Merge pull request #7703 from gabor-mezei-arm/7598_clone_the_eco_module

[Bignum] Clone the ECP module

library/CMakeLists.txt

@@ -37,6 +37,7 @@ set(src_crypto
     ecdsa.c
     ecjpake.c
     ecp.c
+    ecp_new.c
     ecp_curves.c
     entropy.c
     entropy_poll.c

library/Makefile

@@ -102,6 +102,7 @@ OBJS_CRYPTO= \
 	     ecdsa.o \
 	     ecjpake.o \
 	     ecp.o \
+	     ecp_new.o \
 	     ecp_curves.o \
 	     entropy.o \
 	     entropy_poll.o \

library/ecp.c

@@ -43,6 +43,8 @@
 
 #include "common.h"
 
+#if !defined(MBEDTLS_ECP_WITH_MPI_UINT)
+
 /**
  * \brief Function level alternative implementation.
  *
@@ -3636,6 +3638,18 @@ cleanup:
 
 #endif /* MBEDTLS_SELF_TEST */
 
+#if defined(MBEDTLS_TEST_HOOKS)
+
+MBEDTLS_STATIC_TESTABLE
+mbedtls_ecp_variant mbedtls_ecp_get_variant()
+{
+    return MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT;
+}
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
 #endif /* !MBEDTLS_ECP_ALT */
 
 #endif /* MBEDTLS_ECP_LIGHT */
+
+#endif /* MBEDTLS_ECP_WITH_MPI_UINT */

library/ecp_invasive.h

@@ -40,8 +40,26 @@ typedef enum {
     MBEDTLS_ECP_MOD_SCALAR
 } mbedtls_ecp_modulus_type;
 
+/* Provide a commented-out definition so that `check_names.py` knows that
+ * it's not a typo.
+ */
+//#define MBEDTLS_ECP_WITH_MPI_UINT
+
+typedef enum {
+    MBEDTLS_ECP_VARIANT_NONE = 0,
+    MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT,
+    MBEDTLS_ECP_VARIANT_WITH_MPI_UINT
+} mbedtls_ecp_variant;
+
 #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_LIGHT)
 
+/** Queries the ecp variant.
+ *
+ * \return  The id of the ecp variant.
+ */
+MBEDTLS_STATIC_TESTABLE
+mbedtls_ecp_variant mbedtls_ecp_get_variant(void);
+
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
 /** Generate a private key on a Montgomery curve (Curve25519 or Curve448).
  *

tests/scripts/all.sh

@@ -1026,6 +1026,27 @@ component_test_default_cmake_gcc_asan () {
     tests/context-info.sh
 }
 
+component_test_default_cmake_gcc_asan_new_bignum () {
+    msg "build: cmake, gcc, ASan" # ~ 1 min 50s
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make CFLAGS="-D MBEDTLS_ECP_WITH_MPI_UINT"
+
+    msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
+    make test
+
+    msg "test: selftest (ASan build)" # ~ 10s
+    programs/test/selftest
+
+    msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
+    tests/ssl-opt.sh
+
+    msg "test: compat.sh (ASan build)" # ~ 6 min
+    tests/compat.sh
+
+    msg "test: context-info.sh (ASan build)" # ~ 15 sec
+    tests/context-info.sh
+}
+
 component_test_full_cmake_gcc_asan () {
     msg "build: full config, cmake, gcc, ASan"
     scripts/config.py full
@@ -1061,6 +1082,56 @@ component_test_full_cmake_gcc_asan () {
         full-libmbedx509-modules
 }
 
+
+component_test_full_cmake_gcc_asan_new_bignum () {
+    msg "build: full config, cmake, gcc, ASan"
+    scripts/config.py full
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make CFLAGS="-D MBEDTLS_ECP_WITH_MPI_UINT"
+
+    msg "test: main suites (inc. selftests) (full config, ASan build)"
+    make test
+
+    msg "test: selftest (ASan build)" # ~ 10s
+    programs/test/selftest
+
+    msg "test: ssl-opt.sh (full config, ASan build)"
+    tests/ssl-opt.sh
+
+    msg "test: compat.sh (full config, ASan build)"
+    tests/compat.sh
+
+    msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
+    tests/context-info.sh
+
+    msg "test: check direct ECP dependencies in TLS and X.509"
+    docs/architecture/psa-migration/syms.sh full
+
+    # TODO: replace "mbedtls_ecp_curve" with "mbedtls_ecp" also for
+    # "full-tls-external" once Issue6839 is completed
+    not grep mbedtls_ecp_curve full-libmbedtls-external
+    not grep mbedtls_ecp full-libmbedx509-external
+
+    rm  full-libmbedtls-external \
+        full-libmbedtls-modules \
+        full-libmbedx509-external \
+        full-libmbedx509-modules
+}
+
+component_test_full_cmake_gcc_asan_new_bignum_test_hooks () {
+    msg "build: full config, cmake, gcc, ASan"
+    scripts/config.py full
+    scripts/config.py set MBEDTLS_TEST_HOOKS
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make CFLAGS="-DMBEDTLS_ECP_WITH_MPI_UINT"
+
+    msg "test: main suites (inc. selftests) (full config, ASan build)"
+    make test
+
+    msg "test: selftest (ASan build)" # ~ 10s
+    programs/test/selftest
+}
+
 component_test_psa_crypto_key_id_encodes_owner () {
     msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
     scripts/config.py full

tests/suites/test_suite_ecp.data

@@ -1953,3 +1953,6 @@ ecp_mod_random:MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
 ecp_random #25 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
 depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
 ecp_mod_random:MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp variant check
+check_variant:

tests/suites/test_suite_ecp.function

@@ -1630,3 +1630,16 @@ exit:
     mbedtls_free(rX_raw);
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void check_variant()
+{
+    mbedtls_ecp_variant variant = mbedtls_ecp_get_variant();
+
+#if defined(MBEDTLS_ECP_VARIANT_WITH_MPI_UINT)
+    TEST_EQUAL(variant, MBEDTLS_ECP_VARIANT_WITH_MPI_UINT);
+#else
+    TEST_EQUAL(variant, MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT);
+#endif
+}
+/* END_CASE */