follath --- library/bignum_mod.h | 3 ++- library/bignum_new.c | 31 ++++++++++++++++++++++++------- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 432cd0070..342bf17b5 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -67,7 +67,8 @@ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, - mbedtls_mpi_uint *p ); + mbedtls_mpi_uint *p, + size_t pn ); void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); diff --git a/library/bignum_new.c b/library/bignum_new.c index 04f604923..60f50ada8 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -29,6 +29,7 @@ #include "bignum_core.h" #include "bignum_mod.h" #include "bignum_mod_raw.h" +#include "constant_time_internal.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -92,13 +93,17 @@ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, - mbedtls_mpi_uint *X ) + mbedtls_mpi_uint *p, + size_t pn ) { - if( X == NULL || m == NULL || r == NULL || X >= m->p) + if( p == NULL || m == NULL || r == NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( pn < m->n || !mbedtls_mpi_core_lt_ct( m->p, p, pn ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); r->n = m->n; - r->p = X; + r->p = p; return( 0 ); } @@ -447,16 +452,28 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, unsigned char *buf, size_t buflen ) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_LE ) - return mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); + ret = mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); else if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_BE ) - return mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); - + ret = mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); else return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - return( 0 ); + if( ret != 0 ) + goto cleanup; + + if( !mbedtls_mpi_core_lt_ct( X, m->p, m->n ) ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + +cleanup: + + return( ret ); } int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, From e66b1d47ed7b19611f35720da47ad822a94b87ed Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 Aug 2022 11:49:59 +0200 Subject: [PATCH 16/64] Typo Signed-off-by: Gabor Mezei --- library/bignum_new.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/bignum_new.c b/library/bignum_new.c index 60f50ada8..142d15dc2 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -36,9 +36,9 @@ #else #include #include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free +#define mbedtls_printf printf +#define mbedtls_calloc calloc +#define mbedtls_free free #endif /* From 535f36d203be232c8f231d200b580bd26039f988 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 Aug 2022 11:50:44 +0200 Subject: [PATCH 17/64] Unify parameter naming Signed-off-by: Gabor Mezei --- library/bignum_mod.h | 2 +- library/bignum_new.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 342bf17b5..97b3fc712 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -76,7 +76,7 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, - size_t n, + size_t pn, int ext_rep, int int_rep ); diff --git a/library/bignum_new.c b/library/bignum_new.c index 142d15dc2..8a7580633 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -143,19 +143,19 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) } int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, - mbedtls_mpi_uint *X, - size_t nx, + mbedtls_mpi_uint *p, + size_t pn, int ext_rep, int int_rep ) { int ret = 0; - if ( X == NULL || m == NULL ) + if ( p == NULL || m == NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - m->p = X; - m->n = nx; - m->plen = mbedtls_mpi_core_bitlen( X, nx ); + m->p = p; + m->n = pn; + m->plen = mbedtls_mpi_core_bitlen( p, pn ); switch( ext_rep ) { From d8f5bc2d3d6ffe8c9021659e6bbbde1655c45483 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 Aug 2022 11:51:25 +0200 Subject: [PATCH 18/64] Free the correct struct element Signed-off-by: Gabor Mezei --- library/bignum_new.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum_new.c b/library/bignum_new.c index 8a7580633..3f25fad6c 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -130,7 +130,7 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) case MBEDTLS_MPI_MOD_REP_MONTGOMERY: mbedtls_free( m->rep.mont ); break; case MBEDTLS_MPI_MOD_REP_OPT_RED: - mbedtls_free( m->rep.mont ); break; + mbedtls_free( m->rep.ored ); break; default: break; } From c0b9304f921d38dc05efea904c42def23346d7ea Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 Aug 2022 11:52:37 +0200 Subject: [PATCH 19/64] Use value as numerical value instead of bitfield value Signed-off-by: Gabor Mezei --- library/bignum_new.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/bignum_new.c b/library/bignum_new.c index 3f25fad6c..51e141604 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -454,10 +454,10 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_LE ) + if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) ret = mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); - else if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_BE ) + else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) ret = mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); else return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -481,10 +481,10 @@ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, unsigned char *buf, size_t buflen ) { - if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_LE ) + if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); - else if( m->ext_rep & MBEDTLS_MPI_MOD_EXT_REP_BE ) + else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); else From 23a1ce90ec49c81237d6bc855b63a31622945601 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 Aug 2022 11:54:44 +0200 Subject: [PATCH 20/64] Add tests for mbedtls_mpi_mod_raw read/write functions Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 126 +++++++++++++++++++++++++++ tests/suites/test_suite_mpi.function | 102 ++++++++++++++++++++++ 2 files changed, 228 insertions(+) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index e52953c7f..6a322739d 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -199,6 +199,132 @@ mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66 Test mbedtls_mpi_core_io_le #18 (buffer too small, input unaligned) mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_mod_raw_io #1 BE (Buffer and limbs just fit, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #1 LE (Buffer and limbs just fit, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #2 BE (Buffer and limbs just fit, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #2 LE (Buffer and limbs just fit, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #3 BE (Buffer just fits, extra limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #3 LE (Buffer just fits, extra limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #4 BE (Buffer just fits, extra limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #4 LE (Buffer just fits, extra limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #5 BE (Extra limbs, buffer aligned to extra limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #5 LE (Extra limbs, buffer aligned to extra limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #6 BE (Extra limbs, buffer aligned to extra limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #6 LE (Extra limbs, buffer aligned to extra limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #7 BE (Buffer and limbs just fit, input limb-aligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #7 LE (Buffer and limbs just fit, input limb-aligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #8 BE (Buffer and limbs just fit, input unaligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #8 LE (Buffer and limbs just fit, input unaligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #9 BE (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #9 LE (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #10 BE (Buffer just fits, extra limbs, input unaligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #10 LE (Buffer just fits, extra limbs, input unaligned with leading zeroes) +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #11 BE (Zero) +mbedtls_mpi_mod_raw_io:"00":1:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #11 LE (Zero) +mbedtls_mpi_mod_raw_io:"00":1:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #12 BE (Zero, empty output) +mbedtls_mpi_mod_raw_io:"00":0:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #12 LE (Zero, empty output) +mbedtls_mpi_mod_raw_io:"00":0:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #13 BE (Zero, empty input) +mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #13 LE (Zero, empty input) +mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #14 BE (One) +mbedtls_mpi_mod_raw_io:"01":1:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #14 LE (One) +mbedtls_mpi_mod_raw_io:"01":1:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #14 BE (One limb) +mbedtls_mpi_mod_raw_io:"ff00000000000000":8:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 + +Test mbedtls_mpi_mod_raw_io #14 LE (One limb) +mbedtls_mpi_mod_raw_io:"00000000000000ff":8:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 + +Test mbedtls_mpi_mod_raw_io #15 BE (not enough limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_mod_raw_io #15 LE (not enough limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_mod_raw_io #16 BE (not enough limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_mod_raw_io #16 LE (not enough limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 + +Test mbedtls_mpi_mod_raw_io #17 BE (buffer too small, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_mod_raw_io #17 LE (buffer too small, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_mod_raw_io #18 BE (buffer too small, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_mod_raw_io #18 LE (buffer too small, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_mod_raw_io #19 BE (modulus is equal to input) +mbedtls_mpi_mod_raw_io:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":1024:128:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 + +Test mbedtls_mpi_mod_raw_io #19 LE (modulus is equal to input) +mbedtls_mpi_mod_raw_io:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":1024:128:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 + +Test mbedtls_mpi_mod_raw_io #20 (reading with invalid endianness) +mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 + +Test mbedtls_mpi_mod_raw_io #20 (writing with invalid endianness) +mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Base test mbedtls_mpi_read_binary #1 mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424" diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index ff87ea44a..de66fdd6a 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -2,6 +2,8 @@ #include "mbedtls/bignum.h" #include "mbedtls/entropy.h" #include "bignum_core.h" +#include "bignum_mod.h" +#include "bignum_mod_raw.h" #include "constant_time_internal.h" #include "test/constant_flow.h" @@ -350,6 +352,106 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_64_int, + int iendian, int iret, int oret ) +{ + #define BMAX 1024 + unsigned char buf[BMAX]; + #define XMAX BMAX / sizeof( mbedtls_mpi_uint ) + mbedtls_mpi_uint X[XMAX]; + mbedtls_mpi_uint init[XMAX]; + mbedtls_mpi_mod_modulus m; + size_t nx, nb; + int ret; + int endian; + + if( iret != 0 ) + TEST_ASSERT( oret == 0 ); + + TEST_ASSERT( 0 <= nb_int ); + nb = nb_int; + TEST_ASSERT( nb <= BMAX ); + + TEST_ASSERT( 0 <= nx_64_int ); + nx = nx_64_int; + /* nx_64_int is the number of 64 bit limbs, if we have 32 bit limbs we need + * to double the number of limbs to have the same size. */ + if( sizeof( mbedtls_mpi_uint ) == 4 ) + nx *= 2; + TEST_ASSERT( nx <= XMAX ); + + if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID ) + endian = MBEDTLS_MPI_MOD_EXT_REP_LE; + else + endian = iendian; + + mbedtls_mpi_mod_modulus_init( &m ); + TEST_ASSERT( memset( init, 0xFF, sizeof( init ) ) ); + + ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, endian, + MBEDTLS_MPI_MOD_REP_MONTGOMERY ); + TEST_ASSERT( ret == 0 ); + + if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0 ) + m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; + + ret = mbedtls_mpi_mod_raw_read( X, &m, input->x, input->len ); + TEST_ASSERT( ret == iret ); + + if( iret == 0 ) + { + if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && oret != 0 ) + m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; + + ret = mbedtls_mpi_mod_raw_write( X, &m, buf, nb ); + TEST_ASSERT( ret == oret ); + } + + if( ( iret == 0 ) && ( oret == 0 ) ) + { + if( nb > input->len ) + { + if( endian == MBEDTLS_MPI_MOD_EXT_REP_BE ) + { + size_t leading_zeroes = nb - input->len; + TEST_ASSERT( memcmp( buf + nb - input->len, input->x, input->len ) == 0 ); + for( size_t i = 0; i < leading_zeroes; i++ ) + TEST_ASSERT( buf[i] == 0 ); + } + else + { + TEST_ASSERT( memcmp( buf, input->x, input->len ) == 0 ); + for( size_t i = input->len; i < nb; i++ ) + TEST_ASSERT( buf[i] == 0 ); + } + } + else + { + if( endian == MBEDTLS_MPI_MOD_EXT_REP_BE ) + { + size_t leading_zeroes = input->len - nb; + TEST_ASSERT( memcmp( input->x + input->len - nb, buf, nb ) == 0 ); + for( size_t i = 0; i < leading_zeroes; i++ ) + TEST_ASSERT( input->x[i] == 0 ); + } + else + { + TEST_ASSERT( memcmp( input->x, buf, nb ) == 0 ); + for( size_t i = nb; i < input->len; i++ ) + TEST_ASSERT( input->x[i] == 0 ); + } + } + } + +exit: + mbedtls_mpi_mod_modulus_free( &m ); + + #undef BMAX + #undef XMAX +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_mpi_read_binary_le( data_t * buf, char * input_A ) { From 37b06360b3685b5e136f1a44388faa1334dc9d0b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 Aug 2022 17:22:18 +0200 Subject: [PATCH 21/64] Add documentation for new bignum functions Signed-off-by: Gabor Mezei --- library/bignum_core.h | 69 ++++++++++++++++++++++++++++++++++++++++ library/bignum_mod.h | 42 ++++++++++++++++++++++-- library/bignum_mod_raw.h | 29 +++++++++++++++++ library/bignum_new.c | 19 ++++++----- 4 files changed, 146 insertions(+), 13 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 376a267de..98a8c97c2 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -42,28 +42,97 @@ #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +/** Count leading zero bits in a given integer. + * + * \param x Integer to count leading zero bits. + * + * \return Tne munber of leading zero bits in \p x. + */ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ); +/** Return the number of bits of an MPI. + * + * \param X The address of the MPI. + * \param nx The number of limbs of \p X. + * + * \return Tne number of bits in \p X. + */ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ); +/** Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint + * into the storage form used by mbedtls_mpi. + * + * \param X The address of the MPI. + * \param limbs The number of limbs of \p X. + */ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, size_t limbs ); +/** Import X from unsigned binary data, little endian. + * + * This function is guaranteed to return an MPI with at least the necessary + * number of limbs (in particular, it does not skip 0s in the input). + * + * \param X The address of the MPI. + * \param nx The number of limbs of \p X. + * \param buf The input buffer to import from. + * \param buflen Tne length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't + * large enough to hold the value in \p buf. + */ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, size_t nx, const unsigned char *buf, size_t buflen ); +/** Import X from unsigned binary data, big endian. + * + * This function is guaranteed to return an MPI with exactly the necessary + * number of limbs (in particular, it does not skip 0s in the input). + * + * \param X The address of the MPI. + * \param nx The number of limbs of \p X. + * \param buf The input buffer to import from. + * \param buflen Tne length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't + * large enough to hold the value in \p buf. + */ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, size_t nx, const unsigned char *buf, size_t buflen ); +/** Export X into unsigned binary data, little endian. + * + * \param X The address of the MPI. + * \param nx The number of limbs of \p X. + * \param buf The output buffer to import. + * \param buflen Tne length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't + * large enough to hold the value of \p X. + */ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, size_t nx, unsigned char *buf, size_t buflen ); +/** Export X into unsigned binary data, big endian. + * + * \param X The address of the MPI. + * \param nx The number of limbs of \p X. + * \param buf The output buffer to import. + * \param buflen Tne length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't + * large enough to hold the value of \p X. + */ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, size_t nx, unsigned char *buf, diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 97b3fc712..a4f024853 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -63,21 +63,57 @@ typedef enum MBEDTLS_MPI_MOD_EXT_REP_BE } mbedtls_mpi_mod_ext_rep; -void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); +/** Setup a residue structure. + * + * \param r The address of residue to setup. The size is determined by \p m. + * \param m The address of a modulus related to \p r. + * \param p The address of the MPI used for \p r. + * \param pn The number of limbs of \p p. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p r, \p m or \p p is + * #NULL pointer or if \p p is less then \p m. + */ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, size_t pn ); +/** Unbind elements of a residue structure. + * + * \param r The address of residue to release. + */ +void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); + +/** Initialize a modulus structure. + * + * \param m The address of a modulus. + */ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); -void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); - +/** Setup a residue structure. + * + * \param m The address of a modulus. + * \param p The address of the MPI used for \p m. + * \param pn The number of limbs of \p p. + * \param ext_rep The external representation of \p m (eg. byte order). + * \param int_rep The selector which representation is used. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p m or \p p is + * #NULL pointer or if \p ext_rep or \p int_rep is invalid. + */ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, size_t pn, int ext_rep, int int_rep ); +/** Unbind elements of a modulus structure. + * + * \param m The address of a modulus. + */ +void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); + #endif /* MBEDTLS_BIGNUM_MOD_H */ diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 21743e0d0..2d7fc8167 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -26,11 +26,40 @@ #include "mbedtls/bignum.h" #endif +/** Import X from unsigned binary data. + * + * This function is guaranteed to return an MPI with exactly the necessary + * number of limbs (in particular, it does not skip 0s in the input). + * + * \param X The address of the MPI. The size is determined by \p m. + * \param m The address of a modulus related to \p X. + * \param buf The input buffer to import from. + * \param buflen Tne length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't + * large enough to hold the value in \p buf. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external reprezentation + * of \p m is invalid or \p X is less then \p m. + */ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, mbedtls_mpi_mod_modulus *m, unsigned char *buf, size_t buflen ); +/** Export X into unsigned binary data. + * + * \param X The address of the MPI. The size is determined by \p m. + * \param m The address of a modulus related to \p X. + * \param buf The output buffer to import. + * \param buflen Tne length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't + * large enough to hold the value of \p X. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external reprezentation + * of \p m is invalid. + */ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, mbedtls_mpi_mod_modulus *m, unsigned char *buf, diff --git a/library/bignum_new.c b/library/bignum_new.c index 51e141604..2245650ae 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -82,15 +82,6 @@ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) #define GET_BYTE( X, i ) \ ( ( ( X )[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) -void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) -{ - if ( r == NULL ) - return; - - r->n = 0; - r->p = NULL; -} - int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, @@ -108,6 +99,15 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, return( 0 ); } +void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) +{ + if ( r == NULL ) + return; + + r->n = 0; + r->p = NULL; +} + void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ) { if ( m == NULL ) @@ -206,7 +206,6 @@ static int mpi_core_clear( mbedtls_mpi_uint *X, /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. */ - static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint x ) { uint8_t i; From 6666914b76ed9a4199c12c99842a643de711f0e3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 3 Aug 2022 12:52:26 +0200 Subject: [PATCH 22/64] Revert "Move Bignum macros to common header" This reverts commit 62c5901f0a5061a8825e19c77f88c91fea235078. Reverting commit due the macros are meant to be local and not following the naming convention. Signed-off-by: Gabor Mezei --- library/bignum.c | 16 ++++++++++++++++ library/bignum_core.h | 16 ---------------- library/bignum_new.c | 16 ++++++++++++++++ 3 files changed, 32 insertions(+), 16 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 391ff8776..0e7b3cea0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -58,8 +58,24 @@ #define mbedtls_free free #endif +#define MPI_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) +#define MPI_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + #define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { diff --git a/library/bignum_core.h b/library/bignum_core.h index 98a8c97c2..2248f49db 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -26,22 +26,6 @@ #include "mbedtls/bignum.h" #endif -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) -#define MPI_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ - -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - /** Count leading zero bits in a given integer. * * \param x Integer to count leading zero bits. diff --git a/library/bignum_new.c b/library/bignum_new.c index 2245650ae..d1253f8d0 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -41,6 +41,22 @@ #define mbedtls_free free #endif +#define MPI_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) +#define MPI_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) + /* * Count leading zero bits in a given integer */ From a200f6f8551e7125a767798d0426304a9d7a0a2f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 3 Aug 2022 12:59:57 +0200 Subject: [PATCH 23/64] Add macro definitions to the tests Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index de66fdd6a..6be7b2179 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -11,6 +11,16 @@ #define MPI_MAX_BITS_LARGER_THAN_792 #endif +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) + /* Check the validity of the sign bit in an MPI object. Reject representations * that are not supported by the rest of the library and indicate a bug when * constructing the value. */ From 8ff0729dd729ab923e9aac9e51f879cd094659dc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Aug 2022 08:39:52 +0100 Subject: [PATCH 24/64] Fix typos in Bignum documentation Signed-off-by: Janos Follath --- library/bignum_core.h | 12 ++++++------ library/bignum_mod_raw.h | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 2248f49db..622f0188f 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -30,7 +30,7 @@ * * \param x Integer to count leading zero bits. * - * \return Tne munber of leading zero bits in \p x. + * \return The number of leading zero bits in \p x. */ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ); @@ -39,7 +39,7 @@ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ); * \param X The address of the MPI. * \param nx The number of limbs of \p X. * - * \return Tne number of bits in \p X. + * \return The number of bits in \p X. */ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ); @@ -60,7 +60,7 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, * \param X The address of the MPI. * \param nx The number of limbs of \p X. * \param buf The input buffer to import from. - * \param buflen Tne length in bytes of \p buf. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't @@ -79,7 +79,7 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, * \param X The address of the MPI. * \param nx The number of limbs of \p X. * \param buf The input buffer to import from. - * \param buflen Tne length in bytes of \p buf. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't @@ -95,7 +95,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, * \param X The address of the MPI. * \param nx The number of limbs of \p X. * \param buf The output buffer to import. - * \param buflen Tne length in bytes of \p buf. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't @@ -111,7 +111,7 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, * \param X The address of the MPI. * \param nx The number of limbs of \p X. * \param buf The output buffer to import. - * \param buflen Tne length in bytes of \p buf. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 2d7fc8167..8f0f0f25e 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -34,12 +34,12 @@ * \param X The address of the MPI. The size is determined by \p m. * \param m The address of a modulus related to \p X. * \param buf The input buffer to import from. - * \param buflen Tne length in bytes of \p buf. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't * large enough to hold the value in \p buf. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external reprezentation + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation * of \p m is invalid or \p X is less then \p m. */ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, @@ -52,12 +52,12 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, * \param X The address of the MPI. The size is determined by \p m. * \param m The address of a modulus related to \p X. * \param buf The output buffer to import. - * \param buflen Tne length in bytes of \p buf. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't * large enough to hold the value of \p X. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external reprezentation + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation * of \p m is invalid. */ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, From dae1147596fa50a234e9c0b688d1d34ec6915250 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Aug 2022 11:50:02 +0100 Subject: [PATCH 25/64] Improve Bignum documentation Signed-off-by: Janos Follath --- library/bignum_core.h | 12 ++++++------ library/bignum_mod.h | 39 +++++++++++++++++++++++++++++++-------- library/bignum_mod_raw.h | 20 ++++++++++++-------- library/bignum_new.c | 8 ++++---- 4 files changed, 53 insertions(+), 26 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 622f0188f..2141640cf 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -54,8 +54,8 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, /** Import X from unsigned binary data, little endian. * - * This function is guaranteed to return an MPI with at least the necessary - * number of limbs (in particular, it does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (in particular, + * this function does not skip 0s in the input). * * \param X The address of the MPI. * \param nx The number of limbs of \p X. @@ -73,8 +73,8 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, /** Import X from unsigned binary data, big endian. * - * This function is guaranteed to return an MPI with exactly the necessary - * number of limbs (in particular, it does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (in particular, + * this function does not skip 0s in the input). * * \param X The address of the MPI. * \param nx The number of limbs of \p X. @@ -94,7 +94,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, * * \param X The address of the MPI. * \param nx The number of limbs of \p X. - * \param buf The output buffer to import. + * \param buf The output buffer to export to. * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. @@ -110,7 +110,7 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, * * \param X The address of the MPI. * \param nx The number of limbs of \p X. - * \param buf The output buffer to import. + * \param buf The output buffer to export to. * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. diff --git a/library/bignum_mod.h b/library/bignum_mod.h index a4f024853..254a744ff 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -67,13 +67,19 @@ typedef enum /** Setup a residue structure. * * \param r The address of residue to setup. The size is determined by \p m. - * \param m The address of a modulus related to \p r. - * \param p The address of the MPI used for \p r. + * (In particular, it must have at least as many limbs as the + * modulus \p m.) + * \param m The address of the modulus related to \p r. + * \param p The address of the limb array storing the value of \p r. The + * memory pointed by \p p will be used by \p r and must not be + * freed or written until after mbedtls_mpi_mod_residue_release() + * is called. * \param pn The number of limbs of \p p. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p r, \p m or \p p is - * #NULL pointer or if \p p is less then \p m. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p r, \p m or \p p is #NULL + * pointer, \p pn is less than the limbs in \p m or if \p p is not + * less than \p m. */ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, @@ -81,6 +87,12 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, size_t pn ); /** Unbind elements of a residue structure. + * + * This function removes the reference to the limb array that was passed to + * mbedtls_mpi_mod_residue_setup() to make it safe to free or use again. + * + * This function invalidates \p r and it must not be used until after + * mbedtls_mpi_mod_residue_setup() is called on it again. * * \param r The address of residue to release. */ @@ -95,10 +107,15 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); /** Setup a residue structure. * * \param m The address of a modulus. - * \param p The address of the MPI used for \p m. + * \param p The address of the limb array storing the value of \p m. The + * memory pointed by \p p will be used by \p r and must not be + * freed or written until after + * mbedtls_mpi_mod_modulus_free() is called. * \param pn The number of limbs of \p p. - * \param ext_rep The external representation of \p m (eg. byte order). - * \param int_rep The selector which representation is used. + * \param ext_rep The external representation to be used for residues + * associated with \p m (see #mbedtls_mpi_mod_ext_rep). + * \param int_rep The internal representation to be used for residues + * associated with \p m (see #mbedtls_mpi_mod_rep_selector). * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p m or \p p is @@ -110,7 +127,13 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, int ext_rep, int int_rep ); -/** Unbind elements of a modulus structure. +/** Free elements of a modulus structure. + * + * This function frees any memory allocated by mbedtls_mpi_mod_modulus_setup(). + * + * \warning This function does not free the limb array passed to + * mbedtls_mpi_mod_modulus_setup() only removes the reference to it, + * making it safe to free or to use it again. * * \param m The address of a modulus. */ diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 8f0f0f25e..85ca533da 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -28,11 +28,13 @@ /** Import X from unsigned binary data. * - * This function is guaranteed to return an MPI with exactly the necessary - * number of limbs (in particular, it does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (in particular, + * this function does not skip 0s in the input). * - * \param X The address of the MPI. The size is determined by \p m. - * \param m The address of a modulus related to \p X. + * \param X The address of the MPI. The size is determined by \p m. (In + * particular, it must have at least as many limbs as the modulus + * \p m.) + * \param m The address of the modulus related to \p X. * \param buf The input buffer to import from. * \param buflen The length in bytes of \p buf. * @@ -40,7 +42,7 @@ * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't * large enough to hold the value in \p buf. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation - * of \p m is invalid or \p X is less then \p m. + * of \p m is invalid or \p X is not less than \p m. */ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, mbedtls_mpi_mod_modulus *m, @@ -49,9 +51,11 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, /** Export X into unsigned binary data. * - * \param X The address of the MPI. The size is determined by \p m. - * \param m The address of a modulus related to \p X. - * \param buf The output buffer to import. + * \param X The address of the MPI. The size is determined by \p m. (In + * particular, it must have at least as many limbs as the modulus + * \p m.) + * \param m The address of the modulus related to \p X. + * \param buf The output buffer to export to. * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. diff --git a/library/bignum_new.c b/library/bignum_new.c index d1253f8d0..261394148 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -313,8 +313,8 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, /* * Import X from unsigned binary data, little endian * - * This function is guaranteed to return an MPI with at least the necessary - * number of limbs (in particular, it does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (in particular, + * this function does not skip 0s in the input). */ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, size_t nx, @@ -338,8 +338,8 @@ cleanup: /* * Import X from unsigned binary data, big endian * - * This function is guaranteed to return an MPI with exactly the necessary - * number of limbs (in particular, it does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (in particular, + * this function does not skip 0s in the input). */ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, size_t nx, From 1694969a0a82545fa284ceede380cbfd9442e1b7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Aug 2022 13:37:20 +0100 Subject: [PATCH 26/64] Bignum: Add tests for modulus setup and free Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.data | 27 ++++++++++++++++++++++++++ tests/suites/test_suite_mpi.function | 29 ++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 6a322739d..c87c4ceda 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -325,6 +325,33 @@ mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_ERR_MPI_BA Test mbedtls_mpi_mod_raw_io #20 (writing with invalid endianness) mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_mod_raw_io #1 (Both representations invalid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_mod_raw_io #2 (Internal representation invalid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_mod_raw_io #3 (Internal representation invalid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_mod_raw_io #4 (External representation invalid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_MONTGOMERY:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_mod_raw_io #5 (External representation invalid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_OPT_RED:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_mod_raw_io #6 (Both representations valid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_OPT_RED:0 + +Test mbedtls_mpi_mod_raw_io #7 (Both representations valid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 + +Test mbedtls_mpi_mod_raw_io #8 (Both representations valid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_OPT_RED:0 + +Test mbedtls_mpi_mod_raw_io #9 (Both representations valid) +mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 + Base test mbedtls_mpi_read_binary #1 mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424" diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 6be7b2179..07bd03892 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -362,6 +362,35 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_mod_setup( int ext_rep, int int_rep, int iret ) +{ + #define MLIMBS 8 + mbedtls_mpi_uint mp[MLIMBS]; + mbedtls_mpi_mod_modulus m; + int ret; + + memset( mp, 0xFF, sizeof(mp) ); + + mbedtls_mpi_mod_modulus_init( &m ); + ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, ext_rep, int_rep ); + TEST_ASSERT( ret == iret ); + + /* Address sanitiser should catch if we try to free mp */ + mbedtls_mpi_mod_modulus_free( &m ); + + /* Make sure that the modulus doesn't have reference to mp anymore */ + TEST_ASSERT( m.p != mp ); + +exit: + /* It should be safe to call an mbedtls free several times */ + mbedtls_mpi_mod_modulus_free( &m ); + + #undef MLIMBS +} +/* END_CASE */ + + /* BEGIN_CASE */ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_64_int, int iendian, int iret, int oret ) From 3ca0775e596fd79d7508f6a78348830b416f8da4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 9 Aug 2022 11:45:47 +0100 Subject: [PATCH 27/64] Bignum: extract bignum_core.h functions Extract functions declared in bignum_core.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath --- include/mbedtls/mbedtls_config.h | 4 +- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/bignum_core.c | 353 +++++++++++++++++++++++++++++++ library/bignum_new.c | 313 --------------------------- 5 files changed, 358 insertions(+), 314 deletions(-) create mode 100644 library/bignum_core.c diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 97ad17894..bb6708e03 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2009,7 +2009,9 @@ * * Enable the multi-precision integer library. * - * Module: library/bignum.c, library/bignum_new.c + * Module: library/bignum.c + * library/bignum_new.c + * library/bignum_core.c * Caller: library/dhm.c * library/ecp.c * library/ecdsa.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 19ba315cf..bef0dbf80 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -19,6 +19,7 @@ set(src_crypto base64.c bignum.c bignum_new.c + bignum_core.c camellia.c ccm.c chacha20.c diff --git a/library/Makefile b/library/Makefile index ac8f3318b..a1c4bb9d6 100644 --- a/library/Makefile +++ b/library/Makefile @@ -84,6 +84,7 @@ OBJS_CRYPTO= \ base64.o \ bignum.o \ bignum_new.o \ + bignum_core.o \ camellia.o \ ccm.o \ chacha20.o \ diff --git a/library/bignum_core.c b/library/bignum_core.c new file mode 100644 index 000000000..35173b9e7 --- /dev/null +++ b/library/bignum_core.c @@ -0,0 +1,353 @@ +/* + * Multi-precision integer library + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_BIGNUM_C) + +#include + +#include "mbedtls/error.h" +#include "mbedtls/platform_util.h" + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_printf printf +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + +#include "bignum_core.h" + +#define MPI_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) +#define MPI_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +/* Get a specific byte, without range checks. */ +#define GET_BYTE( X, i ) \ + ( ( ( X )[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) + +/* + * Count leading zero bits in a given integer + */ +size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) +{ + size_t j; + mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); + + for( j = 0; j < biL; j++ ) + { + if( x & mask ) break; + + mask >>= 1; + } + + return j; +} + +/* + * Return the number of bits + */ +size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) +{ + size_t i, j; + + if( nx == 0 ) + return( 0 ); + + for( i = nx - 1; i > 0; i-- ) + if( X[i] != 0 ) + break; + + j = biL - mbedtls_mpi_core_clz( X[i] ); + + return( ( i * biL ) + j ); +} + +/* Check X to have at least n limbs and set it to 0. */ +static int mpi_core_clear( mbedtls_mpi_uint *X, + size_t nx, + size_t limbs ) +{ + if( nx < limbs ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + + if( X != NULL ) + memset( X, 0, nx * ciL ); + + return( 0 ); +} + +/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint + * into the storage form used by mbedtls_mpi. */ +static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint x ) +{ + uint8_t i; + unsigned char *x_ptr; + mbedtls_mpi_uint tmp = 0; + + for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) + { + tmp <<= CHAR_BIT; + tmp |= (mbedtls_mpi_uint) *x_ptr; + } + + return( tmp ); +} + +static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) +{ +#if defined(__BYTE_ORDER__) + +/* Nothing to do on bigendian systems. */ +#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) + return( x ); +#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ + +#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) + +/* For GCC and Clang, have builtins for byte swapping. */ +#if defined(__GNUC__) && defined(__GNUC_PREREQ) +#if __GNUC_PREREQ(4,3) +#define have_bswap +#endif +#endif + +#if defined(__clang__) && defined(__has_builtin) +#if __has_builtin(__builtin_bswap32) && \ + __has_builtin(__builtin_bswap64) +#define have_bswap +#endif +#endif + +#if defined(have_bswap) + /* The compiler is hopefully able to statically evaluate this! */ + switch( sizeof(mbedtls_mpi_uint) ) + { + case 4: + return( __builtin_bswap32(x) ); + case 8: + return( __builtin_bswap64(x) ); + } +#endif +#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ +#endif /* __BYTE_ORDER__ */ + + /* Fall back to C-based reordering if we don't know the byte order + * or we couldn't use a compiler-specific builtin. */ + return( mpi_bigendian_to_host_c( x ) ); +} + +void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, + size_t limbs ) +{ + mbedtls_mpi_uint *cur_limb_left; + mbedtls_mpi_uint *cur_limb_right; + if( limbs == 0 ) + return; + + /* + * Traverse limbs and + * - adapt byte-order in each limb + * - swap the limbs themselves. + * For that, simultaneously traverse the limbs from left to right + * and from right to left, as long as the left index is not bigger + * than the right index (it's not a problem if limbs is odd and the + * indices coincide in the last iteration). + */ + for( cur_limb_left = X, cur_limb_right = X + ( limbs - 1 ); + cur_limb_left <= cur_limb_right; + cur_limb_left++, cur_limb_right-- ) + { + mbedtls_mpi_uint tmp; + /* Note that if cur_limb_left == cur_limb_right, + * this code effectively swaps the bytes only once. */ + tmp = mpi_bigendian_to_host( *cur_limb_left ); + *cur_limb_left = mpi_bigendian_to_host( *cur_limb_right ); + *cur_limb_right = tmp; + } +} + +/* + * Import X from unsigned binary data, little endian + * + * The MPI needs to have enough limbs to store the full value (in particular, + * this function does not skip 0s in the input). + */ +int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, + size_t nx, + const unsigned char *buf, + size_t buflen ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i; + size_t const limbs = CHARS_TO_LIMBS( buflen ); + + /* Ensure that target MPI has at least the necessary number of limbs */ + MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); + + for( i = 0; i < buflen; i++ ) + X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); + +cleanup: + return( ret ); +} + +/* + * Import X from unsigned binary data, big endian + * + * The MPI needs to have enough limbs to store the full value (in particular, + * this function does not skip 0s in the input). + */ +int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, + size_t nx, + const unsigned char *buf, + size_t buflen ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t const limbs = CHARS_TO_LIMBS( buflen ); + size_t overhead; + unsigned char *Xp; + + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + + /* Ensure that target MPI has at least the necessary number of limbs */ + MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); + + overhead = ( nx * ciL ) - buflen; + + /* Avoid calling `memcpy` with NULL source or destination argument, + * even if buflen is 0. */ + if( buflen != 0 ) + { + Xp = (unsigned char*) X; + memcpy( Xp + overhead, buf, buflen ); + + mbedtls_mpi_core_bigendian_to_host( X, nx ); + } + +cleanup: + return( ret ); +} + +/* + * Export X into unsigned binary data, little endian + */ +int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, + size_t nx, + unsigned char *buf, + size_t buflen ) +{ + size_t stored_bytes = nx * ciL; + size_t bytes_to_copy; + size_t i; + + if( stored_bytes < buflen ) + { + bytes_to_copy = stored_bytes; + } + else + { + bytes_to_copy = buflen; + + /* The output buffer is smaller than the allocated size of X. + * However X may fit if its leading bytes are zero. */ + for( i = bytes_to_copy; i < stored_bytes; i++ ) + { + if( GET_BYTE( X, i ) != 0 ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + } + } + + for( i = 0; i < bytes_to_copy; i++ ) + buf[i] = GET_BYTE( X, i ); + + if( stored_bytes < buflen ) + { + /* Write trailing 0 bytes */ + memset( buf + stored_bytes, 0, buflen - stored_bytes ); + } + + return( 0 ); +} + +/* + * Export X into unsigned binary data, big endian + */ +int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, + size_t nx, + unsigned char *buf, + size_t buflen ) +{ + size_t stored_bytes; + size_t bytes_to_copy; + unsigned char *p; + size_t i; + + MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + + stored_bytes = nx * ciL; + + if( stored_bytes < buflen ) + { + /* There is enough space in the output buffer. Write initial + * null bytes and record the position at which to start + * writing the significant bytes. In this case, the execution + * trace of this function does not depend on the value of the + * number. */ + bytes_to_copy = stored_bytes; + p = buf + buflen - stored_bytes; + memset( buf, 0, buflen - stored_bytes ); + } + else + { + /* The output buffer is smaller than the allocated size of X. + * However X may fit if its leading bytes are zero. */ + bytes_to_copy = buflen; + p = buf; + for( i = bytes_to_copy; i < stored_bytes; i++ ) + { + if( GET_BYTE( X, i ) != 0 ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + } + } + + for( i = 0; i < bytes_to_copy; i++ ) + p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); + + return( 0 ); +} + +#endif /* MBEDTLS_BIGNUM_C */ diff --git a/library/bignum_new.c b/library/bignum_new.c index 261394148..8b23f139f 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -41,63 +41,6 @@ #define mbedtls_free free #endif -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) -#define MPI_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ - -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - -/* - * Count leading zero bits in a given integer - */ -size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) -{ - size_t j; - mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); - - for( j = 0; j < biL; j++ ) - { - if( x & mask ) break; - - mask >>= 1; - } - - return j; -} - -/* - * Return the number of bits - */ -size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) -{ - size_t i, j; - - if( nx == 0 ) - return( 0 ); - - for( i = nx - 1; i > 0; i-- ) - if( X[i] != 0 ) - break; - - j = biL - mbedtls_mpi_core_clz( X[i] ); - - return( ( i * biL ) + j ); -} - -/* Get a specific byte, without range checks. */ -#define GET_BYTE( X, i ) \ - ( ( ( X )[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) - int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, @@ -206,262 +149,6 @@ exit: return( ret ); } -/* Check X to have at least n limbs and set it to 0. */ -static int mpi_core_clear( mbedtls_mpi_uint *X, - size_t nx, - size_t limbs ) -{ - if( nx < limbs ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - - if( X != NULL ) - memset( X, 0, nx * ciL ); - - return( 0 ); -} - -/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint - * into the storage form used by mbedtls_mpi. */ -static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint x ) -{ - uint8_t i; - unsigned char *x_ptr; - mbedtls_mpi_uint tmp = 0; - - for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) - { - tmp <<= CHAR_BIT; - tmp |= (mbedtls_mpi_uint) *x_ptr; - } - - return( tmp ); -} - -static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) -{ -#if defined(__BYTE_ORDER__) - -/* Nothing to do on bigendian systems. */ -#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) - return( x ); -#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ - -#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) - -/* For GCC and Clang, have builtins for byte swapping. */ -#if defined(__GNUC__) && defined(__GNUC_PREREQ) -#if __GNUC_PREREQ(4,3) -#define have_bswap -#endif -#endif - -#if defined(__clang__) && defined(__has_builtin) -#if __has_builtin(__builtin_bswap32) && \ - __has_builtin(__builtin_bswap64) -#define have_bswap -#endif -#endif - -#if defined(have_bswap) - /* The compiler is hopefully able to statically evaluate this! */ - switch( sizeof(mbedtls_mpi_uint) ) - { - case 4: - return( __builtin_bswap32(x) ); - case 8: - return( __builtin_bswap64(x) ); - } -#endif -#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ -#endif /* __BYTE_ORDER__ */ - - /* Fall back to C-based reordering if we don't know the byte order - * or we couldn't use a compiler-specific builtin. */ - return( mpi_bigendian_to_host_c( x ) ); -} - -void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, - size_t limbs ) -{ - mbedtls_mpi_uint *cur_limb_left; - mbedtls_mpi_uint *cur_limb_right; - if( limbs == 0 ) - return; - - /* - * Traverse limbs and - * - adapt byte-order in each limb - * - swap the limbs themselves. - * For that, simultaneously traverse the limbs from left to right - * and from right to left, as long as the left index is not bigger - * than the right index (it's not a problem if limbs is odd and the - * indices coincide in the last iteration). - */ - for( cur_limb_left = X, cur_limb_right = X + ( limbs - 1 ); - cur_limb_left <= cur_limb_right; - cur_limb_left++, cur_limb_right-- ) - { - mbedtls_mpi_uint tmp; - /* Note that if cur_limb_left == cur_limb_right, - * this code effectively swaps the bytes only once. */ - tmp = mpi_bigendian_to_host( *cur_limb_left ); - *cur_limb_left = mpi_bigendian_to_host( *cur_limb_right ); - *cur_limb_right = tmp; - } -} - -/* - * Import X from unsigned binary data, little endian - * - * The MPI needs to have enough limbs to store the full value (in particular, - * this function does not skip 0s in the input). - */ -int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, - size_t nx, - const unsigned char *buf, - size_t buflen ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - - /* Ensure that target MPI has at least the necessary number of limbs */ - MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); - - for( i = 0; i < buflen; i++ ) - X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); - -cleanup: - return( ret ); -} - -/* - * Import X from unsigned binary data, big endian - * - * The MPI needs to have enough limbs to store the full value (in particular, - * this function does not skip 0s in the input). - */ -int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, - size_t nx, - const unsigned char *buf, - size_t buflen ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - size_t overhead; - unsigned char *Xp; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - - /* Ensure that target MPI has at least the necessary number of limbs */ - MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); - - overhead = ( nx * ciL ) - buflen; - - /* Avoid calling `memcpy` with NULL source or destination argument, - * even if buflen is 0. */ - if( buflen != 0 ) - { - Xp = (unsigned char*) X; - memcpy( Xp + overhead, buf, buflen ); - - mbedtls_mpi_core_bigendian_to_host( X, nx ); - } - -cleanup: - return( ret ); -} - -/* - * Export X into unsigned binary data, little endian - */ -int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, - size_t nx, - unsigned char *buf, - size_t buflen ) -{ - size_t stored_bytes = nx * ciL; - size_t bytes_to_copy; - size_t i; - - if( stored_bytes < buflen ) - { - bytes_to_copy = stored_bytes; - } - else - { - bytes_to_copy = buflen; - - /* The output buffer is smaller than the allocated size of X. - * However X may fit if its leading bytes are zero. */ - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - } - } - - for( i = 0; i < bytes_to_copy; i++ ) - buf[i] = GET_BYTE( X, i ); - - if( stored_bytes < buflen ) - { - /* Write trailing 0 bytes */ - memset( buf + stored_bytes, 0, buflen - stored_bytes ); - } - - return( 0 ); -} - -/* - * Export X into unsigned binary data, big endian - */ -int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, - size_t nx, - unsigned char *buf, - size_t buflen ) -{ - size_t stored_bytes; - size_t bytes_to_copy; - unsigned char *p; - size_t i; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - - stored_bytes = nx * ciL; - - if( stored_bytes < buflen ) - { - /* There is enough space in the output buffer. Write initial - * null bytes and record the position at which to start - * writing the significant bytes. In this case, the execution - * trace of this function does not depend on the value of the - * number. */ - bytes_to_copy = stored_bytes; - p = buf + buflen - stored_bytes; - memset( buf, 0, buflen - stored_bytes ); - } - else - { - /* The output buffer is smaller than the allocated size of X. - * However X may fit if its leading bytes are zero. */ - bytes_to_copy = buflen; - p = buf; - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - } - } - - for( i = 0; i < bytes_to_copy; i++ ) - p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); - - return( 0 ); -} - int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, mbedtls_mpi_mod_modulus *m, unsigned char *buf, From 0ded63187958dfd31ffae60fff5bf093df66a6ca Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 9 Aug 2022 13:34:54 +0100 Subject: [PATCH 28/64] Bignum: extract bignum_mod_raw.h functions Extract functions declared in bignum_mod_raw.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath --- include/mbedtls/mbedtls_config.h | 1 + library/CMakeLists.txt | 1 + library/Makefile | 1 + library/bignum_mod_raw.c | 90 ++++++++++++++++++++++++++++++++ library/bignum_mod_raw.h | 2 + library/bignum_new.c | 46 ---------------- 6 files changed, 95 insertions(+), 46 deletions(-) create mode 100644 library/bignum_mod_raw.c diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index bb6708e03..ed85e3fd4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2012,6 +2012,7 @@ * Module: library/bignum.c * library/bignum_new.c * library/bignum_core.c + * library/bignum_mod_raw.c * Caller: library/dhm.c * library/ecp.c * library/ecdsa.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index bef0dbf80..2920c555c 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -20,6 +20,7 @@ set(src_crypto bignum.c bignum_new.c bignum_core.c + bignum_mod_raw.c camellia.c ccm.c chacha20.c diff --git a/library/Makefile b/library/Makefile index a1c4bb9d6..621087830 100644 --- a/library/Makefile +++ b/library/Makefile @@ -85,6 +85,7 @@ OBJS_CRYPTO= \ bignum.o \ bignum_new.o \ bignum_core.o \ + bignum_mod_raw.o \ camellia.o \ ccm.o \ chacha20.o \ diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c new file mode 100644 index 000000000..305cec19b --- /dev/null +++ b/library/bignum_mod_raw.c @@ -0,0 +1,90 @@ +/* + * Multi-precision integer library + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_BIGNUM_C) + +#include + +#include "mbedtls/error.h" +#include "mbedtls/platform_util.h" + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_printf printf +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + +#include "bignum_core.h" +#include "bignum_mod_raw.h" +#include "bignum_mod.h" +#include "constant_time_internal.h" + +int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) + ret = mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); + + else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) + ret = mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); + else + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( ret != 0 ) + goto cleanup; + + if( !mbedtls_mpi_core_lt_ct( X, m->p, m->n ) ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + +cleanup: + + return( ret ); +} + +int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ) +{ + if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) + return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); + + else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) + return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); + + else + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + return( 0 ); +} + +#endif /* MBEDTLS_BIGNUM_C */ diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 85ca533da..a6c535b80 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -26,6 +26,8 @@ #include "mbedtls/bignum.h" #endif +#include "bignum_mod.h" + /** Import X from unsigned binary data. * * The MPI needs to have enough limbs to store the full value (in particular, diff --git a/library/bignum_new.c b/library/bignum_new.c index 8b23f139f..5ff55aaf8 100644 --- a/library/bignum_new.c +++ b/library/bignum_new.c @@ -149,50 +149,4 @@ exit: return( ret ); } -int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, - mbedtls_mpi_mod_modulus *m, - unsigned char *buf, - size_t buflen ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) - ret = mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); - - else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) - ret = mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); - else - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( ret != 0 ) - goto cleanup; - - if( !mbedtls_mpi_core_lt_ct( X, m->p, m->n ) ) - { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto cleanup; - } - -cleanup: - - return( ret ); -} - -int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, - mbedtls_mpi_mod_modulus *m, - unsigned char *buf, - size_t buflen ) -{ - if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) - return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); - - else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) - return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); - - else - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - return( 0 ); -} - #endif /* MBEDTLS_BIGNUM_C */ From d1baedb786a78e6d791b8a832bc1fc8b6c3d752f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 9 Aug 2022 13:44:53 +0100 Subject: [PATCH 29/64] Bignum: extract bignum_mod.h functions Extract functions declared in bignum_mod.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point This makes library/bignum_new.c empty and therefore it is deleted. Signed-off-by: Janos Follath --- include/mbedtls/mbedtls_config.h | 2 +- library/CMakeLists.txt | 2 +- library/Makefile | 2 +- library/{bignum_new.c => bignum_mod.c} | 9 +++++---- 4 files changed, 8 insertions(+), 7 deletions(-) rename library/{bignum_new.c => bignum_mod.c} (99%) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ed85e3fd4..3e25355f7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2010,9 +2010,9 @@ * Enable the multi-precision integer library. * * Module: library/bignum.c - * library/bignum_new.c * library/bignum_core.c * library/bignum_mod_raw.c + * library/bignum_mod.c * Caller: library/dhm.c * library/ecp.c * library/ecdsa.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 2920c555c..96c12fb90 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -18,9 +18,9 @@ set(src_crypto asn1write.c base64.c bignum.c - bignum_new.c bignum_core.c bignum_mod_raw.c + bignum_mod.c camellia.c ccm.c chacha20.c diff --git a/library/Makefile b/library/Makefile index 621087830..49029d86b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -83,9 +83,9 @@ OBJS_CRYPTO= \ asn1write.o \ base64.o \ bignum.o \ - bignum_new.o \ bignum_core.o \ bignum_mod_raw.o \ + bignum_mod.o \ camellia.o \ ccm.o \ chacha20.o \ diff --git a/library/bignum_new.c b/library/bignum_mod.c similarity index 99% rename from library/bignum_new.c rename to library/bignum_mod.c index 5ff55aaf8..63f917266 100644 --- a/library/bignum_new.c +++ b/library/bignum_mod.c @@ -26,10 +26,6 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "mbedtls/bignum.h" -#include "bignum_core.h" -#include "bignum_mod.h" -#include "bignum_mod_raw.h" -#include "constant_time_internal.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -41,6 +37,11 @@ #define mbedtls_free free #endif +#include "bignum_core.h" +#include "bignum_mod.h" +#include "bignum_mod_raw.h" +#include "constant_time_internal.h" + int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, From c47c0569d40303813d5987b2f3dc3eb081f19903 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 9 Aug 2022 13:54:43 +0100 Subject: [PATCH 30/64] Remove VALIDATE macros from bignum_core.c They are deprecated and are declared to be empty anyway. Signed-off-by: Janos Follath --- library/bignum_core.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 35173b9e7..3c083a438 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -38,11 +38,6 @@ #include "bignum_core.h" -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) -#define MPI_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -239,9 +234,6 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, size_t overhead; unsigned char *Xp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - /* Ensure that target MPI has at least the necessary number of limbs */ MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); @@ -315,9 +307,6 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, unsigned char *p; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - stored_bytes = nx * ciL; if( stored_bytes < buflen ) From 9938719a05402b4dbc448704d246c2999989a5a7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Aug 2022 11:11:34 +0100 Subject: [PATCH 31/64] Allow internal macros without prefix Internal macros are not present as symbols, visible or usable outside the compilation unit and it is safe to allow them to have a name without namespace prefix. We also allow them to start with lower case letters as some of our internal macros already have names like that. Signed-off-by: Janos Follath --- tests/scripts/check_names.py | 41 ++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 96117a2c9..1d87f26b0 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -58,8 +58,9 @@ import logging # Naming patterns to check against. These are defined outside the NameCheck # class for ease of modification. -MACRO_PATTERN = r"^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$" -CONSTANTS_PATTERN = MACRO_PATTERN +PUBLIC_MACRO_PATTERN = r"^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$" +INTERNAL_MACRO_PATTERN = r"^[0-9A-Za-z_]*[0-9A-Z]$" +CONSTANTS_PATTERN = PUBLIC_MACRO_PATTERN IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$" class Match(): # pylint: disable=too-few-public-methods @@ -249,14 +250,17 @@ class CodeParser(): .format(str(self.excluded_files)) ) - all_macros = self.parse_macros([ + all_macros = {"public": [], "internal": []} + all_macros["public"] = self.parse_macros([ "include/mbedtls/*.h", "include/psa/*.h", - "library/*.h", - "tests/include/test/drivers/*.h", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" ]) + all_macros["internal"] = self.parse_macros([ + "library/*.h", + "tests/include/test/drivers/*.h", + ]) enum_consts = self.parse_enum_consts([ "include/mbedtls/*.h", "library/*.h", @@ -284,20 +288,25 @@ class CodeParser(): # Remove identifier macros like mbedtls_printf or mbedtls_calloc identifiers_justname = [x.name for x in identifiers] - actual_macros = [] - for macro in all_macros: - if macro.name not in identifiers_justname: - actual_macros.append(macro) + actual_macros = {"public": [], "internal": []} + for scope in actual_macros: + for macro in all_macros[scope]: + if macro.name not in identifiers_justname: + actual_macros[scope].append(macro) self.log.debug("Found:") # Aligns the counts on the assumption that none exceeds 4 digits - self.log.debug(" {:4} Total Macros".format(len(all_macros))) - self.log.debug(" {:4} Non-identifier Macros".format(len(actual_macros))) + for scope in actual_macros: + self.log.debug(" {:4} Total {} Macros" + .format(len(all_macros[scope]), scope)) + self.log.debug(" {:4} {} Non-identifier Macros" + .format(len(actual_macros[scope]), scope)) self.log.debug(" {:4} Enum Constants".format(len(enum_consts))) self.log.debug(" {:4} Identifiers".format(len(identifiers))) self.log.debug(" {:4} Exported Symbols".format(len(symbols))) return { - "macros": actual_macros, + "public_macros": actual_macros["public"], + "internal_macros": actual_macros["internal"], "enum_consts": enum_consts, "identifiers": identifiers, "symbols": symbols, @@ -741,7 +750,8 @@ class NameChecker(): problems += self.check_symbols_declared_in_header() pattern_checks = [ - ("macros", MACRO_PATTERN), + ("public_macros", PUBLIC_MACRO_PATTERN), + ("internal_macros", INTERNAL_MACRO_PATTERN), ("enum_consts", CONSTANTS_PATTERN), ("identifiers", IDENTIFIER_PATTERN) ] @@ -825,7 +835,10 @@ class NameChecker(): all_caps_names = { match.name for match - in self.parse_result["macros"] + self.parse_result["enum_consts"]} + in self.parse_result["public_macros"] + + self.parse_result["internal_macros"] + + self.parse_result["enum_consts"] + } typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|" r"MBEDTLS_TEST_LIBTESTDRIVER*") From d0895708e226c009581d544473167ad9c2e3aa8f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Aug 2022 13:32:16 +0100 Subject: [PATCH 32/64] Bignum: move internal constants to headers Now that the check_names script allows it, we can do so. Signed-off-by: Janos Follath --- library/bignum.c | 15 --------------- library/bignum_core.c | 14 -------------- library/bignum_core.h | 14 ++++++++++++++ tests/suites/test_suite_mpi.function | 12 +----------- 4 files changed, 15 insertions(+), 40 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 0e7b3cea0..2e5ad96ff 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -63,19 +63,8 @@ #define MPI_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ - #define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { @@ -304,10 +293,6 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 ); } -/* Get a specific byte, without range checks. */ -#define GET_BYTE( X, i ) \ - ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) - /* * Set a bit to a specific value of 0 or 1 */ diff --git a/library/bignum_core.c b/library/bignum_core.c index 3c083a438..ab7d8e148 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -38,20 +38,6 @@ #include "bignum_core.h" -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ - -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) -/* Get a specific byte, without range checks. */ -#define GET_BYTE( X, i ) \ - ( ( ( X )[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) - /* * Count leading zero bits in a given integer */ diff --git a/library/bignum_core.h b/library/bignum_core.h index 2141640cf..3a789272c 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -122,4 +122,18 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, unsigned char *buf, size_t buflen ); +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +/* Get a specific byte, without range checks. */ +#define GET_BYTE( X, i ) \ + ( ( ( X )[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) + #endif /* MBEDTLS_BIGNUM_CORE_H */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 07bd03892..d9a1509d0 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -10,17 +10,7 @@ #if MBEDTLS_MPI_MAX_BITS > 792 #define MPI_MAX_BITS_LARGER_THAN_792 #endif - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ - -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - +# /* Check the validity of the sign bit in an MPI object. Reject representations * that are not supported by the rest of the library and indicate a bug when * constructing the value. */ From 8d59c86f61af943150672b5a7e6796588338e7f4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Aug 2022 15:35:35 +0100 Subject: [PATCH 33/64] Make pylint happy Signed-off-by: Janos Follath --- tests/scripts/check_names.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 1d87f26b0..e20448729 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -298,9 +298,9 @@ class CodeParser(): # Aligns the counts on the assumption that none exceeds 4 digits for scope in actual_macros: self.log.debug(" {:4} Total {} Macros" - .format(len(all_macros[scope]), scope)) + .format(len(all_macros[scope]), scope)) self.log.debug(" {:4} {} Non-identifier Macros" - .format(len(actual_macros[scope]), scope)) + .format(len(actual_macros[scope]), scope)) self.log.debug(" {:4} Enum Constants".format(len(enum_consts))) self.log.debug(" {:4} Identifiers".format(len(identifiers))) self.log.debug(" {:4} Exported Symbols".format(len(symbols))) @@ -836,8 +836,8 @@ class NameChecker(): match.name for match in self.parse_result["public_macros"] + - self.parse_result["internal_macros"] + - self.parse_result["enum_consts"] + self.parse_result["internal_macros"] + + self.parse_result["enum_consts"] } typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|" r"MBEDTLS_TEST_LIBTESTDRIVER*") From 1cb3b976c39a8a7c6a4f94fda0aca9ad45270a8d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Aug 2022 10:50:04 +0100 Subject: [PATCH 34/64] Test big endian core I/O with odd limbs Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.data | 48 ++++++++++++++++------------ tests/suites/test_suite_mpi.function | 14 ++++---- 2 files changed, 35 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index c87c4ceda..5ef26f799 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -86,34 +86,34 @@ Test mbedtls_mpi_core_io functions with null pointers mbedtls_mpi_core_io_null Test mbedtls_mpi_core_io_be #1 (Buffer and limbs just fit, input limb-aligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:0:0 +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:24:0:0 Test mbedtls_mpi_core_io_be #2 (Buffer and limbs just fit, input unaligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:0:0 +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:24:0:0 Test mbedtls_mpi_core_io_be #3 (Buffer just fits, extra limbs, input limb-aligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:0:0 +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:28:0:0 Test mbedtls_mpi_core_io_be #4 (Buffer just fits, extra limbs, input unaligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:0:0 +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:28:0:0 Test mbedtls_mpi_core_io_be #5 (Extra limbs, buffer aligned to extra limbs, input limb-aligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:0:0 +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:28:0:0 Test mbedtls_mpi_core_io_be #6 (Extra limbs, buffer aligned to extra limbs, input unaligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:0:0 +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:28:0:0 Test mbedtls_mpi_core_io_be #7 (Buffer and limbs just fit, input limb-aligned with leading zeroes) -mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:12:0:0 +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:24:0:0 Test mbedtls_mpi_core_io_be #8 (Buffer and limbs just fit, input unaligned with leading zeroes) -mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:12:0:0 +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:24:0:0 Test mbedtls_mpi_core_io_be #9 (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) -mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:14:0:0 +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:28:0:0 Test mbedtls_mpi_core_io_be #10 (Buffer just fits, extra limbs, input unaligned with leading zeroes) -mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:14:0:0 +mbedtls_mpi_core_io_be:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:28:0:0 Test mbedtls_mpi_core_io_be #11 (Zero) mbedtls_mpi_core_io_be:"00":1:1:0:0 @@ -127,20 +127,28 @@ mbedtls_mpi_core_io_be:"":1:1:0:0 Test mbedtls_mpi_core_io_be #14 (One) mbedtls_mpi_core_io_be:"01":1:1:0:0 -Test mbedtls_mpi_core_io_be #14 (One limb) -mbedtls_mpi_core_io_be:"ff00000000000000":8:1:0:0 +Test mbedtls_mpi_core_io_be #15 (One limb, 32 bit) +depends_on:MBEDTLS_HAVE_INT32 +mbedtls_mpi_core_io_be:"ff000000":4:1:0:0 -Test mbedtls_mpi_core_io_be #15 (not enough limbs, input limb-aligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_core_io_be #16 (One limb, 64 bit) +depends_on:MBEDTLS_HAVE_INT64 +mbedtls_mpi_core_io_be:"ff00000000000000":8:2:0:0 -Test mbedtls_mpi_core_io_be #16 (not enough limbs, input unaligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_core_io_be #17 (not enough limbs, input limb-aligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:22:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_core_io_be #17 (buffer too small, input limb-aligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_core_io_be #18 (not enough limbs, input unaligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:22:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_core_io_be #18 (buffer too small, input unaligned) -mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_core_io_be #19 (buffer too small, input limb-aligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:24:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_core_io_be #20 (buffer too small, input unaligned) +mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:24:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_core_io_be #21 (Buffer and limbs fit, input unaligned, odd number of limbs) +mbedtls_mpi_core_io_be:"00de4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":82:21:0:0 Test mbedtls_mpi_core_io_le #1 (Buffer and limbs just fit, input limb-aligned) mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index d9a1509d0..cd901d17c 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -233,7 +233,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_64_int, int iret, +void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, int oret ) { #define BMAX 1024 @@ -250,12 +250,12 @@ void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_64_int, int iret, nb = nb_int; TEST_ASSERT( nb <= BMAX ); - TEST_ASSERT( 0 <= nx_64_int ); - nx = nx_64_int; - /* nx_64_int is the number of 64 bit limbs, if we have 32 bit limbs we need - * to double the number of limbs to have the same size. */ - if( sizeof( mbedtls_mpi_uint ) == 4 ) - nx *= 2; + TEST_ASSERT( 0 <= nx_32_int ); + nx = nx_32_int; + /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need + * to halve the number of limbs to have the same size. */ + if( sizeof( mbedtls_mpi_uint ) == 8 ) + nx = nx / 2 + nx % 2; TEST_ASSERT( nx <= XMAX ); ret = mbedtls_mpi_core_read_be( X, nx, input->x, input->len ); From 9dfb5621ff17def2a0906c017c98cfce442c4b09 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Aug 2022 12:15:55 +0100 Subject: [PATCH 35/64] Test little endian core I/O with odd limbs Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.data | 48 ++++++++++++++++------------ tests/suites/test_suite_mpi.function | 14 ++++---- 2 files changed, 35 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 5ef26f799..322e12e10 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -151,34 +151,34 @@ Test mbedtls_mpi_core_io_be #21 (Buffer and limbs fit, input unaligned, odd numb mbedtls_mpi_core_io_be:"00de4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":82:21:0:0 Test mbedtls_mpi_core_io_le #1 (Buffer and limbs just fit, input limb-aligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:0:0 +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:24:0:0 Test mbedtls_mpi_core_io_le #2 (Buffer and limbs just fit, input unaligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:0:0 +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:24:0:0 Test mbedtls_mpi_core_io_le #3 (Buffer just fits, extra limbs, input limb-aligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:0:0 +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:28:0:0 Test mbedtls_mpi_core_io_le #4 (Buffer just fits, extra limbs, input unaligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:0:0 +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:28:0:0 Test mbedtls_mpi_core_io_le #5 (Extra limbs, buffer aligned to extra limbs, input limb-aligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:0:0 +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:28:0:0 Test mbedtls_mpi_core_io_le #6 (Extra limbs, buffer aligned to extra limbs, input unaligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:0:0 +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:28:0:0 Test mbedtls_mpi_core_io_le #7 (Buffer and limbs just fit, input limb-aligned with leading zeroes) -mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:12:0:0 +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:24:0:0 Test mbedtls_mpi_core_io_le #8 (Buffer and limbs just fit, input unaligned with leading zeroes) -mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:12:0:0 +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:24:0:0 Test mbedtls_mpi_core_io_le #9 (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) -mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:14:0:0 +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:28:0:0 Test mbedtls_mpi_core_io_le #10 (Buffer just fits, extra limbs, input unaligned with leading zeroes) -mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:14:0:0 +mbedtls_mpi_core_io_le:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:28:0:0 Test mbedtls_mpi_core_io_le #11 (Zero) mbedtls_mpi_core_io_le:"00":1:1:0:0 @@ -192,20 +192,28 @@ mbedtls_mpi_core_io_le:"":1:1:0:0 Test mbedtls_mpi_core_io_le #14 (One) mbedtls_mpi_core_io_le:"01":1:1:0:0 -Test mbedtls_mpi_core_io_le #14 (One limb) -mbedtls_mpi_core_io_le:"00000000000000ff":8:1:0:0 +Test mbedtls_mpi_core_io_le #15 (One limb) +depends_on:MBEDTLS_HAVE_INT32 +mbedtls_mpi_core_io_le:"000000ff":4:1:0:0 -Test mbedtls_mpi_core_io_le #15 (not enough limbs, input limb-aligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_core_io_le #16 (One limb) +depends_on:MBEDTLS_HAVE_INT64 +mbedtls_mpi_core_io_le:"00000000000000ff":8:2:0:0 -Test mbedtls_mpi_core_io_le #16 (not enough limbs, input unaligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_core_io_le #17 (not enough limbs, input limb-aligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:22:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_core_io_le #17 (buffer too small, input limb-aligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_core_io_le #18 (not enough limbs, input unaligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:22:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_core_io_le #18 (buffer too small, input unaligned) -mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_core_io_le #19 (buffer too small, input limb-aligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:24:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_core_io_le #20 (buffer too small, input unaligned) +mbedtls_mpi_core_io_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:24:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_core_io_le #21 (Buffer and limbs fit, input unaligned, odd number of limbs) +mbedtls_mpi_core_io_le:"de4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b442400":82:21:0:0 Test mbedtls_mpi_mod_raw_io #1 BE (Buffer and limbs just fit, input limb-aligned) mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index cd901d17c..aaceb3ade 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -294,7 +294,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_64_int, int iret, +void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, int oret ) { #define BMAX 1024 @@ -311,12 +311,12 @@ void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_64_int, int iret, nb = nb_int; TEST_ASSERT( nb <= BMAX ); - TEST_ASSERT( 0 <= nx_64_int ); - nx = nx_64_int; - /* nx_64_int is the number of 64 bit limbs, if we have 32 bit limbs we need - * to double the number of limbs to have the same size. */ - if( sizeof( mbedtls_mpi_uint ) == 4 ) - nx *= 2; + TEST_ASSERT( 0 <= nx_32_int ); + nx = nx_32_int; + /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need + * to halve the number of limbs to have the same size. */ + if( sizeof( mbedtls_mpi_uint ) == 8 ) + nx = nx / 2 + nx % 2; TEST_ASSERT( nx <= XMAX ); ret = mbedtls_mpi_core_read_le( X, nx, input->x, input->len ); From 296ea664425ae4a55562c1235b83c9719d06239c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Aug 2022 14:58:29 +0100 Subject: [PATCH 36/64] Bignum: clean up use of enums - Made use of enums in struct and function declaration - All enums are handled by switch case now - If the switch does nothing on default, omit the default case to make compiler warnings more powerful - The two enums are now disjoint and the value 1 is skipped to make mistakes easier to detect Signed-off-by: Janos Follath --- library/bignum_mod.c | 21 ++++++++++++-------- library/bignum_mod.h | 43 ++++++++++++++++++++-------------------- library/bignum_mod_raw.c | 37 ++++++++++++++++++---------------- 3 files changed, 55 insertions(+), 46 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 63f917266..c4248544a 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -88,10 +88,12 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) switch( m->int_rep ) { case MBEDTLS_MPI_MOD_REP_MONTGOMERY: - mbedtls_free( m->rep.mont ); break; + mbedtls_free( m->rep.mont ); + break; case MBEDTLS_MPI_MOD_REP_OPT_RED: - mbedtls_free( m->rep.ored ); break; - default: + mbedtls_free( m->rep.ored ); + break; + case MBEDTLS_MPI_MOD_REP_INVALID: break; } @@ -105,8 +107,8 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, size_t pn, - int ext_rep, - int int_rep ) + mbedtls_mpi_mod_ext_rep ext_rep, + mbedtls_mpi_mod_rep_selector int_rep ) { int ret = 0; @@ -121,7 +123,8 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, { case MBEDTLS_MPI_MOD_EXT_REP_LE: case MBEDTLS_MPI_MOD_EXT_REP_BE: - m->ext_rep = ext_rep; break; + m->ext_rep = ext_rep; + break; default: ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto exit; @@ -131,10 +134,12 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, { case MBEDTLS_MPI_MOD_REP_MONTGOMERY: m->int_rep = int_rep; - m->rep.mont = NULL; break; + m->rep.mont = NULL; + break; case MBEDTLS_MPI_MOD_REP_OPT_RED: m->int_rep = int_rep; - m->rep.ored = NULL; break; + m->rep.ored = NULL; + break; default: ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto exit; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 254a744ff..7950f09b7 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -26,6 +26,22 @@ #include "mbedtls/bignum.h" #endif +/* Skip 1 as it is slightly easier to accidentally pass to functions. */ +typedef enum +{ + MBEDTLS_MPI_MOD_REP_INVALID = 0, + MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2, + MBEDTLS_MPI_MOD_REP_OPT_RED +} mbedtls_mpi_mod_rep_selector; + +/* Make mbedtls_mpi_mod_rep_selector and mbedtls_mpi_mod_ext_rep disjoint to + * make it easier to catch when they are accidentally swapped. */ +typedef enum +{ + MBEDTLS_MPI_MOD_EXT_REP_INVALID = 0, + MBEDTLS_MPI_MOD_EXT_REP_LE = 8, + MBEDTLS_MPI_MOD_EXT_REP_BE +} mbedtls_mpi_mod_ext_rep; typedef struct { @@ -38,10 +54,10 @@ typedef void* mbedtls_mpi_opt_red_struct; typedef struct { mbedtls_mpi_uint *p; - size_t n; // number of limbs - size_t plen; // bitlen of p - int ext_rep; // signals external representation (eg. byte order) - int int_rep; // selector to signal the active member of the union + size_t n; // number of limbs + size_t plen; // bitlen of p + mbedtls_mpi_mod_ext_rep ext_rep; // signals external representation (eg. byte order) + mbedtls_mpi_mod_rep_selector int_rep; // selector to signal the active member of the union union rep { mbedtls_mpi_mont_struct mont; @@ -49,21 +65,6 @@ typedef struct { } rep; } mbedtls_mpi_mod_modulus; -typedef enum -{ - MBEDTLS_MPI_MOD_REP_INVALID = 0, - MBEDTLS_MPI_MOD_REP_MONTGOMERY, - MBEDTLS_MPI_MOD_REP_OPT_RED -} mbedtls_mpi_mod_rep_selector; - -typedef enum -{ - MBEDTLS_MPI_MOD_EXT_REP_INVALID = 0, - MBEDTLS_MPI_MOD_EXT_REP_LE, - MBEDTLS_MPI_MOD_EXT_REP_BE -} mbedtls_mpi_mod_ext_rep; - - /** Setup a residue structure. * * \param r The address of residue to setup. The size is determined by \p m. @@ -124,8 +125,8 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, size_t pn, - int ext_rep, - int int_rep ); + mbedtls_mpi_mod_ext_rep ext_rep, + mbedtls_mpi_mod_rep_selector int_rep ); /** Free elements of a modulus structure. * diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 305cec19b..d3cd770ef 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -48,13 +48,17 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) - ret = mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); - - else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) - ret = mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); - else - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + switch( m->ext_rep ) + { + case MBEDTLS_MPI_MOD_EXT_REP_LE: + ret = mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); + break; + case MBEDTLS_MPI_MOD_EXT_REP_BE: + ret = mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); + break; + default: + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } if( ret != 0 ) goto cleanup; @@ -75,16 +79,15 @@ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, unsigned char *buf, size_t buflen ) { - if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_LE ) - return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); - - else if( m->ext_rep == MBEDTLS_MPI_MOD_EXT_REP_BE ) - return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); - - else - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - return( 0 ); + switch( m->ext_rep ) + { + case MBEDTLS_MPI_MOD_EXT_REP_LE: + return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); + case MBEDTLS_MPI_MOD_EXT_REP_BE: + return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); + default: + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } } #endif /* MBEDTLS_BIGNUM_C */ From 56a10f97ba12e0192eb76ac5882b29b67672288f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Aug 2022 15:19:00 +0100 Subject: [PATCH 37/64] Bignum: remove unnecessary NULL pointer checks A null pointer dereference, or null pointer plus small offset, is a clean runtime error in most environments. So it's not particularly useful to protect against this. While at it make a null pointer check that is actually necessary more robust. Signed-off-by: Janos Follath --- library/bignum_core.c | 2 +- library/bignum_mod.c | 6 ------ library/bignum_mod.h | 9 ++++----- 3 files changed, 5 insertions(+), 12 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index ab7d8e148..ee71e3fe5 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -227,7 +227,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, /* Avoid calling `memcpy` with NULL source or destination argument, * even if buflen is 0. */ - if( buflen != 0 ) + if( buf != NULL ) { Xp = (unsigned char*) X; memcpy( Xp + overhead, buf, buflen ); diff --git a/library/bignum_mod.c b/library/bignum_mod.c index c4248544a..38aff9bd4 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -47,9 +47,6 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_uint *p, size_t pn ) { - if( p == NULL || m == NULL || r == NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - if( pn < m->n || !mbedtls_mpi_core_lt_ct( m->p, p, pn ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -112,9 +109,6 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, { int ret = 0; - if ( p == NULL || m == NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - m->p = p; m->n = pn; m->plen = mbedtls_mpi_core_bitlen( p, pn ); diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 7950f09b7..ee9982a58 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -78,9 +78,8 @@ typedef struct { * \param pn The number of limbs of \p p. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p r, \p m or \p p is #NULL - * pointer, \p pn is less than the limbs in \p m or if \p p is not - * less than \p m. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p pn is less than the limbs + * in \p m or if \p p is not less than \p m. */ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_modulus *m, @@ -119,8 +118,8 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); * associated with \p m (see #mbedtls_mpi_mod_rep_selector). * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p m or \p p is - * #NULL pointer or if \p ext_rep or \p int_rep is invalid. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep or \p int_rep is + * invalid. */ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, From 2ab2d3e3e92c596a0bba49d241deb79a31363438 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Aug 2022 16:13:53 +0100 Subject: [PATCH 38/64] Inline mpi_core_clear() This used to resize MPIs in the legacy interface, which is not needed/possible as the new interface has fixed size MPIs. Inlining this function makes the code easier to read and maintain, while there is no obvious drawback to it. Signed-off-by: Janos Follath --- library/bignum_core.c | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index ee71e3fe5..1929c173f 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -75,20 +75,6 @@ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) return( ( i * biL ) + j ); } -/* Check X to have at least n limbs and set it to 0. */ -static int mpi_core_clear( mbedtls_mpi_uint *X, - size_t nx, - size_t limbs ) -{ - if( nx < limbs ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - - if( X != NULL ) - memset( X, 0, nx * ciL ); - - return( 0 ); -} - /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. */ static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint x ) @@ -190,18 +176,19 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, const unsigned char *buf, size_t buflen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; size_t const limbs = CHARS_TO_LIMBS( buflen ); - /* Ensure that target MPI has at least the necessary number of limbs */ - MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); + if( nx < limbs ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + + if( X != NULL ) + memset( X, 0, nx * ciL ); for( i = 0; i < buflen; i++ ) X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); -cleanup: - return( ret ); + return( 0 ); } /* @@ -215,13 +202,15 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, const unsigned char *buf, size_t buflen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t const limbs = CHARS_TO_LIMBS( buflen ); size_t overhead; unsigned char *Xp; - /* Ensure that target MPI has at least the necessary number of limbs */ - MBEDTLS_MPI_CHK( mpi_core_clear( X, nx, limbs ) ); + if( nx < limbs ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + + if( X != NULL ) + memset( X, 0, nx * ciL ); overhead = ( nx * ciL ) - buflen; @@ -235,8 +224,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, mbedtls_mpi_core_bigendian_to_host( X, nx ); } -cleanup: - return( ret ); + return( 0 ); } /* From a30b4e5692e427f0723f20b6005560c61164fdbb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Aug 2022 17:15:18 +0100 Subject: [PATCH 39/64] Bignum: remove duplicate documentation from source These functions have full documentation in the header. Maintaing two copies does not worth the effort and having an out of sync reduced duplicate is not helpful. Signed-off-by: Janos Follath --- library/bignum_core.c | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 1929c173f..f250009bb 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -38,9 +38,6 @@ #include "bignum_core.h" -/* - * Count leading zero bits in a given integer - */ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) { size_t j; @@ -56,9 +53,6 @@ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) return j; } -/* - * Return the number of bits - */ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) { size_t i, j; @@ -165,12 +159,6 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, } } -/* - * Import X from unsigned binary data, little endian - * - * The MPI needs to have enough limbs to store the full value (in particular, - * this function does not skip 0s in the input). - */ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, size_t nx, const unsigned char *buf, @@ -191,12 +179,6 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, return( 0 ); } -/* - * Import X from unsigned binary data, big endian - * - * The MPI needs to have enough limbs to store the full value (in particular, - * this function does not skip 0s in the input). - */ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, size_t nx, const unsigned char *buf, @@ -227,9 +209,6 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, return( 0 ); } -/* - * Export X into unsigned binary data, little endian - */ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, size_t nx, unsigned char *buf, @@ -268,9 +247,6 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, return( 0 ); } -/* - * Export X into unsigned binary data, big endian - */ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, size_t nx, unsigned char *buf, From 6318468183412193ebc08c01531f122daf1c5da3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Aug 2022 17:42:59 +0100 Subject: [PATCH 40/64] Improve bignum documentation Signed-off-by: Janos Follath --- library/bignum_core.h | 28 ++++++++++++++++++++++------ library/bignum_mod.h | 14 +++++++------- library/bignum_mod_raw.h | 11 ++++++++--- library/constant_time.c | 3 ++- library/constant_time_internal.h | 9 +++++---- tests/suites/test_suite_mpi.data | 18 +++++++++--------- 6 files changed, 53 insertions(+), 30 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 3a789272c..117c3c5f3 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -1,5 +1,10 @@ /** - * Internal bignum functions + * Core bignum functions + * + * This interface only should be used by the legacy bignum module (bignum.h) + * and the modular bignum modules (bignum_mod.c, bignum_mod_raw.c). All other + * modules should use the high level modular bignum interface (bignum_mod.h) + * or the legacy bignum interface (bignum.h). * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -34,7 +39,10 @@ */ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ); -/** Return the number of bits of an MPI. +/** Return the the minimum number of bits required to represent the value held + * in the MPI. + * + * \note This function returns 0 if all the limbs of \p X are 0. * * \param X The address of the MPI. * \param nx The number of limbs of \p X. @@ -54,8 +62,8 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, /** Import X from unsigned binary data, little endian. * - * The MPI needs to have enough limbs to store the full value (in particular, - * this function does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (including any + * most significant zero bytes in the input). * * \param X The address of the MPI. * \param nx The number of limbs of \p X. @@ -73,8 +81,8 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, /** Import X from unsigned binary data, big endian. * - * The MPI needs to have enough limbs to store the full value (in particular, - * this function does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (including any + * most significant zero bytes in the input). * * \param X The address of the MPI. * \param nx The number of limbs of \p X. @@ -91,6 +99,10 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, size_t buflen ); /** Export X into unsigned binary data, little endian. + * + * \note If \p buf is shorter than \p X the export is still successful if the + * value held in \p X fits in the buffer (that is, if enough of the most + * significant bytes of \p X are 0). * * \param X The address of the MPI. * \param nx The number of limbs of \p X. @@ -107,6 +119,10 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, size_t buflen ); /** Export X into unsigned binary data, big endian. + * + * \note If \p buf is shorter than \p X the export is still successful if the + * value held in \p X fits in the buffer (that is, if enough of the most + * significant bytes of \p X are 0). * * \param X The address of the MPI. * \param nx The number of limbs of \p X. diff --git a/library/bignum_mod.h b/library/bignum_mod.h index ee9982a58..37aa9466f 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -1,5 +1,5 @@ /** - * Internal bignum functions + * Modular bignum functions * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -72,8 +72,8 @@ typedef struct { * modulus \p m.) * \param m The address of the modulus related to \p r. * \param p The address of the limb array storing the value of \p r. The - * memory pointed by \p p will be used by \p r and must not be - * freed or written until after mbedtls_mpi_mod_residue_release() + * memory pointed to by \p p will be used by \p r and must not be + * modified in any way until after mbedtls_mpi_mod_residue_release() * is called. * \param pn The number of limbs of \p p. * @@ -104,12 +104,12 @@ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); */ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); -/** Setup a residue structure. +/** Setup a modulus structure. * - * \param m The address of a modulus. + * \param m The address of the modulus structure to populate. * \param p The address of the limb array storing the value of \p m. The - * memory pointed by \p p will be used by \p r and must not be - * freed or written until after + * memory pointed to by \p p will be used by \p m and must not + * be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. * \param pn The number of limbs of \p p. * \param ext_rep The external representation to be used for residues diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index a6c535b80..e8c2a7d65 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -1,5 +1,10 @@ /** - * Internal bignum functions + * Low level modular bignum functions + * + * This interface only should be used by the higher level modular bignum + * module (bignum_mod.c) and the ECP module (ecp.c, ecp_curves.c). All other + * modules should use the high level modular bignum interface (bignum_mod.h) + * or the legacy bignum interface (bignum.h). * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -30,8 +35,8 @@ /** Import X from unsigned binary data. * - * The MPI needs to have enough limbs to store the full value (in particular, - * this function does not skip 0s in the input). + * The MPI needs to have enough limbs to store the full value (including any + * most significant zero bytes in the input). * * \param X The address of the MPI. The size is determined by \p m. (In * particular, it must have at least as many limbs as the modulus diff --git a/library/constant_time.c b/library/constant_time.c index cd3ec1064..d2649ceaf 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -749,9 +749,10 @@ unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *X, size_t len ) { size_t i; - /* The value of any of these variables is either 0 or 1 at all times. */ unsigned ret, cond, done; + /* The value of any of these variables is either 0 or 1 for the rest of + * their scope. */ ret = cond = done = 0; for( i = len; i > 0; i-- ) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 7255b2a85..8915f8bcb 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -130,13 +130,14 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, const mbedtls_mpi_uint y ); /** - * \brief Check if an MPI is less than the other in constant time. + * \brief Check if one unsigned MPI is less than another in constant + * time. * * \param X The left-hand MPI. This must point to an array of limbs - * with the same allocated length as Y. + * with the same allocated length as \p Y. * \param Y The right-hand MPI. This must point to an array of limbs - * with the same allocated length as X. - * \param len The number of limbs in X and Y. + * with the same allocated length as \p X. + * \param len The number of limbs in \p X and \p Y. * * \return The result of the comparison: * \c 1 if \p X is less than \p Y. diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 322e12e10..6b0b2d4bc 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -341,31 +341,31 @@ mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_ERR_MPI_BA Test mbedtls_mpi_mod_raw_io #20 (writing with invalid endianness) mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_raw_io #1 (Both representations invalid) +Test mbedtls_mpi_mod_setup #1 (Both representations invalid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_raw_io #2 (Internal representation invalid) +Test mbedtls_mpi_mod_setup #2 (Internal representation invalid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_raw_io #3 (Internal representation invalid) +Test mbedtls_mpi_mod_setup #3 (Internal representation invalid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_raw_io #4 (External representation invalid) +Test mbedtls_mpi_mod_setup #4 (External representation invalid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_MONTGOMERY:MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_raw_io #5 (External representation invalid) +Test mbedtls_mpi_mod_setup #5 (External representation invalid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_OPT_RED:MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_raw_io #6 (Both representations valid) +Test mbedtls_mpi_mod_setup #6 (Both representations valid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_OPT_RED:0 -Test mbedtls_mpi_mod_raw_io #7 (Both representations valid) +Test mbedtls_mpi_mod_setup #7 (Both representations valid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 -Test mbedtls_mpi_mod_raw_io #8 (Both representations valid) +Test mbedtls_mpi_mod_setup #8 (Both representations valid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_OPT_RED:0 -Test mbedtls_mpi_mod_raw_io #9 (Both representations valid) +Test mbedtls_mpi_mod_setup #9 (Both representations valid) mbedtls_mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 Base test mbedtls_mpi_read_binary #1 From bf9da1dfb1fca79b2df17b30d40d99d6019d9df1 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 14:11:56 +0200 Subject: [PATCH 41/64] Do not read if output pointer is NULL Skip reading if output pointer is NULL even if the length of the input buffer is 0. The memory sanitizer will mark this as an error. Signed-off-by: Gabor Mezei --- library/bignum_core.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index f250009bb..d5db4b0b0 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -171,10 +171,12 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); if( X != NULL ) + { memset( X, 0, nx * ciL ); - for( i = 0; i < buflen; i++ ) - X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); + for( i = 0; i < buflen; i++ ) + X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); + } return( 0 ); } @@ -192,18 +194,20 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); if( X != NULL ) + { memset( X, 0, nx * ciL ); - overhead = ( nx * ciL ) - buflen; + overhead = ( nx * ciL ) - buflen; - /* Avoid calling `memcpy` with NULL source or destination argument, - * even if buflen is 0. */ - if( buf != NULL ) - { - Xp = (unsigned char*) X; - memcpy( Xp + overhead, buf, buflen ); + /* Avoid calling `memcpy` with NULL source or destination argument, + * even if buflen is 0. */ + if( buf != NULL && X != NULL ) + { + Xp = (unsigned char*) X; + memcpy( Xp + overhead, buf, buflen ); - mbedtls_mpi_core_bigendian_to_host( X, nx ); + mbedtls_mpi_core_bigendian_to_host( X, nx ); + } } return( 0 ); From 5f56df44f0b62002f2f5a71480d75e762e8948e1 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 14:41:54 +0200 Subject: [PATCH 42/64] Remove redundant check Signed-off-by: Gabor Mezei --- library/bignum_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index d5db4b0b0..bb266a6ee 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -201,7 +201,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, /* Avoid calling `memcpy` with NULL source or destination argument, * even if buflen is 0. */ - if( buf != NULL && X != NULL ) + if( buf != NULL ) { Xp = (unsigned char*) X; memcpy( Xp + overhead, buf, buflen ); From d41f627650847daa782a1bcda5b1dcb629b8a801 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 15:20:21 +0200 Subject: [PATCH 43/64] Order the file names Signed-off-by: Gabor Mezei --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3e25355f7..edbd8767f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2011,8 +2011,8 @@ * * Module: library/bignum.c * library/bignum_core.c - * library/bignum_mod_raw.c * library/bignum_mod.c + * library/bignum_mod_raw.c * Caller: library/dhm.c * library/ecp.c * library/ecdsa.c From 89e31460db2852be6628d1f55a90d5111797bd20 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 15:36:56 +0200 Subject: [PATCH 44/64] Typo Signed-off-by: Gabor Mezei --- library/bignum.c | 2 +- library/bignum_core.c | 4 ++-- library/bignum_mod.h | 4 ++-- library/bignum_mod_raw.c | 4 ++-- tests/suites/test_suite_mpi.function | 29 +++++++++++++++------------- 5 files changed, 23 insertions(+), 20 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 2e5ad96ff..1a762a2d0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -343,7 +343,7 @@ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ) */ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ) { - return mbedtls_mpi_core_bitlen( X->p, X->n ); + return( mbedtls_mpi_core_bitlen( X->p, X->n ) ); } /* diff --git a/library/bignum_core.c b/library/bignum_core.c index bb266a6ee..9cc05b990 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -50,7 +50,7 @@ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) mask >>= 1; } - return j; + return( j ); } size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) @@ -77,7 +77,7 @@ static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint x ) unsigned char *x_ptr; mbedtls_mpi_uint tmp = 0; - for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) + for( i = 0, x_ptr = (unsigned char *) &x; i < ciL; i++, x_ptr++ ) { tmp <<= CHAR_BIT; tmp |= (mbedtls_mpi_uint) *x_ptr; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 37aa9466f..ce871a9ee 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -49,8 +49,8 @@ typedef struct mbedtls_mpi_uint *p; } mbedtls_mpi_mod_residue; -typedef void* mbedtls_mpi_mont_struct; -typedef void* mbedtls_mpi_opt_red_struct; +typedef void *mbedtls_mpi_mont_struct; +typedef void *mbedtls_mpi_opt_red_struct; typedef struct { mbedtls_mpi_uint *p; diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index d3cd770ef..4d5fe81bd 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -82,9 +82,9 @@ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, switch( m->ext_rep ) { case MBEDTLS_MPI_MOD_EXT_REP_LE: - return mbedtls_mpi_core_write_le( X, m->n, buf, buflen ); + return( mbedtls_mpi_core_write_le( X, m->n, buf, buflen ) ); case MBEDTLS_MPI_MOD_EXT_REP_BE: - return mbedtls_mpi_core_write_be( X, m->n, buf, buflen ); + return( mbedtls_mpi_core_write_be( X, m->n, buf, buflen ) ); default: return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); } diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index aaceb3ade..c6eaaf078 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -10,7 +10,7 @@ #if MBEDTLS_MPI_MAX_BITS > 792 #define MPI_MAX_BITS_LARGER_THAN_792 #endif -# + /* Check the validity of the sign bit in an MPI object. Reject representations * that are not supported by the rest of the library and indicate a bug when * constructing the value. */ @@ -236,9 +236,10 @@ exit: void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, int oret ) { - #define BMAX 1024 +#define BMAX 1024 +#define XMAX BMAX / sizeof( mbedtls_mpi_uint ) + unsigned char buf[BMAX]; - #define XMAX BMAX / sizeof( mbedtls_mpi_uint ) mbedtls_mpi_uint X[XMAX]; size_t nx, nb; int ret; @@ -288,8 +289,8 @@ void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, exit: ; - #undef BMAX - #undef XMAX +#undef BMAX +#undef XMAX } /* END_CASE */ @@ -297,9 +298,10 @@ exit: void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, int oret ) { - #define BMAX 1024 +#define BMAX 1024 +#define XMAX BMAX / sizeof( mbedtls_mpi_uint ) + unsigned char buf[BMAX]; - #define XMAX BMAX / sizeof( mbedtls_mpi_uint ) mbedtls_mpi_uint X[XMAX]; size_t nx, nb; int ret; @@ -347,8 +349,8 @@ void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, exit: ; - #undef BMAX - #undef XMAX +#undef BMAX +#undef XMAX } /* END_CASE */ @@ -385,9 +387,10 @@ exit: void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_64_int, int iendian, int iret, int oret ) { - #define BMAX 1024 +#define BMAX 1024 +#define XMAX BMAX / sizeof( mbedtls_mpi_uint ) + unsigned char buf[BMAX]; - #define XMAX BMAX / sizeof( mbedtls_mpi_uint ) mbedtls_mpi_uint X[XMAX]; mbedtls_mpi_uint init[XMAX]; mbedtls_mpi_mod_modulus m; @@ -476,8 +479,8 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_64_int, exit: mbedtls_mpi_mod_modulus_free( &m ); - #undef BMAX - #undef XMAX +#undef BMAX +#undef XMAX } /* END_CASE */ From 7f93264ab10e9d29e145e9c2231dd77517762822 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 15:37:27 +0200 Subject: [PATCH 45/64] Change struct element order Signed-off-by: Gabor Mezei --- library/bignum_mod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index ce871a9ee..2fb520cfb 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -45,8 +45,8 @@ typedef enum typedef struct { - size_t n; mbedtls_mpi_uint *p; + size_t n; } mbedtls_mpi_mod_residue; typedef void *mbedtls_mpi_mont_struct; From 5a5c0c5f0ae1322ffd7fbd26d2ef733b119843f5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 15:40:09 +0200 Subject: [PATCH 46/64] Move the declaration of variables to their scope of usage Signed-off-by: Gabor Mezei --- library/bignum_core.c | 13 +++++-------- library/constant_time.c | 3 +-- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 9cc05b990..3e19ff4a5 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -164,8 +164,7 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, const unsigned char *buf, size_t buflen ) { - size_t i; - size_t const limbs = CHARS_TO_LIMBS( buflen ); + const size_t limbs = CHARS_TO_LIMBS( buflen ); if( nx < limbs ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); @@ -174,7 +173,7 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, { memset( X, 0, nx * ciL ); - for( i = 0; i < buflen; i++ ) + for( size_t i = 0; i < buflen; i++ ) X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); } @@ -186,9 +185,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, const unsigned char *buf, size_t buflen ) { - size_t const limbs = CHARS_TO_LIMBS( buflen ); - size_t overhead; - unsigned char *Xp; + const size_t limbs = CHARS_TO_LIMBS( buflen ); if( nx < limbs ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); @@ -197,13 +194,13 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, { memset( X, 0, nx * ciL ); - overhead = ( nx * ciL ) - buflen; + const size_t overhead = ( nx * ciL ) - buflen; /* Avoid calling `memcpy` with NULL source or destination argument, * even if buflen is 0. */ if( buf != NULL ) { - Xp = (unsigned char*) X; + unsigned char *Xp = (unsigned char *) X; memcpy( Xp + overhead, buf, buflen ); mbedtls_mpi_core_bigendian_to_host( X, nx ); diff --git a/library/constant_time.c b/library/constant_time.c index d2649ceaf..d108b138a 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -748,14 +748,13 @@ unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *X, const mbedtls_mpi_uint *Y, size_t len ) { - size_t i; unsigned ret, cond, done; /* The value of any of these variables is either 0 or 1 for the rest of * their scope. */ ret = cond = done = 0; - for( i = len; i > 0; i-- ) + for( size_t i = len; i > 0; i-- ) { /* * If Y[i - 1] < X[i - 1] then X < Y is false and the result must From c414ba3fc00ad4b8eba434d0b66c78171a7ebea2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 17:47:39 +0200 Subject: [PATCH 47/64] Simplify code Signed-off-by: Gabor Mezei --- library/bignum_core.c | 29 ++++++++++++++--------------- library/bignum_core.h | 2 ++ 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 3e19ff4a5..a05df9946 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -185,28 +185,27 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, const unsigned char *buf, size_t buflen ) { - const size_t limbs = CHARS_TO_LIMBS( buflen ); + size_t const limbs = CHARS_TO_LIMBS( buflen ); if( nx < limbs ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - if( X != NULL ) + /* If nx is 0, buflen must also be 0 (from previous test). Nothing to do. */ + if( nx == 0 ) + return( 0 ); + + memset( X, 0, nx * ciL ); + + /* memcpy() with (NULL, 0) is undefined behaviour */ + if( buflen != 0 ) { - memset( X, 0, nx * ciL ); - - const size_t overhead = ( nx * ciL ) - buflen; - - /* Avoid calling `memcpy` with NULL source or destination argument, - * even if buflen is 0. */ - if( buf != NULL ) - { - unsigned char *Xp = (unsigned char *) X; - memcpy( Xp + overhead, buf, buflen ); - - mbedtls_mpi_core_bigendian_to_host( X, nx ); - } + size_t overhead = ( nx * ciL ) - buflen; + unsigned char *Xp = (unsigned char *) X; + memcpy( Xp + overhead, buf, buflen ); } + mbedtls_mpi_core_bigendian_to_host( X, nx ); + return( 0 ); } diff --git a/library/bignum_core.h b/library/bignum_core.h index 117c3c5f3..397f79a47 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -85,8 +85,10 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, * most significant zero bytes in the input). * * \param X The address of the MPI. + * May only be #NULL if \nx is 0 and \p buflen is 0. * \param nx The number of limbs of \p X. * \param buf The input buffer to import from. + * May only be #NULL if \p buflen is 0. * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. From 7f0817884eaf0d7fe04be9e187e6bfff50c772fe Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 18:00:33 +0200 Subject: [PATCH 48/64] Unify mpi mod raw read/write test with the other tests Use 32 bit limbs instead of 64 bit. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 104 +++++++++++++++------------ tests/suites/test_suite_mpi.function | 14 ++-- 2 files changed, 67 insertions(+), 51 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 6b0b2d4bc..627911789 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -216,64 +216,64 @@ Test mbedtls_mpi_core_io_le #21 (Buffer and limbs fit, input unaligned, odd numb mbedtls_mpi_core_io_le:"de4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b442400":82:21:0:0 Test mbedtls_mpi_mod_raw_io #1 BE (Buffer and limbs just fit, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:24:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #1 LE (Buffer and limbs just fit, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:24:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #2 BE (Buffer and limbs just fit, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:24:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #2 LE (Buffer and limbs just fit, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:24:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #3 BE (Buffer just fits, extra limbs, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:28:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #3 LE (Buffer just fits, extra limbs, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:28:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #4 BE (Buffer just fits, extra limbs, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:28:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #4 LE (Buffer just fits, extra limbs, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:28:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #5 BE (Extra limbs, buffer aligned to extra limbs, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:28:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #5 LE (Extra limbs, buffer aligned to extra limbs, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":112:28:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #6 BE (Extra limbs, buffer aligned to extra limbs, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:28:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #6 LE (Extra limbs, buffer aligned to extra limbs, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":112:28:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #7 BE (Buffer and limbs just fit, input limb-aligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:24:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #7 LE (Buffer and limbs just fit, input limb-aligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:24:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #8 BE (Buffer and limbs just fit, input unaligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:24:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #8 LE (Buffer and limbs just fit, input unaligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:24:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #9 BE (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":88:28:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #9 LE (Buffer just fits, extra limbs, input limb-aligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b44240000000000000000":88:28:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #10 BE (Buffer just fits, extra limbs, input unaligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:14:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"00000000000000001fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":86:28:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #10 LE (Buffer just fits, extra limbs, input unaligned with leading zeroes) -mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:14:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"1fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b0000000000000000":86:28:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #11 BE (Zero) mbedtls_mpi_mod_raw_io:"00":1:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 @@ -300,45 +300,61 @@ Test mbedtls_mpi_mod_raw_io #14 LE (One) mbedtls_mpi_mod_raw_io:"01":1:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 Test mbedtls_mpi_mod_raw_io #14 BE (One limb) -mbedtls_mpi_mod_raw_io:"ff00000000000000":8:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 +mbedtls_mpi_mod_raw_io:"ff00000000000000":8:2:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 Test mbedtls_mpi_mod_raw_io #14 LE (One limb) -mbedtls_mpi_mod_raw_io:"00000000000000ff":8:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 +mbedtls_mpi_mod_raw_io:"00000000000000ff":8:2:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 -Test mbedtls_mpi_mod_raw_io #15 BE (not enough limbs, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_mod_raw_io #15 BE (One limb) +depends_on:MBEDTLS_HAVE_INT32 +mbedtls_mpi_mod_raw_io:"000000ff":4:1:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 -Test mbedtls_mpi_mod_raw_io #15 LE (not enough limbs, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:11:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_mod_raw_io #15 LE (One limb) +depends_on:MBEDTLS_HAVE_INT32 +mbedtls_mpi_mod_raw_io:"000000ff":4:1:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 -Test mbedtls_mpi_mod_raw_io #16 BE (not enough limbs, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_mod_raw_io #16 BE (One limb) +depends_on:MBEDTLS_HAVE_INT64 +mbedtls_mpi_mod_raw_io:"00000000000000ff":8:2:MBEDTLS_MPI_MOD_EXT_REP_BE:0:0 -Test mbedtls_mpi_mod_raw_io #16 LE (not enough limbs, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:11:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 +Test mbedtls_mpi_mod_raw_io #16 LE (One limb) +depends_on:MBEDTLS_HAVE_INT64 +mbedtls_mpi_mod_raw_io:"00000000000000ff":8:2:MBEDTLS_MPI_MOD_EXT_REP_LE:0:0 -Test mbedtls_mpi_mod_raw_io #17 BE (buffer too small, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_mod_raw_io #17 BE (not enough limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:22:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_mod_raw_io #17 LE (buffer too small, input limb-aligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_mod_raw_io #17 LE (not enough limbs, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:22:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_mod_raw_io #18 BE (buffer too small, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:MBEDTLS_MPI_MOD_EXT_REP_BE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_mod_raw_io #18 BE (not enough limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:22:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_mod_raw_io #18 LE (buffer too small, input unaligned) -mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:12:MBEDTLS_MPI_MOD_EXT_REP_LE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Test mbedtls_mpi_mod_raw_io #18 LE (not enough limbs, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":94:22:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:0 -Test mbedtls_mpi_mod_raw_io #19 BE (modulus is equal to input) -mbedtls_mpi_mod_raw_io:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":1024:128:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 +Test mbedtls_mpi_mod_raw_io #19 BE (buffer too small, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:24:MBEDTLS_MPI_MOD_EXT_REP_BE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -Test mbedtls_mpi_mod_raw_io #19 LE (modulus is equal to input) -mbedtls_mpi_mod_raw_io:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":1024:128:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 +Test mbedtls_mpi_mod_raw_io #19 LE (buffer too small, input limb-aligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":95:24:MBEDTLS_MPI_MOD_EXT_REP_LE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -Test mbedtls_mpi_mod_raw_io #20 (reading with invalid endianness) +Test mbedtls_mpi_mod_raw_io #20 BE (buffer too small, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:24:MBEDTLS_MPI_MOD_EXT_REP_BE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_mod_raw_io #20 LE (buffer too small, input unaligned) +mbedtls_mpi_mod_raw_io:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b":93:24:MBEDTLS_MPI_MOD_EXT_REP_LE:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +Test mbedtls_mpi_mod_raw_io #21 BE (modulus is equal to input) +mbedtls_mpi_mod_raw_io:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":1024:256:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 + +Test mbedtls_mpi_mod_raw_io #21 LE (modulus is equal to input) +mbedtls_mpi_mod_raw_io:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":1024:256:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 + +Test mbedtls_mpi_mod_raw_io #22 (reading with invalid endianness) mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA:0 -Test mbedtls_mpi_mod_raw_io #20 (writing with invalid endianness) +Test mbedtls_mpi_mod_raw_io #22 (writing with invalid endianness) mbedtls_mpi_mod_raw_io:"":1:1:MBEDTLS_MPI_MOD_EXT_REP_INVALID:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_mod_setup #1 (Both representations invalid) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index c6eaaf078..eb91db4fa 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -384,7 +384,7 @@ exit: /* BEGIN_CASE */ -void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_64_int, +void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, int iendian, int iret, int oret ) { #define BMAX 1024 @@ -405,12 +405,12 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_64_int, nb = nb_int; TEST_ASSERT( nb <= BMAX ); - TEST_ASSERT( 0 <= nx_64_int ); - nx = nx_64_int; - /* nx_64_int is the number of 64 bit limbs, if we have 32 bit limbs we need - * to double the number of limbs to have the same size. */ - if( sizeof( mbedtls_mpi_uint ) == 4 ) - nx *= 2; + TEST_ASSERT( 0 <= nx_32_int ); + nx = nx_32_int; + /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need + * to halve the number of limbs to have the same size. */ + if( sizeof( mbedtls_mpi_uint ) == 8 ) + nx = nx / 2 + nx % 2; TEST_ASSERT( nx <= XMAX ); if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID ) From fd65e827538580f58ef29c466628fa05debc6e74 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 12 Aug 2022 18:09:12 +0200 Subject: [PATCH 49/64] Rename structure elements Use better names for structure elements and adopting the convention of the other modules. Signed-off-by: Gabor Mezei --- library/bignum_mod.c | 18 +++++++++--------- library/bignum_mod.h | 6 +++--- library/bignum_mod_raw.c | 10 +++++----- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 38aff9bd4..dfccaf485 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -47,10 +47,10 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_uint *p, size_t pn ) { - if( pn < m->n || !mbedtls_mpi_core_lt_ct( m->p, p, pn ) ) + if( pn < m->limbs || !mbedtls_mpi_core_lt_ct( m->p, p, pn ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - r->n = m->n; + r->limbs = m->limbs; r->p = p; return( 0 ); @@ -61,7 +61,7 @@ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) if ( r == NULL ) return; - r->n = 0; + r->limbs = 0; r->p = NULL; } @@ -71,8 +71,8 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ) return; m->p = NULL; - m->n = 0; - m->plen = 0; + m->limbs = 0; + m->bits = 0; m->ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID; } @@ -95,8 +95,8 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) } m->p = NULL; - m->n = 0; - m->plen = 0; + m->limbs = 0; + m->bits = 0; m->ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID; } @@ -110,8 +110,8 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, int ret = 0; m->p = p; - m->n = pn; - m->plen = mbedtls_mpi_core_bitlen( p, pn ); + m->limbs = pn; + m->bits = mbedtls_mpi_core_bitlen( p, pn ); switch( ext_rep ) { diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 2fb520cfb..3712af0f4 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -46,7 +46,7 @@ typedef enum typedef struct { mbedtls_mpi_uint *p; - size_t n; + size_t limbs; } mbedtls_mpi_mod_residue; typedef void *mbedtls_mpi_mont_struct; @@ -54,8 +54,8 @@ typedef void *mbedtls_mpi_opt_red_struct; typedef struct { mbedtls_mpi_uint *p; - size_t n; // number of limbs - size_t plen; // bitlen of p + size_t limbs; // number of limbs + size_t bits; // bitlen of p mbedtls_mpi_mod_ext_rep ext_rep; // signals external representation (eg. byte order) mbedtls_mpi_mod_rep_selector int_rep; // selector to signal the active member of the union union rep diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 4d5fe81bd..c4a3eb8dc 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -51,10 +51,10 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, switch( m->ext_rep ) { case MBEDTLS_MPI_MOD_EXT_REP_LE: - ret = mbedtls_mpi_core_read_le( X, m->n, buf, buflen ); + ret = mbedtls_mpi_core_read_le( X, m->limbs, buf, buflen ); break; case MBEDTLS_MPI_MOD_EXT_REP_BE: - ret = mbedtls_mpi_core_read_be( X, m->n, buf, buflen ); + ret = mbedtls_mpi_core_read_be( X, m->limbs, buf, buflen ); break; default: return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -63,7 +63,7 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, if( ret != 0 ) goto cleanup; - if( !mbedtls_mpi_core_lt_ct( X, m->p, m->n ) ) + if( !mbedtls_mpi_core_lt_ct( X, m->p, m->limbs ) ) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; @@ -82,9 +82,9 @@ int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, switch( m->ext_rep ) { case MBEDTLS_MPI_MOD_EXT_REP_LE: - return( mbedtls_mpi_core_write_le( X, m->n, buf, buflen ) ); + return( mbedtls_mpi_core_write_le( X, m->limbs, buf, buflen ) ); case MBEDTLS_MPI_MOD_EXT_REP_BE: - return( mbedtls_mpi_core_write_be( X, m->n, buf, buflen ) ); + return( mbedtls_mpi_core_write_be( X, m->limbs, buf, buflen ) ); default: return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); } From 816206439aebdfe63f154bc1333bef4ff1937e82 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 15 Aug 2022 11:13:38 +0100 Subject: [PATCH 50/64] Bignum: Improve style - Instead of macros, use direct calculations for array sizes - Move variable declarations closer to first use Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.function | 98 +++++++++++----------------- 1 file changed, 38 insertions(+), 60 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index eb91db4fa..b75f0f8a0 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -236,30 +236,26 @@ exit: void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, int oret ) { -#define BMAX 1024 -#define XMAX BMAX / sizeof( mbedtls_mpi_uint ) - - unsigned char buf[BMAX]; - mbedtls_mpi_uint X[XMAX]; - size_t nx, nb; - int ret; - if( iret != 0 ) TEST_ASSERT( oret == 0 ); TEST_ASSERT( 0 <= nb_int ); - nb = nb_int; - TEST_ASSERT( nb <= BMAX ); + size_t nb = nb_int; + + unsigned char buf[1024]; + TEST_ASSERT( nb <= sizeof( buf ) ); - TEST_ASSERT( 0 <= nx_32_int ); - nx = nx_32_int; /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need * to halve the number of limbs to have the same size. */ if( sizeof( mbedtls_mpi_uint ) == 8 ) - nx = nx / 2 + nx % 2; - TEST_ASSERT( nx <= XMAX ); + nx_32_int = nx_32_int / 2 + nx_32_int % 2; + TEST_ASSERT( 0 <= nx_32_int ); + size_t nx = nx_32_int; - ret = mbedtls_mpi_core_read_be( X, nx, input->x, input->len ); + mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )]; + TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); + + int ret = mbedtls_mpi_core_read_be( X, nx, input->x, input->len ); TEST_ASSERT( ret == iret ); if( iret == 0 ) @@ -288,9 +284,6 @@ void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, exit: ; - -#undef BMAX -#undef XMAX } /* END_CASE */ @@ -298,30 +291,26 @@ exit: void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, int oret ) { -#define BMAX 1024 -#define XMAX BMAX / sizeof( mbedtls_mpi_uint ) - - unsigned char buf[BMAX]; - mbedtls_mpi_uint X[XMAX]; - size_t nx, nb; - int ret; - if( iret != 0 ) TEST_ASSERT( oret == 0 ); TEST_ASSERT( 0 <= nb_int ); - nb = nb_int; - TEST_ASSERT( nb <= BMAX ); + size_t nb = nb_int; + + unsigned char buf[1024]; + TEST_ASSERT( nb <= sizeof( buf ) ); - TEST_ASSERT( 0 <= nx_32_int ); - nx = nx_32_int; /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need * to halve the number of limbs to have the same size. */ if( sizeof( mbedtls_mpi_uint ) == 8 ) - nx = nx / 2 + nx % 2; - TEST_ASSERT( nx <= XMAX ); + nx_32_int = nx_32_int / 2 + nx_32_int % 2; + TEST_ASSERT( 0 <= nx_32_int ); + size_t nx = nx_32_int; - ret = mbedtls_mpi_core_read_le( X, nx, input->x, input->len ); + mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )]; + TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); + + int ret = mbedtls_mpi_core_read_le( X, nx, input->x, input->len ); TEST_ASSERT( ret == iret ); if( iret == 0 ) @@ -348,9 +337,6 @@ void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, exit: ; - -#undef BMAX -#undef XMAX } /* END_CASE */ @@ -387,42 +373,37 @@ exit: void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, int iendian, int iret, int oret ) { -#define BMAX 1024 -#define XMAX BMAX / sizeof( mbedtls_mpi_uint ) - - unsigned char buf[BMAX]; - mbedtls_mpi_uint X[XMAX]; - mbedtls_mpi_uint init[XMAX]; - mbedtls_mpi_mod_modulus m; - size_t nx, nb; - int ret; - int endian; - if( iret != 0 ) TEST_ASSERT( oret == 0 ); TEST_ASSERT( 0 <= nb_int ); - nb = nb_int; - TEST_ASSERT( nb <= BMAX ); + size_t nb = nb_int; + + unsigned char buf[1024]; + TEST_ASSERT( nb <= sizeof( buf ) ); - TEST_ASSERT( 0 <= nx_32_int ); - nx = nx_32_int; /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need * to halve the number of limbs to have the same size. */ if( sizeof( mbedtls_mpi_uint ) == 8 ) - nx = nx / 2 + nx % 2; - TEST_ASSERT( nx <= XMAX ); + nx_32_int = nx_32_int / 2 + nx_32_int % 2; + TEST_ASSERT( 0 <= nx_32_int ); + size_t nx = nx_32_int; + mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )]; + TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); + + int endian; if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID ) endian = MBEDTLS_MPI_MOD_EXT_REP_LE; else endian = iendian; + mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_modulus_init( &m ); - TEST_ASSERT( memset( init, 0xFF, sizeof( init ) ) ); - - ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, endian, - MBEDTLS_MPI_MOD_REP_MONTGOMERY ); + mbedtls_mpi_uint init[sizeof( X ) / sizeof( X[0] )]; + memset( init, 0xFF, sizeof( init ) ); + int ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, endian, + MBEDTLS_MPI_MOD_REP_MONTGOMERY ); TEST_ASSERT( ret == 0 ); if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0 ) @@ -478,9 +459,6 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, exit: mbedtls_mpi_mod_modulus_free( &m ); - -#undef BMAX -#undef XMAX } /* END_CASE */ From 138f51c5c859b0a0c4ec60adca758dd69f89603a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 15 Aug 2022 11:38:30 +0100 Subject: [PATCH 51/64] Fix alphabetic order in makefiles Signed-off-by: Janos Follath --- library/CMakeLists.txt | 2 +- library/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 96c12fb90..378cfb457 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -19,8 +19,8 @@ set(src_crypto base64.c bignum.c bignum_core.c - bignum_mod_raw.c bignum_mod.c + bignum_mod_raw.c camellia.c ccm.c chacha20.c diff --git a/library/Makefile b/library/Makefile index 49029d86b..87164b74f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -84,8 +84,8 @@ OBJS_CRYPTO= \ base64.o \ bignum.o \ bignum_core.o \ - bignum_mod_raw.o \ bignum_mod.o \ + bignum_mod_raw.o \ camellia.o \ ccm.o \ chacha20.o \ From ed5c8d3d1e24d37a84a04148f52296d7243ac0ae Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 15 Aug 2022 11:50:22 +0100 Subject: [PATCH 52/64] Bignum: make modulus value const The modulus value won't change during normal operations, make this clear in the struct and the function signatures. This won't prevent the caller from modifying the passed buffer, but might give a hint and reinforces the message of the documentation. Signed-off-by: Janos Follath --- library/bignum_mod.c | 2 +- library/bignum_mod.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index dfccaf485..4382bf85a 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -102,7 +102,7 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) } int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, - mbedtls_mpi_uint *p, + const mbedtls_mpi_uint *p, size_t pn, mbedtls_mpi_mod_ext_rep ext_rep, mbedtls_mpi_mod_rep_selector int_rep ) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 3712af0f4..d2ba73ecd 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -53,7 +53,7 @@ typedef void *mbedtls_mpi_mont_struct; typedef void *mbedtls_mpi_opt_red_struct; typedef struct { - mbedtls_mpi_uint *p; + const mbedtls_mpi_uint *p; size_t limbs; // number of limbs size_t bits; // bitlen of p mbedtls_mpi_mod_ext_rep ext_rep; // signals external representation (eg. byte order) @@ -122,7 +122,7 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); * invalid. */ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, - mbedtls_mpi_uint *p, + const mbedtls_mpi_uint *p, size_t pn, mbedtls_mpi_mod_ext_rep ext_rep, mbedtls_mpi_mod_rep_selector int_rep ); From 620c58ced93001b82af39c0a46bd85eeeccc2a9c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 15 Aug 2022 11:58:42 +0100 Subject: [PATCH 53/64] Bignum: make const placement consistent Signed-off-by: Janos Follath --- library/bignum.c | 6 +++--- library/bignum_core.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 1a762a2d0..9776d29de 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -660,7 +660,7 @@ int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); + const size_t limbs = CHARS_TO_LIMBS( buflen ); /* Ensure that target MPI has exactly the necessary number of limbs */ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) ); @@ -686,7 +686,7 @@ cleanup: int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); + const size_t limbs = CHARS_TO_LIMBS( buflen ); MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); @@ -2139,7 +2139,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( size ); + const size_t limbs = CHARS_TO_LIMBS( size ); MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); diff --git a/library/bignum_core.c b/library/bignum_core.c index a05df9946..431921ade 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -185,7 +185,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, const unsigned char *buf, size_t buflen ) { - size_t const limbs = CHARS_TO_LIMBS( buflen ); + const size_t limbs = CHARS_TO_LIMBS( buflen ); if( nx < limbs ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); From cc93908b88076cf02b1bbd02a11fb2fc4b35ccb1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 15 Aug 2022 12:08:49 +0100 Subject: [PATCH 54/64] Bignum: Declare loop variable in loop head In the new bignum files (bignum_core.c, bignum_mod_raw.c and bignum_mod.c) the loop variables are declared in the loop head wherever this change is beneficial. There are loops where the loop variable is used after the end of the loop (this might not be good practice, but that is out of scope for this commit) and others where there are several loop variables and declaring them there would hurt readability. Signed-off-by: Janos Follath --- library/bignum_core.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 431921ade..c015fc7ac 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -216,7 +216,6 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, { size_t stored_bytes = nx * ciL; size_t bytes_to_copy; - size_t i; if( stored_bytes < buflen ) { @@ -228,14 +227,14 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, /* The output buffer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ - for( i = bytes_to_copy; i < stored_bytes; i++ ) + for( size_t i = bytes_to_copy; i < stored_bytes; i++ ) { if( GET_BYTE( X, i ) != 0 ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); } } - for( i = 0; i < bytes_to_copy; i++ ) + for( size_t i = 0; i < bytes_to_copy; i++ ) buf[i] = GET_BYTE( X, i ); if( stored_bytes < buflen ) @@ -255,7 +254,6 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, size_t stored_bytes; size_t bytes_to_copy; unsigned char *p; - size_t i; stored_bytes = nx * ciL; @@ -276,14 +274,14 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, * However X may fit if its leading bytes are zero. */ bytes_to_copy = buflen; p = buf; - for( i = bytes_to_copy; i < stored_bytes; i++ ) + for( size_t i = bytes_to_copy; i < stored_bytes; i++ ) { if( GET_BYTE( X, i ) != 0 ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); } } - for( i = 0; i < bytes_to_copy; i++ ) + for( size_t i = 0; i < bytes_to_copy; i++ ) p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); return( 0 ); From 6b8a4ad0d8c14e435adfb6dc931d8f1eb03232dd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Aug 2022 10:58:34 +0100 Subject: [PATCH 55/64] Bignum: update const qualifiers While at it, mark parameters based on their role. Signed-off-by: Janos Follath --- library/bignum_core.c | 2 +- library/bignum_core.h | 46 ++++++++++++++++++++-------------------- library/bignum_mod.c | 2 +- library/bignum_mod.h | 35 +++++++++++++++--------------- library/bignum_mod_raw.c | 8 +++---- library/bignum_mod_raw.h | 32 ++++++++++++++-------------- 6 files changed, 63 insertions(+), 62 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index c015fc7ac..606765a4e 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -129,7 +129,7 @@ static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) return( mpi_bigendian_to_host_c( x ) ); } -void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, +void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *X, size_t limbs ) { mbedtls_mpi_uint *cur_limb_left; diff --git a/library/bignum_core.h b/library/bignum_core.h index 397f79a47..8266cece5 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -44,8 +44,8 @@ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ); * * \note This function returns 0 if all the limbs of \p X are 0. * - * \param X The address of the MPI. - * \param nx The number of limbs of \p X. + * \param[in] X The address of the MPI. + * \param nx The number of limbs of \p X. * * \return The number of bits in \p X. */ @@ -54,10 +54,10 @@ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ); /** Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. * - * \param X The address of the MPI. - * \param limbs The number of limbs of \p X. + * \param[in,out] X The address of the MPI. + * \param limbs The number of limbs of \p X. */ -void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, +void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *X, size_t limbs ); /** Import X from unsigned binary data, little endian. @@ -65,10 +65,10 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint * const X, * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). * - * \param X The address of the MPI. - * \param nx The number of limbs of \p X. - * \param buf The input buffer to import from. - * \param buflen The length in bytes of \p buf. + * \param[out] X The address of the MPI. + * \param nx The number of limbs of \p X. + * \param[in] buf The input buffer to import from. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't @@ -84,12 +84,12 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). * - * \param X The address of the MPI. - * May only be #NULL if \nx is 0 and \p buflen is 0. - * \param nx The number of limbs of \p X. - * \param buf The input buffer to import from. - * May only be #NULL if \p buflen is 0. - * \param buflen The length in bytes of \p buf. + * \param[out] X The address of the MPI. + * May only be #NULL if \nx is 0 and \p buflen is 0. + * \param nx The number of limbs of \p X. + * \param[in] buf The input buffer to import from. + * May only be #NULL if \p buflen is 0. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't @@ -106,10 +106,10 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, * value held in \p X fits in the buffer (that is, if enough of the most * significant bytes of \p X are 0). * - * \param X The address of the MPI. - * \param nx The number of limbs of \p X. - * \param buf The output buffer to export to. - * \param buflen The length in bytes of \p buf. + * \param[in] X The address of the MPI. + * \param nx The number of limbs of \p X. + * \param[out] buf The output buffer to export to. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't @@ -126,10 +126,10 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, * value held in \p X fits in the buffer (that is, if enough of the most * significant bytes of \p X are 0). * - * \param X The address of the MPI. - * \param nx The number of limbs of \p X. - * \param buf The output buffer to export to. - * \param buflen The length in bytes of \p buf. + * \param[in] X The address of the MPI. + * \param nx The number of limbs of \p X. + * \param[out] buf The output buffer to export to. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 4382bf85a..5678ca092 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -43,7 +43,7 @@ #include "constant_time_internal.h" int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, - mbedtls_mpi_mod_modulus *m, + const mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, size_t pn ) { diff --git a/library/bignum_mod.h b/library/bignum_mod.h index d2ba73ecd..3fbedbff2 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -67,22 +67,23 @@ typedef struct { /** Setup a residue structure. * - * \param r The address of residue to setup. The size is determined by \p m. - * (In particular, it must have at least as many limbs as the - * modulus \p m.) - * \param m The address of the modulus related to \p r. - * \param p The address of the limb array storing the value of \p r. The - * memory pointed to by \p p will be used by \p r and must not be - * modified in any way until after mbedtls_mpi_mod_residue_release() - * is called. - * \param pn The number of limbs of \p p. + * \param[out] r The address of residue to setup. The size is determined by + * \p m. + * (In particular, it must have at least as many limbs as the + * modulus \p m.) + * \param[in] m The address of the modulus related to \p r. + * \param[in] p The address of the limb array storing the value of \p r. + * The memory pointed to by \p p will be used by \p r and must + * not be modified in any way until after + * mbedtls_mpi_mod_residue_release() is called. + * \param pn The number of limbs of \p p. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p pn is less than the limbs * in \p m or if \p p is not less than \p m. */ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, - mbedtls_mpi_mod_modulus *m, + const mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, size_t pn ); @@ -94,22 +95,22 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, * This function invalidates \p r and it must not be used until after * mbedtls_mpi_mod_residue_setup() is called on it again. * - * \param r The address of residue to release. + * \param[out] r The address of residue to release. */ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); /** Initialize a modulus structure. * - * \param m The address of a modulus. + * \param[out] m The address of a modulus. */ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); /** Setup a modulus structure. * - * \param m The address of the modulus structure to populate. - * \param p The address of the limb array storing the value of \p m. The - * memory pointed to by \p p will be used by \p m and must not - * be modified in any way until after + * \param[out] m The address of the modulus structure to populate. + * \param[in] p The address of the limb array storing the value of \p m. + * The memory pointed to by \p p will be used by \p m and must + * not be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. * \param pn The number of limbs of \p p. * \param ext_rep The external representation to be used for residues @@ -135,7 +136,7 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, * mbedtls_mpi_mod_modulus_setup() only removes the reference to it, * making it safe to free or to use it again. * - * \param m The address of a modulus. + * \param[in,out] m The address of a modulus. */ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index c4a3eb8dc..334965d12 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -42,8 +42,8 @@ #include "constant_time_internal.h" int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, - mbedtls_mpi_mod_modulus *m, - unsigned char *buf, + const mbedtls_mpi_mod_modulus *m, + const unsigned char *buf, size_t buflen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -74,8 +74,8 @@ cleanup: return( ret ); } -int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, - mbedtls_mpi_mod_modulus *m, +int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *X, + const mbedtls_mpi_mod_modulus *m, unsigned char *buf, size_t buflen ) { diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index e8c2a7d65..b4ef83dbf 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -38,12 +38,12 @@ * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). * - * \param X The address of the MPI. The size is determined by \p m. (In - * particular, it must have at least as many limbs as the modulus - * \p m.) - * \param m The address of the modulus related to \p X. - * \param buf The input buffer to import from. - * \param buflen The length in bytes of \p buf. + * \param[out] X The address of the MPI. The size is determined by \p m. (In + * particular, it must have at least as many limbs as the + * modulus \p m.) + * \param[in] m The address of the modulus related to \p X. + * \param[in] buf The input buffer to import from. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't @@ -52,18 +52,18 @@ * of \p m is invalid or \p X is not less than \p m. */ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, - mbedtls_mpi_mod_modulus *m, - unsigned char *buf, + const mbedtls_mpi_mod_modulus *m, + const unsigned char *buf, size_t buflen ); /** Export X into unsigned binary data. * - * \param X The address of the MPI. The size is determined by \p m. (In - * particular, it must have at least as many limbs as the modulus - * \p m.) - * \param m The address of the modulus related to \p X. - * \param buf The output buffer to export to. - * \param buflen The length in bytes of \p buf. + * \param[in] X The address of the MPI. The size is determined by \p m. (In + * particular, it must have at least as many limbs as the modulus + * \p m.) + * \param[in] m The address of the modulus related to \p X. + * \param[out] buf The output buffer to export to. + * \param buflen The length in bytes of \p buf. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't @@ -71,8 +71,8 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation * of \p m is invalid. */ -int mbedtls_mpi_mod_raw_write( mbedtls_mpi_uint *X, - mbedtls_mpi_mod_modulus *m, +int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *X, + const mbedtls_mpi_mod_modulus *m, unsigned char *buf, size_t buflen ); From b7a88eca42e3bed9701627096fa2da60af36415a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Aug 2022 12:24:40 +0100 Subject: [PATCH 56/64] Bignum: Apply naming conventions Numbers: - A, B for mbedtls_mpi_uint* operands - a, b for mbedtls_mpi_uint operands - X or x for result - HAC references where applicable Lengths: - Reserve size or length for length/size in bytes or byte buffers. - For length of mbedtls_mpi_uint* buffers use limbs - Length parameters are qualified if possible (eg. input_length or a_limbs) Setup functions: - The parameters match the corresponding structure member's name - The structure to set up is a standard lower case name even if in other functions different naming conventions would apply Scope of changes/conventions: - bignum_core - bignum_mod - bignum_mod_raw Signed-off-by: Janos Follath --- library/bignum_core.c | 125 ++++++++++++++++--------------- library/bignum_core.h | 115 ++++++++++++++-------------- library/bignum_mod.c | 10 +-- library/bignum_mod.h | 12 +-- library/bignum_mod_raw.c | 22 +++--- library/bignum_mod_raw.h | 42 +++++------ library/constant_time.c | 18 ++--- library/constant_time_internal.h | 20 ++--- 8 files changed, 185 insertions(+), 179 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 606765a4e..d3d74fff9 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -38,14 +38,14 @@ #include "bignum_core.h" -size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) +size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint a ) { size_t j; mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); for( j = 0; j < biL; j++ ) { - if( x & mask ) break; + if( a & mask ) break; mask >>= 1; } @@ -53,46 +53,46 @@ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ) return( j ); } -size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ) +size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t A_limbs ) { size_t i, j; - if( nx == 0 ) + if( A_limbs == 0 ) return( 0 ); - for( i = nx - 1; i > 0; i-- ) - if( X[i] != 0 ) + for( i = A_limbs - 1; i > 0; i-- ) + if( A[i] != 0 ) break; - j = biL - mbedtls_mpi_core_clz( X[i] ); + j = biL - mbedtls_mpi_core_clz( A[i] ); return( ( i * biL ) + j ); } /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. */ -static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint x ) +static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint a ) { uint8_t i; - unsigned char *x_ptr; + unsigned char *a_ptr; mbedtls_mpi_uint tmp = 0; - for( i = 0, x_ptr = (unsigned char *) &x; i < ciL; i++, x_ptr++ ) + for( i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++ ) { tmp <<= CHAR_BIT; - tmp |= (mbedtls_mpi_uint) *x_ptr; + tmp |= (mbedtls_mpi_uint) *a_ptr; } return( tmp ); } -static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) +static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint a ) { #if defined(__BYTE_ORDER__) /* Nothing to do on bigendian systems. */ #if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) - return( x ); + return( a ); #endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ #if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) @@ -116,9 +116,9 @@ static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) switch( sizeof(mbedtls_mpi_uint) ) { case 4: - return( __builtin_bswap32(x) ); + return( __builtin_bswap32(a) ); case 8: - return( __builtin_bswap64(x) ); + return( __builtin_bswap64(a) ); } #endif #endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ @@ -126,10 +126,10 @@ static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint x ) /* Fall back to C-based reordering if we don't know the byte order * or we couldn't use a compiler-specific builtin. */ - return( mpi_bigendian_to_host_c( x ) ); + return( mpi_bigendian_to_host_c( a ) ); } -void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *X, +void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, size_t limbs ) { mbedtls_mpi_uint *cur_limb_left; @@ -146,7 +146,7 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *X, * than the right index (it's not a problem if limbs is odd and the * indices coincide in the last iteration). */ - for( cur_limb_left = X, cur_limb_right = X + ( limbs - 1 ); + for( cur_limb_left = A, cur_limb_right = A + ( limbs - 1 ); cur_limb_left <= cur_limb_right; cur_limb_left++, cur_limb_right-- ) { @@ -160,120 +160,121 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *X, } int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, - size_t nx, - const unsigned char *buf, - size_t buflen ) + size_t X_limbs, + const unsigned char *input, + size_t input_length ) { - const size_t limbs = CHARS_TO_LIMBS( buflen ); + const size_t limbs = CHARS_TO_LIMBS( input_length ); - if( nx < limbs ) + if( X_limbs < limbs ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); if( X != NULL ) { - memset( X, 0, nx * ciL ); + memset( X, 0, X_limbs * ciL ); - for( size_t i = 0; i < buflen; i++ ) - X[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); + for( size_t i = 0; i < input_length; i++ ) + X[i / ciL] |= ((mbedtls_mpi_uint) input[i]) << ((i % ciL) << 3); } return( 0 ); } int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, - size_t nx, - const unsigned char *buf, - size_t buflen ) + size_t X_limbs, + const unsigned char *input, + size_t input_length ) { - const size_t limbs = CHARS_TO_LIMBS( buflen ); + const size_t limbs = CHARS_TO_LIMBS( input_length ); - if( nx < limbs ) + if( X_limbs < limbs ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - /* If nx is 0, buflen must also be 0 (from previous test). Nothing to do. */ - if( nx == 0 ) + /* If X_limbs is 0, input_length must also be 0 (from previous test). + * Nothing to do. */ + if( X_limbs == 0 ) return( 0 ); - memset( X, 0, nx * ciL ); + memset( X, 0, X_limbs * ciL ); /* memcpy() with (NULL, 0) is undefined behaviour */ - if( buflen != 0 ) + if( input_length != 0 ) { - size_t overhead = ( nx * ciL ) - buflen; + size_t overhead = ( X_limbs * ciL ) - input_length; unsigned char *Xp = (unsigned char *) X; - memcpy( Xp + overhead, buf, buflen ); + memcpy( Xp + overhead, input, input_length ); } - mbedtls_mpi_core_bigendian_to_host( X, nx ); + mbedtls_mpi_core_bigendian_to_host( X, X_limbs ); return( 0 ); } -int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, - size_t nx, - unsigned char *buf, - size_t buflen ) +int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *A, + size_t A_limbs, + unsigned char *output, + size_t output_length ) { - size_t stored_bytes = nx * ciL; + size_t stored_bytes = A_limbs * ciL; size_t bytes_to_copy; - if( stored_bytes < buflen ) + if( stored_bytes < output_length ) { bytes_to_copy = stored_bytes; } else { - bytes_to_copy = buflen; + bytes_to_copy = output_length; - /* The output buffer is smaller than the allocated size of X. - * However X may fit if its leading bytes are zero. */ + /* The output outputfer is smaller than the allocated size of A. + * However A may fit if its leading bytes are zero. */ for( size_t i = bytes_to_copy; i < stored_bytes; i++ ) { - if( GET_BYTE( X, i ) != 0 ) + if( GET_BYTE( A, i ) != 0 ) return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); } } for( size_t i = 0; i < bytes_to_copy; i++ ) - buf[i] = GET_BYTE( X, i ); + output[i] = GET_BYTE( A, i ); - if( stored_bytes < buflen ) + if( stored_bytes < output_length ) { /* Write trailing 0 bytes */ - memset( buf + stored_bytes, 0, buflen - stored_bytes ); + memset( output + stored_bytes, 0, output_length - stored_bytes ); } return( 0 ); } int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, - size_t nx, - unsigned char *buf, - size_t buflen ) + size_t X_limbs, + unsigned char *output, + size_t output_length ) { size_t stored_bytes; size_t bytes_to_copy; unsigned char *p; - stored_bytes = nx * ciL; + stored_bytes = X_limbs * ciL; - if( stored_bytes < buflen ) + if( stored_bytes < output_length ) { - /* There is enough space in the output buffer. Write initial + /* There is enough space in the output outputfer. Write initial * null bytes and record the position at which to start * writing the significant bytes. In this case, the execution * trace of this function does not depend on the value of the * number. */ bytes_to_copy = stored_bytes; - p = buf + buflen - stored_bytes; - memset( buf, 0, buflen - stored_bytes ); + p = output + output_length - stored_bytes; + memset( output, 0, output_length - stored_bytes ); } else { - /* The output buffer is smaller than the allocated size of X. + /* The output outputfer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ - bytes_to_copy = buflen; - p = buf; + bytes_to_copy = output_length; + p = output; for( size_t i = bytes_to_copy; i < stored_bytes; i++ ) { if( GET_BYTE( X, i ) != 0 ) diff --git a/library/bignum_core.h b/library/bignum_core.h index 8266cece5..1557d10b3 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -33,31 +33,31 @@ /** Count leading zero bits in a given integer. * - * \param x Integer to count leading zero bits. + * \param a Integer to count leading zero bits. * - * \return The number of leading zero bits in \p x. + * \return The number of leading zero bits in \p a. */ -size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint x ); +size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint a ); /** Return the the minimum number of bits required to represent the value held * in the MPI. * - * \note This function returns 0 if all the limbs of \p X are 0. + * \note This function returns 0 if all the limbs of \p A are 0. * - * \param[in] X The address of the MPI. - * \param nx The number of limbs of \p X. + * \param[in] A The address of the MPI. + * \param a_limbs The number of limbs of \p A. * - * \return The number of bits in \p X. + * \return The number of bits in \p A. */ -size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *X, size_t nx ); +size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t a_limbs ); /** Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. * - * \param[in,out] X The address of the MPI. - * \param limbs The number of limbs of \p X. + * \param[in,out] A The address of the MPI. + * \param limbs The number of limbs of \p A. */ -void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *X, +void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, size_t limbs ); /** Import X from unsigned binary data, little endian. @@ -65,80 +65,81 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *X, * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). * - * \param[out] X The address of the MPI. - * \param nx The number of limbs of \p X. - * \param[in] buf The input buffer to import from. - * \param buflen The length in bytes of \p buf. + * \param[out] X The address of the MPI. + * \param X_limbs The number of limbs of \p X. + * \param[in] input The input buffer to import from. + * \param input_length The length bytes of \p input. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't - * large enough to hold the value in \p buf. + * large enough to hold the value in \p input. */ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, - size_t nx, - const unsigned char *buf, - size_t buflen ); + size_t X_limbs, + const unsigned char *input, + size_t input_length ); /** Import X from unsigned binary data, big endian. * * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). * - * \param[out] X The address of the MPI. - * May only be #NULL if \nx is 0 and \p buflen is 0. - * \param nx The number of limbs of \p X. - * \param[in] buf The input buffer to import from. - * May only be #NULL if \p buflen is 0. - * \param buflen The length in bytes of \p buf. + * \param[out] X The address of the MPI. + * May only be #NULL if \X_limbs is 0 and \p input_length + * is 0. + * \param X_limbs The number of limbs of \p X. + * \param[in] input The input buffer to import from. + * May only be #NULL if \p input_length is 0. + * \param input_length The length in bytes of \p input. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't - * large enough to hold the value in \p buf. + * large enough to hold the value in \p input. */ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, - size_t nx, - const unsigned char *buf, - size_t buflen ); + size_t X_limbs, + const unsigned char *input, + size_t input_length ); -/** Export X into unsigned binary data, little endian. +/** Export A into unsigned binary data, little endian. * - * \note If \p buf is shorter than \p X the export is still successful if the - * value held in \p X fits in the buffer (that is, if enough of the most - * significant bytes of \p X are 0). + * \note If \p output is shorter than \p A the export is still successful if the + * value held in \p A fits in the buffer (that is, if enough of the most + * significant bytes of \p A are 0). * - * \param[in] X The address of the MPI. - * \param nx The number of limbs of \p X. - * \param[out] buf The output buffer to export to. - * \param buflen The length in bytes of \p buf. + * \param[in] A The address of the MPI. + * \param A_limbs The number of limbs of \p A. + * \param[out] output The output buffer to export to. + * \param output_length The length in bytes of \p output. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't - * large enough to hold the value of \p X. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't + * large enough to hold the value of \p A. */ -int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *X, - size_t nx, - unsigned char *buf, - size_t buflen ); +int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *A, + size_t A_limbs, + unsigned char *output, + size_t output_length ); -/** Export X into unsigned binary data, big endian. +/** Export A into unsigned binary data, big endian. * - * \note If \p buf is shorter than \p X the export is still successful if the - * value held in \p X fits in the buffer (that is, if enough of the most - * significant bytes of \p X are 0). + * \note If \p output is shorter than \p A the export is still successful if the + * value held in \p A fits in the buffer (that is, if enough of the most + * significant bytes of \p A are 0). * - * \param[in] X The address of the MPI. - * \param nx The number of limbs of \p X. - * \param[out] buf The output buffer to export to. - * \param buflen The length in bytes of \p buf. + * \param[in] A The address of the MPI. + * \param A_limbs The number of limbs of \p A. + * \param[out] output The output buffer to export to. + * \param output_length The length in bytes of \p output. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't - * large enough to hold the value of \p X. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't + * large enough to hold the value of \p A. */ -int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, - size_t nx, - unsigned char *buf, - size_t buflen ); +int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *A, + size_t A_limbs, + unsigned char *output, + size_t output_length ); #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 5678ca092..c2c3aecf8 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -45,9 +45,9 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, - size_t pn ) + size_t p_limbs ) { - if( pn < m->limbs || !mbedtls_mpi_core_lt_ct( m->p, p, pn ) ) + if( p_limbs < m->limbs || !mbedtls_mpi_core_lt_ct( m->p, p, p_limbs ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); r->limbs = m->limbs; @@ -103,15 +103,15 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, const mbedtls_mpi_uint *p, - size_t pn, + size_t p_limbs, mbedtls_mpi_mod_ext_rep ext_rep, mbedtls_mpi_mod_rep_selector int_rep ) { int ret = 0; m->p = p; - m->limbs = pn; - m->bits = mbedtls_mpi_core_bitlen( p, pn ); + m->limbs = p_limbs; + m->bits = mbedtls_mpi_core_bitlen( p, p_limbs ); switch( ext_rep ) { diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 3fbedbff2..efbacb436 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -76,16 +76,16 @@ typedef struct { * The memory pointed to by \p p will be used by \p r and must * not be modified in any way until after * mbedtls_mpi_mod_residue_release() is called. - * \param pn The number of limbs of \p p. + * \param p_limbs The number of limbs of \p p. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p pn is less than the limbs - * in \p m or if \p p is not less than \p m. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the + * limbs in \p m or if \p p is not less than \p m. */ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, mbedtls_mpi_uint *p, - size_t pn ); + size_t p_limbs ); /** Unbind elements of a residue structure. * @@ -112,7 +112,7 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); * The memory pointed to by \p p will be used by \p m and must * not be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. - * \param pn The number of limbs of \p p. + * \param p_limbs The number of limbs of \p p. * \param ext_rep The external representation to be used for residues * associated with \p m (see #mbedtls_mpi_mod_ext_rep). * \param int_rep The internal representation to be used for residues @@ -124,7 +124,7 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); */ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, const mbedtls_mpi_uint *p, - size_t pn, + size_t p_limbs, mbedtls_mpi_mod_ext_rep ext_rep, mbedtls_mpi_mod_rep_selector int_rep ); diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 334965d12..0a3f3a031 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -43,18 +43,20 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, - const unsigned char *buf, - size_t buflen ) + const unsigned char *input, + size_t input_lentgth ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; switch( m->ext_rep ) { case MBEDTLS_MPI_MOD_EXT_REP_LE: - ret = mbedtls_mpi_core_read_le( X, m->limbs, buf, buflen ); + ret = mbedtls_mpi_core_read_le( X, m->limbs, + input, input_lentgth ); break; case MBEDTLS_MPI_MOD_EXT_REP_BE: - ret = mbedtls_mpi_core_read_be( X, m->limbs, buf, buflen ); + ret = mbedtls_mpi_core_read_be( X, m->limbs, + input, input_lentgth ); break; default: return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -74,17 +76,19 @@ cleanup: return( ret ); } -int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *X, +int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A, const mbedtls_mpi_mod_modulus *m, - unsigned char *buf, - size_t buflen ) + unsigned char *output, + size_t output_length ) { switch( m->ext_rep ) { case MBEDTLS_MPI_MOD_EXT_REP_LE: - return( mbedtls_mpi_core_write_le( X, m->limbs, buf, buflen ) ); + return( mbedtls_mpi_core_write_le( A, m->limbs, + output, output_length ) ); case MBEDTLS_MPI_MOD_EXT_REP_BE: - return( mbedtls_mpi_core_write_be( X, m->limbs, buf, buflen ) ); + return( mbedtls_mpi_core_write_be( A, m->limbs, + output, output_length ) ); default: return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); } diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index b4ef83dbf..5e1418bd6 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -38,42 +38,42 @@ * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). * - * \param[out] X The address of the MPI. The size is determined by \p m. (In - * particular, it must have at least as many limbs as the - * modulus \p m.) - * \param[in] m The address of the modulus related to \p X. - * \param[in] buf The input buffer to import from. - * \param buflen The length in bytes of \p buf. + * \param[out] X The address of the MPI. The size is determined by \p m. + * (In particular, it must have at least as many limbs as + * the modulus \p m.) + * \param[in] m The address of the modulus related to \p X. + * \param[in] input The input buffer to import from. + * \param input_length The length in bytes of \p input. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't - * large enough to hold the value in \p buf. + * large enough to hold the value in \p input. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation * of \p m is invalid or \p X is not less than \p m. */ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, - const unsigned char *buf, - size_t buflen ); + const unsigned char *input, + size_t input_length ); -/** Export X into unsigned binary data. +/** Export A into unsigned binary data. * - * \param[in] X The address of the MPI. The size is determined by \p m. (In - * particular, it must have at least as many limbs as the modulus - * \p m.) - * \param[in] m The address of the modulus related to \p X. - * \param[out] buf The output buffer to export to. - * \param buflen The length in bytes of \p buf. + * \param[in] A The address of the MPI. The size is determined by \p m. + * (In particular, it must have at least as many limbs as + * the modulus \p m.) + * \param[in] m The address of the modulus related to \p A. + * \param[out] output The output buffer to export to. + * \param output_length The length in bytes of \p output. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't - * large enough to hold the value of \p X. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't + * large enough to hold the value of \p A. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation * of \p m is invalid. */ -int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *X, +int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A, const mbedtls_mpi_mod_modulus *m, - unsigned char *buf, - size_t buflen ); + unsigned char *output, + size_t output_length ); #endif /* MBEDTLS_BIGNUM_MOD_RAW_H */ diff --git a/library/constant_time.c b/library/constant_time.c index d108b138a..f0b9aa3d9 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -744,9 +744,9 @@ cleanup: /* * Compare unsigned values in constant time */ -unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *Y, - size_t len ) +unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + size_t limbs ) { unsigned ret, cond, done; @@ -754,31 +754,31 @@ unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *X, * their scope. */ ret = cond = done = 0; - for( size_t i = len; i > 0; i-- ) + for( size_t i = limbs; i > 0; i-- ) { /* - * If Y[i - 1] < X[i - 1] then X < Y is false and the result must + * If B[i - 1] < A[i - 1] then A < B is false and the result must * remain 0. * * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_mpi_uint_lt( Y[i - 1], X[i - 1] ); + cond = mbedtls_ct_mpi_uint_lt( B[i - 1], A[i - 1] ); done |= cond; /* - * If X[i - 1] < Y[i - 1] then X < Y is true. + * If A[i - 1] < B[i - 1] then A < B is true. * * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_mpi_uint_lt( X[i - 1], Y[i - 1] ); + cond = mbedtls_ct_mpi_uint_lt( A[i - 1], B[i - 1] ); ret |= cond & ( 1 - done ); done |= cond; } /* - * If all the limbs were equal, then the numbers are equal, X < Y is false + * If all the limbs were equal, then the numbers are equal, A < B is false * and leaving the result 0 is correct. */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 8915f8bcb..a8518b4de 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -133,19 +133,19 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, * \brief Check if one unsigned MPI is less than another in constant * time. * - * \param X The left-hand MPI. This must point to an array of limbs - * with the same allocated length as \p Y. - * \param Y The right-hand MPI. This must point to an array of limbs - * with the same allocated length as \p X. - * \param len The number of limbs in \p X and \p Y. + * \param A The left-hand MPI. This must point to an array of limbs + * with the same allocated length as \p B. + * \param B The right-hand MPI. This must point to an array of limbs + * with the same allocated length as \p A. + * \param limbs The number of limbs in \p A and \p B. * * \return The result of the comparison: - * \c 1 if \p X is less than \p Y. - * \c 0 if \p X is greater than or equal to \p Y. + * \c 1 if \p A is less than \p B. + * \c 0 if \p A is greater than or equal to \p B. */ -unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *Y, - size_t len ); +unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + size_t limbs); #endif /* MBEDTLS_BIGNUM_C */ /** Choose between two integer values without branches. From ca5688e10c21c39065374479fcdb69b350af2f6c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Aug 2022 12:05:28 +0100 Subject: [PATCH 57/64] Improve coding style Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis Signed-off-by: Janos Follath --- library/bignum.c | 2 +- library/bignum_core.c | 5 ++++- library/bignum_core.h | 8 ++++---- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 9776d29de..acf620f9a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -712,7 +712,7 @@ cleanup: int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, unsigned char *buf, size_t buflen ) { - return( mbedtls_mpi_core_write_le( X->p, X->n, buf, buflen) ); + return( mbedtls_mpi_core_write_le( X->p, X->n, buf, buflen ) ); } /* diff --git a/library/bignum_core.c b/library/bignum_core.c index d3d74fff9..41be49616 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -174,7 +174,10 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, memset( X, 0, X_limbs * ciL ); for( size_t i = 0; i < input_length; i++ ) - X[i / ciL] |= ((mbedtls_mpi_uint) input[i]) << ((i % ciL) << 3); + { + size_t offset = ( ( i % ciL ) << 3 ); + X[i / ciL] |= ( (mbedtls_mpi_uint) input[i] ) << offset; + } } return( 0 ); diff --git a/library/bignum_core.h b/library/bignum_core.h index 1557d10b3..221bb1afe 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -141,9 +141,9 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *A, unsigned char *output, size_t output_length ); -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ +#define ciL ( sizeof(mbedtls_mpi_uint) ) /* chars in limb */ +#define biL ( ciL << 3 ) /* bits in limb */ +#define biH ( ciL << 2 ) /* half limb size */ /* * Convert between bits/chars and number of limbs @@ -153,6 +153,6 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *A, #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) /* Get a specific byte, without range checks. */ #define GET_BYTE( X, i ) \ - ( ( ( X )[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) + ( ( (X)[(i) / ciL] >> ( ( (i) % ciL ) * 8 ) ) & 0xff ) #endif /* MBEDTLS_BIGNUM_CORE_H */ From a95f204cd33ae62a1f3f1d98e36efae85b50fa16 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Aug 2022 12:09:17 +0100 Subject: [PATCH 58/64] Improve documentation Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis Co-authored-by: Minos Galanakis Signed-off-by: Janos Follath --- library/bignum_core.c | 2 +- library/bignum_core.h | 2 +- library/bignum_mod.c | 2 +- library/bignum_mod.h | 4 ++-- library/bignum_mod_raw.c | 2 +- library/bignum_mod_raw.h | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 41be49616..9d1e29c23 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -1,5 +1,5 @@ /* - * Multi-precision integer library + * Core bignum functions * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/library/bignum_core.h b/library/bignum_core.h index 221bb1afe..c75be260c 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -39,7 +39,7 @@ */ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint a ); -/** Return the the minimum number of bits required to represent the value held +/** Return the minimum number of bits required to represent the value held * in the MPI. * * \note This function returns 0 if all the limbs of \p A are 0. diff --git a/library/bignum_mod.c b/library/bignum_mod.c index c2c3aecf8..de2809372 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -1,5 +1,5 @@ /** - * Internal bignum functions + * Modular bignum functions * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/library/bignum_mod.h b/library/bignum_mod.h index efbacb436..9d28bc7e4 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -101,7 +101,7 @@ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ); /** Initialize a modulus structure. * - * \param[out] m The address of a modulus. + * \param[out] m The address of the modulus structure to initialize. */ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); @@ -136,7 +136,7 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, * mbedtls_mpi_mod_modulus_setup() only removes the reference to it, * making it safe to free or to use it again. * - * \param[in,out] m The address of a modulus. + * \param[in,out] m The address of the modulus structure to free. */ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 0a3f3a031..88311dd7b 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -1,5 +1,5 @@ /* - * Multi-precision integer library + * Low-level modular bignum functions * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 5e1418bd6..4b2a51f88 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -1,5 +1,5 @@ /** - * Low level modular bignum functions + * Low-level modular bignum functions * * This interface only should be used by the higher level modular bignum * module (bignum_mod.c) and the ECP module (ecp.c, ecp_curves.c). All other From deb8030e9f68380b5b7ec6c89e61c45593e5e7be Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Aug 2022 13:32:17 +0100 Subject: [PATCH 59/64] Improve mbedtls_mpi_core_lt_ct() unit tests - Improve test descriptions - Add more test cases with return value of 1 - Remove the mbedtls prefix from the test function Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.data | 106 +++++++++++++++++---------- tests/suites/test_suite_mpi.function | 2 +- 2 files changed, 69 insertions(+), 39 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 627911789..7573f95a3 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -594,62 +594,92 @@ mbedtls_mpi_cmp_mpi:"-1230000000000000000":"":-1 Test mbedtls_mpi_cmp_mpi: large negative < 0 (1 limb) mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0":-1 -Base test mbedtls_mpi_core_lt_ct #1 -mbedtls_mpi_core_lt_ct:"02B5":"02B5":0 +mbedtls_mpi_core_lt_ct: x=y (1 limb) +mpi_core_lt_ct:"02B5":"02B5":0 -Base test mbedtls_mpi_core_lt_ct #2 -mbedtls_mpi_core_lt_ct:"02B5":"02B4":0 +mbedtls_mpi_core_lt_ct: x>y (1 limb) +mpi_core_lt_ct:"02B5":"02B4":0 -Base test mbedtls_mpi_core_lt_ct #3 -mbedtls_mpi_core_lt_ct:"02B5":"02B6":1 +mbedtls_mpi_core_lt_ct: xy (63 bit x, y first byte greater) +mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"FF":0 -Base test mbedtls_mpi_core_lt_ct (corner case - 64 bit) #2 -mbedtls_mpi_core_lt_ct:"8000000000000000":"7FFFFFFFFFFFFFFF":0 +mbedtls_mpi_core_lt_ct: xy (64 bit x, y=x-1) +mpi_core_lt_ct:"8000000000000000":"7FFFFFFFFFFFFFFF":0 -Base test mbedtls_mpi_core_lt_ct (corner case - 64 bit) #4 -mbedtls_mpi_core_lt_ct:"8000000000000000":"00":0 +mbedtls_mpi_core_lt_ct: xy (64 bit x, y=1) +mpi_core_lt_ct:"8000000000000000":"01":0 -Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #1 -mbedtls_mpi_core_lt_ct:"7FFFFFFF":"FF":0 +mbedtls_mpi_core_lt_ct: xy (64 bit x, y=0) +mpi_core_lt_ct:"8000000000000000":"00":0 -Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #3 -mbedtls_mpi_core_lt_ct:"80000000":"01":0 +mbedtls_mpi_core_lt_ct: xy (64 bit x, first bytes equal) +mpi_core_lt_ct:"FFFFFFFFFFFFFFFF":"FF":0 -Base test mbedtls_mpi_core_lt_ct (corner case - 32 bit) #5 -mbedtls_mpi_core_lt_ct:"FFFFFFFF":"FF":0 +mbedtls_mpi_core_lt_ct: xy (31 bit x, y first byte greater) +mpi_core_lt_ct:"7FFFFFFF":"FF":0 -Multi-limb mbedtls_mpi_core_lt_ct (X>Y, equal MS limbs) -mbedtls_mpi_core_lt_ct:"EEFFFFFFFFFFFFFFFF":"EEFFFFFFFFFFFFFFF1":0 +mbedtls_mpi_core_lt_ct: xy (32 bit x, y=x-1) +mpi_core_lt_ct:"80000000":"7FFFFFFF":0 -Multi-limb mbedtls_mpi_core_lt_ct (Alternating limbs) #1 -mbedtls_mpi_core_lt_ct:"11FFFFFFFFFFFFFFFF":"FF1111111111111111":1 +mbedtls_mpi_core_lt_ct: xy (32 bit x, y=1) +mpi_core_lt_ct:"80000000":"01":0 + +mbedtls_mpi_core_lt_ct: xy (32 bit x, y=0) +mpi_core_lt_ct:"80000000":"00":0 + +mbedtls_mpi_core_lt_ct: xy (32 bit x, first bytes equal) +mpi_core_lt_ct:"FFFFFFFF":"FF":0 + +mbedtls_mpi_core_lt_ct: xy, equal MS limbs +mpi_core_lt_ct:"EEFFFFFFFFFFFFFFFF":"EEFFFFFFFFFFFFFFF1":0 + +mbedtls_mpi_core_lt_ct: x=y (multi-limb) +mpi_core_lt_ct:"EEFFFFFFFFFFFFFFFF":"EEFFFFFFFFFFFFFFFF":0 + +mbedtls_mpi_core_lt_ct: xy (alternating limbs) +mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 Base test mbedtls_mpi_lt_mpi_ct #1 mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index b75f0f8a0..23e270b3c 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -722,7 +722,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_mpi_core_lt_ct( data_t * input_X, data_t * input_Y, int input_ret ) +void mpi_core_lt_ct( data_t * input_X, data_t * input_Y, int input_ret ) { #define MAX_LEN 64 mbedtls_mpi_uint X[MAX_LEN]; From af3f39c01c14b7c5b4be39a9f33b2b537dade93f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 22 Aug 2022 09:06:32 +0100 Subject: [PATCH 60/64] Fix typos Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis Signed-off-by: Janos Follath --- library/bignum_core.c | 6 +++--- library/bignum_core.h | 14 +++++++------- library/bignum_mod_raw.c | 6 +++--- library/bignum_mod_raw.h | 4 ++-- library/constant_time_internal.h | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 9d1e29c23..68c49dfc1 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -229,7 +229,7 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *A, { bytes_to_copy = output_length; - /* The output outputfer is smaller than the allocated size of A. + /* The output buffer is smaller than the allocated size of A. * However A may fit if its leading bytes are zero. */ for( size_t i = bytes_to_copy; i < stored_bytes; i++ ) { @@ -263,7 +263,7 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, if( stored_bytes < output_length ) { - /* There is enough space in the output outputfer. Write initial + /* There is enough space in the output buffer. Write initial * null bytes and record the position at which to start * writing the significant bytes. In this case, the execution * trace of this function does not depend on the value of the @@ -274,7 +274,7 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X, } else { - /* The output outputfer is smaller than the allocated size of X. + /* The output buffer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ bytes_to_copy = output_length; p = output; diff --git a/library/bignum_core.h b/library/bignum_core.h index c75be260c..37f361726 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -1,9 +1,9 @@ /** * Core bignum functions * - * This interface only should be used by the legacy bignum module (bignum.h) + * This interface should only be used by the legacy bignum module (bignum.h) * and the modular bignum modules (bignum_mod.c, bignum_mod_raw.c). All other - * modules should use the high level modular bignum interface (bignum_mod.h) + * modules should use the high-level modular bignum interface (bignum_mod.h) * or the legacy bignum interface (bignum.h). * * Copyright The Mbed TLS Contributors @@ -49,7 +49,7 @@ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint a ); * * \return The number of bits in \p A. */ -size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t a_limbs ); +size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t A_limbs ); /** Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. @@ -60,7 +60,7 @@ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t a_limbs ); void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, size_t limbs ); -/** Import X from unsigned binary data, little endian. +/** Import X from unsigned binary data, little-endian. * * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). @@ -79,7 +79,7 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, const unsigned char *input, size_t input_length ); -/** Import X from unsigned binary data, big endian. +/** Import X from unsigned binary data, big-endian. * * The MPI needs to have enough limbs to store the full value (including any * most significant zero bytes in the input). @@ -101,7 +101,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X, const unsigned char *input, size_t input_length ); -/** Export A into unsigned binary data, little endian. +/** Export A into unsigned binary data, little-endian. * * \note If \p output is shorter than \p A the export is still successful if the * value held in \p A fits in the buffer (that is, if enough of the most @@ -121,7 +121,7 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *A, unsigned char *output, size_t output_length ); -/** Export A into unsigned binary data, big endian. +/** Export A into unsigned binary data, big-endian. * * \note If \p output is shorter than \p A the export is still successful if the * value held in \p A fits in the buffer (that is, if enough of the most diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 88311dd7b..8c89b2cdf 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -44,7 +44,7 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, const unsigned char *input, - size_t input_lentgth ) + size_t input_length ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -52,11 +52,11 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, { case MBEDTLS_MPI_MOD_EXT_REP_LE: ret = mbedtls_mpi_core_read_le( X, m->limbs, - input, input_lentgth ); + input, input_length ); break; case MBEDTLS_MPI_MOD_EXT_REP_BE: ret = mbedtls_mpi_core_read_be( X, m->limbs, - input, input_lentgth ); + input, input_length ); break; default: return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 4b2a51f88..7b3a0c177 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -1,9 +1,9 @@ /** * Low-level modular bignum functions * - * This interface only should be used by the higher level modular bignum + * This interface should only be used by the higher-level modular bignum * module (bignum_mod.c) and the ECP module (ecp.c, ecp_curves.c). All other - * modules should use the high level modular bignum interface (bignum_mod.h) + * modules should use the high-level modular bignum interface (bignum_mod.h) * or the legacy bignum interface (bignum.h). * * Copyright The Mbed TLS Contributors diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index a8518b4de..fc24ae59a 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -137,7 +137,7 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, * with the same allocated length as \p B. * \param B The right-hand MPI. This must point to an array of limbs * with the same allocated length as \p A. - * \param limbs The number of limbs in \p A and \p B. + * \param limbs The number of limbs in \p A and \p B. * * \return The result of the comparison: * \c 1 if \p A is less than \p B. From 494a6d22bd77c6991805b4fc1f5a95bf97742a46 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 22 Aug 2022 09:36:17 +0100 Subject: [PATCH 61/64] Bignum tests: use TEST_EQUAL TEST_EQUAL(), has the benefit of outputting the values that don't match, which can make debugging simpler. Scope: - Recently added new test functions - Checks making sure the test case/data is consistent is out of scope - Only checks where printing the values is likely to be helpful Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.function | 50 ++++++++++++++-------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 23e270b3c..8c40b229a 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -208,24 +208,24 @@ void mbedtls_mpi_core_io_null() int ret; ret = mbedtls_mpi_core_read_be( &X, 1, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); ret = mbedtls_mpi_core_write_be( &X, 1, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); ret = mbedtls_mpi_core_read_be( NULL, 0, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); ret = mbedtls_mpi_core_write_be( NULL, 0, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); ret = mbedtls_mpi_core_read_le( &X, 1, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); ret = mbedtls_mpi_core_write_le( &X, 1, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); ret = mbedtls_mpi_core_read_le( NULL, 0, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); ret = mbedtls_mpi_core_write_le( NULL, 0, NULL, 0 ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); exit: ; @@ -256,12 +256,12 @@ void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); int ret = mbedtls_mpi_core_read_be( X, nx, input->x, input->len ); - TEST_ASSERT( ret == iret ); + TEST_EQUAL( ret, iret ); if( iret == 0 ) { ret = mbedtls_mpi_core_write_be( X, nx, buf, nb ); - TEST_ASSERT( ret == oret ); + TEST_EQUAL( ret, oret ); } if( ( iret == 0 ) && ( oret == 0 ) ) @@ -271,14 +271,14 @@ void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, size_t leading_zeroes = nb - input->len; TEST_ASSERT( memcmp( buf + nb - input->len, input->x, input->len ) == 0 ); for( size_t i = 0; i < leading_zeroes; i++ ) - TEST_ASSERT( buf[i] == 0 ); + TEST_EQUAL( buf[i], 0 ); } else { size_t leading_zeroes = input->len - nb; TEST_ASSERT( memcmp( input->x + input->len - nb, buf, nb ) == 0 ); for( size_t i = 0; i < leading_zeroes; i++ ) - TEST_ASSERT( input->x[i] == 0 ); + TEST_EQUAL( input->x[i], 0 ); } } @@ -311,12 +311,12 @@ void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); int ret = mbedtls_mpi_core_read_le( X, nx, input->x, input->len ); - TEST_ASSERT( ret == iret ); + TEST_EQUAL( ret, iret ); if( iret == 0 ) { ret = mbedtls_mpi_core_write_le( X, nx, buf, nb ); - TEST_ASSERT( ret == oret ); + TEST_EQUAL( ret, oret ); } if( ( iret == 0 ) && ( oret == 0 ) ) @@ -325,13 +325,13 @@ void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, { TEST_ASSERT( memcmp( buf, input->x, input->len ) == 0 ); for( size_t i = input->len; i < nb; i++ ) - TEST_ASSERT( buf[i] == 0 ); + TEST_EQUAL( buf[i], 0 ); } else { TEST_ASSERT( memcmp( input->x, buf, nb ) == 0 ); for( size_t i = nb; i < input->len; i++ ) - TEST_ASSERT( input->x[i] == 0 ); + TEST_EQUAL( input->x[i], 0 ); } } @@ -352,7 +352,7 @@ void mbedtls_mpi_mod_setup( int ext_rep, int int_rep, int iret ) mbedtls_mpi_mod_modulus_init( &m ); ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, ext_rep, int_rep ); - TEST_ASSERT( ret == iret ); + TEST_EQUAL( ret, iret ); /* Address sanitiser should catch if we try to free mp */ mbedtls_mpi_mod_modulus_free( &m ); @@ -404,13 +404,13 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, memset( init, 0xFF, sizeof( init ) ); int ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, endian, MBEDTLS_MPI_MOD_REP_MONTGOMERY ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( ret, 0 ); if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0 ) m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; ret = mbedtls_mpi_mod_raw_read( X, &m, input->x, input->len ); - TEST_ASSERT( ret == iret ); + TEST_EQUAL( ret, iret ); if( iret == 0 ) { @@ -418,7 +418,7 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; ret = mbedtls_mpi_mod_raw_write( X, &m, buf, nb ); - TEST_ASSERT( ret == oret ); + TEST_EQUAL( ret, oret ); } if( ( iret == 0 ) && ( oret == 0 ) ) @@ -430,13 +430,13 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, size_t leading_zeroes = nb - input->len; TEST_ASSERT( memcmp( buf + nb - input->len, input->x, input->len ) == 0 ); for( size_t i = 0; i < leading_zeroes; i++ ) - TEST_ASSERT( buf[i] == 0 ); + TEST_EQUAL( buf[i], 0 ); } else { TEST_ASSERT( memcmp( buf, input->x, input->len ) == 0 ); for( size_t i = input->len; i < nb; i++ ) - TEST_ASSERT( buf[i] == 0 ); + TEST_EQUAL( buf[i], 0 ); } } else @@ -446,13 +446,13 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, size_t leading_zeroes = input->len - nb; TEST_ASSERT( memcmp( input->x + input->len - nb, buf, nb ) == 0 ); for( size_t i = 0; i < leading_zeroes; i++ ) - TEST_ASSERT( input->x[i] == 0 ); + TEST_EQUAL( input->x[i], 0 ); } else { TEST_ASSERT( memcmp( input->x, buf, nb ) == 0 ); for( size_t i = nb; i < input->len; i++ ) - TEST_ASSERT( input->x[i] == 0 ); + TEST_EQUAL( input->x[i], 0 ); } } } @@ -748,7 +748,7 @@ void mpi_core_lt_ct( data_t * input_X, data_t * input_Y, int input_ret ) TEST_CF_PUBLIC( Y, len * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( &ret, sizeof( ret ) ); - TEST_ASSERT( ret == exp_ret ); + TEST_EQUAL( ret, exp_ret ); exit: ; From 6b8e0c288416c462c75b0745286978d0bccb2013 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 22 Aug 2022 09:54:25 +0100 Subject: [PATCH 62/64] Bignum: make tests more readable Signed-off-by: Janos Follath --- tests/suites/test_suite_mpi.function | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 8c40b229a..dae326225 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -247,10 +247,12 @@ void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret, /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need * to halve the number of limbs to have the same size. */ - if( sizeof( mbedtls_mpi_uint ) == 8 ) - nx_32_int = nx_32_int / 2 + nx_32_int % 2; + size_t nx; TEST_ASSERT( 0 <= nx_32_int ); - size_t nx = nx_32_int; + if( sizeof( mbedtls_mpi_uint ) == 8 ) + nx = nx_32_int / 2 + nx_32_int % 2; + else + nx = nx_32_int; mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )]; TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); @@ -302,10 +304,12 @@ void mbedtls_mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret, /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need * to halve the number of limbs to have the same size. */ - if( sizeof( mbedtls_mpi_uint ) == 8 ) - nx_32_int = nx_32_int / 2 + nx_32_int % 2; + size_t nx; TEST_ASSERT( 0 <= nx_32_int ); - size_t nx = nx_32_int; + if( sizeof( mbedtls_mpi_uint ) == 8 ) + nx = nx_32_int / 2 + nx_32_int % 2; + else + nx = nx_32_int; mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )]; TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); @@ -384,10 +388,12 @@ void mbedtls_mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, /* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need * to halve the number of limbs to have the same size. */ - if( sizeof( mbedtls_mpi_uint ) == 8 ) - nx_32_int = nx_32_int / 2 + nx_32_int % 2; + size_t nx; TEST_ASSERT( 0 <= nx_32_int ); - size_t nx = nx_32_int; + if( sizeof( mbedtls_mpi_uint ) == 8 ) + nx = nx_32_int / 2 + nx_32_int % 2; + else + nx = nx_32_int; mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )]; TEST_ASSERT( nx <= sizeof( X ) / sizeof( X[0] ) ); From c459641ad1d2fdc779d79367c2454a7a0b6286dd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 22 Aug 2022 10:01:27 +0100 Subject: [PATCH 63/64] Bignum: add missing limb qualifiers Signed-off-by: Janos Follath --- library/bignum_core.c | 6 +++--- library/bignum_core.h | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 68c49dfc1..15557e67d 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -130,11 +130,11 @@ static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint a ) } void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, - size_t limbs ) + size_t A_limbs ) { mbedtls_mpi_uint *cur_limb_left; mbedtls_mpi_uint *cur_limb_right; - if( limbs == 0 ) + if( A_limbs == 0 ) return; /* @@ -146,7 +146,7 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * than the right index (it's not a problem if limbs is odd and the * indices coincide in the last iteration). */ - for( cur_limb_left = A, cur_limb_right = A + ( limbs - 1 ); + for( cur_limb_left = A, cur_limb_right = A + ( A_limbs - 1 ); cur_limb_left <= cur_limb_right; cur_limb_left++, cur_limb_right-- ) { diff --git a/library/bignum_core.h b/library/bignum_core.h index 37f361726..9fd9d2070 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -45,7 +45,7 @@ size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint a ); * \note This function returns 0 if all the limbs of \p A are 0. * * \param[in] A The address of the MPI. - * \param a_limbs The number of limbs of \p A. + * \param A_limbs The number of limbs of \p A. * * \return The number of bits in \p A. */ @@ -55,10 +55,10 @@ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t A_limbs ); * into the storage form used by mbedtls_mpi. * * \param[in,out] A The address of the MPI. - * \param limbs The number of limbs of \p A. + * \param A_limbs The number of limbs of \p A. */ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, - size_t limbs ); + size_t A_limbs ); /** Import X from unsigned binary data, little-endian. * From 2e328c85918669e58cd86540cfafecd7ac605463 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 22 Aug 2022 11:19:10 +0100 Subject: [PATCH 64/64] Remove confusing const qualifier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since a is not a pointer, it is passed by value and declaring it const doesn’t make any sense and on the first read can make me miss the fact that a is not a pointer. Signed-off-by: Janos Follath --- library/bignum_core.c | 2 +- library/bignum_core.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 15557e67d..8e89766a7 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -38,7 +38,7 @@ #include "bignum_core.h" -size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint a ) +size_t mbedtls_mpi_core_clz( mbedtls_mpi_uint a ) { size_t j; mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); diff --git a/library/bignum_core.h b/library/bignum_core.h index 9fd9d2070..434f52b5e 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -37,7 +37,7 @@ * * \return The number of leading zero bits in \p a. */ -size_t mbedtls_mpi_core_clz( const mbedtls_mpi_uint a ); +size_t mbedtls_mpi_core_clz( mbedtls_mpi_uint a ); /** Return the minimum number of bits required to represent the value held * in the MPI.