From 81f4b11010097d578e81df49927a3743c4cfa210 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 10 Nov 2022 14:40:38 +0000 Subject: [PATCH 01/28] bignum_mod: Added `mbedtls_mpi_mod_read/write()` IO functions This patch adds input and ouput fucntions in the `bignum_mod` layer. The data will be automatically converted between Cannonical and Montgomery representation if required. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 47 ++++++++++++++++++++++++++++++++++++++++++++ library/bignum_mod.h | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 13108c51f..a4ed32b6a 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -209,7 +209,54 @@ exit: /* END MERGE SLOT 6 */ /* BEGIN MERGE SLOT 7 */ +int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ) +{ + int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + if ( r == NULL || m == NULL ) + goto cleanup; + + if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs ||\ + r->limbs == 0 || m->limbs == 0 ) + goto cleanup; + + ret = mbedtls_mpi_mod_raw_read( r->p, m, buf, buflen ); + + if( ret != 0 ) + goto cleanup; + + if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) + ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, m); + +cleanup: + return ( ret ); +} + +int mbedtls_mpi_mod_write( mbedtls_mpi_mod_residue *r, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ) +{ + int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + + if ( r == NULL || m == NULL ) + goto cleanup; + + if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs ||\ + r->limbs == 0 || m->limbs == 0 ) + goto cleanup; + + if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) + ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m ); + + ret = mbedtls_mpi_mod_raw_write( r->p, m, buf, buflen ); + +cleanup: + return ( ret ); +} /* END MERGE SLOT 7 */ /* BEGIN MERGE SLOT 8 */ diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 29c26f2ef..9378aabac 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -173,7 +173,51 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); /* END MERGE SLOT 6 */ /* BEGIN MERGE SLOT 7 */ +/** Read public representation data stored in a buffer into a residue structure. + * + * The `mbedtls_mpi_mod_residue` and `mbedtls_mpi_mod_modulus` structures must + * be compatible. The data will be automatically converted into the appropriate + * representation based on the value of `m->int_rep field`. + * + * \param r The address of the residue related to \p m. It must have as + * many limbs as the modulus \p m. + * \param m The address of the modulus. + * \param buf The input buffer to import from. + * \param buflen The length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't + * large enough to hold the value in \p buf. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation + * of \p m is invalid or \p X is not less than \p m. + */ +int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ); +/** Write residue data onto a buffer using public representation data. + * + * The `mbedtls_mpi_mod_residue` and `mbedtls_mpi_mod_modulus` structures must + * be compatible. The data will be automatically converted into the appropriate + * representation based on the value of `m->int_rep field`. + * + * \param r The address of the residue related to \p m. It must have as + * many limbs as the modulus \p m. + * \param m The address of the modulus. + * \param buf The output buffer to export to. + * \param buflen The length in bytes of \p buf. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't + * large enough to hold the value of \p X. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation + * of \p m is invalid. + */ +int mbedtls_mpi_mod_write( mbedtls_mpi_mod_residue *r, + mbedtls_mpi_mod_modulus *m, + unsigned char *buf, + size_t buflen ); /* END MERGE SLOT 7 */ /* BEGIN MERGE SLOT 8 */ From 8f242706303b4b681fbe4e350ece31928b151098 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 10 Nov 2022 16:56:02 +0000 Subject: [PATCH 02/28] test_suite_bignum_mod: Added tests for hight level IO This patch adds the following tests for the high levet IO api: * mpi_mod_io_neg * mpi_mod_io Manually generated test data has also been included. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_bignum_mod.data | 231 +++++++++++++++++++- tests/suites/test_suite_bignum_mod.function | 142 ++++++++++++ 2 files changed, 366 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index 95faa53b8..6b25c49ee 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -50,17 +50,234 @@ mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 # END MERGE SLOT 6 # BEGIN MERGE SLOT 7 +Test mbedtls_mpi_mod_io_neg +mpi_mod_io_neg: -# END MERGE SLOT 7 +Test mbedtls_mpi_mod_io #1 N: "11" A: "119". +mpi_mod_io:"000000000000000b":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE -# BEGIN MERGE SLOT 8 +Test mbedtls_mpi_mod_io #2 N: "11" A: "136". +mpi_mod_io:"000000000000000b":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE -# END MERGE SLOT 8 +Test mbedtls_mpi_mod_io #3 N: "11" A: "119". +mpi_mod_io:"000000000000000b":"0000000000000001":MBEDTLS_MPI_MOD_EXT_REP_BE -# BEGIN MERGE SLOT 9 +Test mbedtls_mpi_mod_io #4 N: "11" A: "136". +mpi_mod_io:"000000000000000b":"0100000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE -# END MERGE SLOT 9 +Test mbedtls_mpi_mod_io #5 N: "140737488355333" A: "119". +mpi_mod_io:"0000800000000005":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE -# BEGIN MERGE SLOT 10 +Test mbedtls_mpi_mod_io #6 N: "140737488355333" A: "136". +mpi_mod_io:"0000800000000005":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #7 N: "140737488355333" A: "119". +mpi_mod_io:"0000800000000005":"0000000000000001":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #8 N: "140737488355333" A: "136". +mpi_mod_io:"0000800000000005":"0100000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #9 N: "140737488355333" A: "119". +mpi_mod_io:"0000800000000005":"00000000000003ca":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #10 N: "140737488355333" A: "136". +mpi_mod_io:"0000800000000005":"ca03000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #11 N: "140737488355333" A: "119". +mpi_mod_io:"0000800000000005":"00000000539ed428":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #12 N: "140737488355333" A: "136". +mpi_mod_io:"0000800000000005":"28d49e5300000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #13 N: "9223372036854775807" A: "119". +mpi_mod_io:"7fffffffffffffff":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #14 N: "9223372036854775807" A: "136". +mpi_mod_io:"7fffffffffffffff":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #15 N: "9223372036854775807" A: "119". +mpi_mod_io:"7fffffffffffffff":"0000000000000001":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #16 N: "9223372036854775807" A: "136". +mpi_mod_io:"7fffffffffffffff":"0100000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #17 N: "9223372036854775807" A: "119". +mpi_mod_io:"7fffffffffffffff":"00000000000003ca":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #18 N: "9223372036854775807" A: "136". +mpi_mod_io:"7fffffffffffffff":"ca03000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #19 N: "9223372036854775807" A: "119". +mpi_mod_io:"7fffffffffffffff":"00000000539ed428":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #20 N: "9223372036854775807" A: "136". +mpi_mod_io:"7fffffffffffffff":"28d49e5300000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #21 N: "9223372036854775807" A: "119". +mpi_mod_io:"7fffffffffffffff":"7dfe5c6beb35a2d6":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #22 N: "9223372036854775807" A: "136". +mpi_mod_io:"7fffffffffffffff":"d6a235eb6b5cfe7d":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #23 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #24 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #25 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #26 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #27 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ca":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #28 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"ca030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #29 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000539ed428":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #30 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"28d49e53000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #31 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007dfe5c6beb35a2d6":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #32 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"d6a235eb6b5cfe7d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #33 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dca8de1c2adfc6d7aafb9b48e":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #34 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"8eb4b9af7a6dfcadc2e18dca0d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #35 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a7d17b6c4be72f3d5c16bf9c1af6fc933":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #36 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"33c96fafc1f96bc1d5f372bec4b6177d0a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #37 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002fec97beec546f9553142ed52f147845463f579":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #38 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"79f563548447f152ed423155f946c5ee7bc9fe020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #39 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "119". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"00000000000000000000000000000000000000000000000000000000000000000000000000000000378dc83b8bc5a7b62cba495af4919578dce6d4f175cadc4f":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #40 N: "6610145858169835373800827072568987987787972943497619105736762797475099959212160692262984293277166612477845864397201463825139894315919781838969391314120587" A: "136". +mpi_mod_io:"7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a98df75154f8c914a282f8b":"4fdcca75f1d4e6dc789591f45a49ba2cb6a7c58b3bc88d3700000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #41 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #42 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #43 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"000000000000000000000000000000000000000000000001":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #44 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"010000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #45 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"0000000000000000000000000000000000000000000003ca":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #46 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"ca0300000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #47 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"0000000000000000000000000000000000000000539ed428":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #48 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"28d49e530000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #49 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"000000000000000000000000000000007dfe5c6beb35a2d6":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #50 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"d6a235eb6b5cfe7d00000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #51 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"00000000000000000000000dca8de1c2adfc6d7aafb9b48e":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #52 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"8eb4b9af7a6dfcadc2e18dca0d0000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #53 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"000000000000000a7d17b6c4be72f3d5c16bf9c1af6fc933":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #54 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"33c96fafc1f96bc1d5f372bec4b6177d0a00000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #55 N: "201076468338594879614802819276237850336264827391977454179" A: "119". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"0000000002fec97beec546f9553142ed52f147845463f579":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #56 N: "201076468338594879614802819276237850336264827391977454179" A: "136". +mpi_mod_io:"08335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"79f563548447f152ed423155f946c5ee7bc9fe0200000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #57 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #58 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #59 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #60 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #61 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ca":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #62 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"ca030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #63 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000539ed428":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #64 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"28d49e53000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #65 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007dfe5c6beb35a2d6":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #66 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"d6a235eb6b5cfe7d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #67 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dca8de1c2adfc6d7aafb9b48e":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #68 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"8eb4b9af7a6dfcadc2e18dca0d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #69 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a7d17b6c4be72f3d5c16bf9c1af6fc933":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #70 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"33c96fafc1f96bc1d5f372bec4b6177d0a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #71 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002fec97beec546f9553142ed52f147845463f579":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #72 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"79f563548447f152ed423155f946c5ee7bc9fe020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #73 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000378dc83b8bc5a7b62cba495af4919578dce6d4f175cadc4f":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #74 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"4fdcca75f1d4e6dc789591f45a49ba2cb6a7c58b3bc88d3700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_MPI_MOD_EXT_REP_LE + +Test mbedtls_mpi_mod_io #75 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "119". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"b6415f2a1a8e48a518345db11f56db3829c8f2c6415ab4a395ab3ac2ea4cbef4af86eb18a84eb6ded4c6ecbfc4b59c2879a675487f687adea9d197a84a5242a5cf6125ce19a6ad2e7341f1c57d43ea4f4c852a51cb63dabcd1c9de2b827a3146a3d175b35bea41ae75d2a286a3e9d43623152ac513dcdea1d72a7da846a8ab358d9be4926c79cfb287cf1cf25b689de3b912176be5dcaf4d4c6e7cb839a4a3243a6c47c1e2c99d65c59d6fa3672575c2f1ca8de6a32e854ec9d8ec635c96af7679fce26d7d159e4a9da3bd74e1272c376cd926d74fe3fb164a5935cff3d5cdb92b35fe2cea32138a7e6bfbc319ebd1725dacb9a359cbf693f2ecb785efb9d627":MBEDTLS_MPI_MOD_EXT_REP_BE + +Test mbedtls_mpi_mod_io #76 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". +mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"27d6b9ef85b7ecf293f6cb59a3b9ac5d72d1eb19c3fb6b7e8a1332ea2cfe352bb9cdd5f3cf35594a16fbe34fd726d96c372c27e174bda39d4a9e157d6de2fc7976af965c63ecd8c94e852ea3e68dcaf1c2752567a36f9dc5659dc9e2c1476c3a24a3a439b87c6e4c4dafdce56b1712b9e39d685bf21ccf87b2cf796c92e49b8d35aba846a87d2ad7a1dedc13c52a152336d4e9a386a2d275ae41ea5bb375d1a346317a822bdec9d1bcda63cb512a854c4fea437dc5f141732eada619ce2561cfa542524aa897d1a9de7a687f4875a679289cb5c4bfecc6d4deb64ea818eb86aff4be4ceac23aab95a3b45a41c6f2c82938db561fb15d3418a5488e1a2a5f41b6":MBEDTLS_MPI_MOD_EXT_REP_LE -# END MERGE SLOT 10 diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 1a2d0c135..00e830670 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -80,7 +80,149 @@ exit: /* END MERGE SLOT 6 */ /* BEGIN MERGE SLOT 7 */ +/* BEGIN_CASE */ +void mpi_mod_io_neg( ) +{ + #define IO_ZERO 0 + #define IO_ONE 1 + #define IO_MIN1 2 + #define IO_MAX 3 + #define IO_2LIMBS_MIN1 4 + #define IO_2LIMBS 5 + mbedtls_mpi_uint *N = NULL; + mbedtls_mpi_uint *R = NULL; + mbedtls_mpi_uint *N2 = NULL; + mbedtls_mpi_uint *R2 = NULL; + unsigned char *r_buff = NULL; + + size_t n_limbs, r_limbs, n2_limbs, r2_limbs; + + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_residue r; + mbedtls_mpi_mod_modulus m2; + mbedtls_mpi_mod_residue rn = { NULL, 0 }; + + const char * s_data[ 6 ] = { "00", "01", "fe", "ff", + "7ffffffffffffffff0" ,"7ffffffffffffffff1" }; + const size_t buff_bytes = 1024; + + /* Allocate the memory for intermediate data structures */ + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, s_data[ IO_MIN1 ] ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, s_data[ IO_ONE ] ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N2, &n2_limbs, s_data[ IO_2LIMBS ] ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R2, &r2_limbs, s_data[ IO_2LIMBS_MIN1 ] ) ); + + mbedtls_mpi_mod_modulus_init( &m ); + mbedtls_mpi_mod_modulus_init( &m2 ); + + /* Allocate more than required space on buffer so we can test for input_r > mpi */ + ASSERT_ALLOC( r_buff, buff_bytes ); + memset( r_buff, 0x1, 1 ); + + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, + MBEDTLS_MPI_MOD_EXT_REP_LE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); + + /* Pass for input_r < modulo */ + TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + + /* input_r == modulo -1 */ + memset( r_buff, 0xfd, buff_bytes ); + TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + + /* modulo->p == NULL || residue->p == NULL ( m2 has not been set-up ) */ + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m2, r_buff, 1 ) ); + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &rn, &m, r_buff, 1 ) ); + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &r, &m2, r_buff, 1 ) ); + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &rn, &m, r_buff, 1 ) ); + + /* Fail for r_limbs < m->limbs */ + r.limbs = m.limbs - 1; + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &rn, &m, r_buff, 1 ) ); + r.limbs = r_limbs; + + /* Fail if input_r >= modulo m */ + /* input_r = modulo */ + memset( r_buff, 0xfe, buff_bytes ); + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + + /* input_r > modulo */ + memset( r_buff, 0xff, buff_bytes ); + TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + + /* Data too large to fit */ + TEST_EQUAL(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes ) ); + + /* Read the two limbs input data into a larger modulus and residue */ + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m2, N2, n2_limbs, + MBEDTLS_MPI_MOD_EXT_REP_LE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + rn.p = R2; + rn.limbs = r2_limbs; + TEST_EQUAL(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, mbedtls_mpi_mod_write( &rn, &m2, r_buff, 1 ) ); + +exit: + mbedtls_mpi_mod_modulus_free( &m ); + mbedtls_mpi_mod_modulus_free( &m2 ); + mbedtls_free( N ); + mbedtls_free( R ); + mbedtls_free( N2 ); + mbedtls_free( R2 ); + mbedtls_free( r_buff ); + + #undef IO_ZERO + #undef IO_ONE + #undef IO_MIN1 + #undef IO_MAX + #undef IO_2LIMBS_MIN1 + #undef IO_2LIMBS +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mpi_mod_io( char * input_N, data_t * input_A, int iendian ) +{ + mbedtls_mpi_uint *N = NULL; + mbedtls_mpi_uint *R = NULL; + unsigned char *r_buff = NULL; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_residue r; + size_t n_limbs, n_bytes, a_bytes; + + /* Read inputs */ + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_N ) ); + n_bytes = n_limbs * sizeof( mbedtls_mpi_uint ); + a_bytes = input_A->len * sizeof( char ); + + /* Allocate the memory for intermediate data structures */ + ASSERT_ALLOC( R, n_bytes ); + ASSERT_ALLOC( r_buff, a_bytes ); + + /* Test that input's size is not greater to modulo's */ + TEST_LE_U(a_bytes, n_bytes ); + + /* Init Structures */ + mbedtls_mpi_mod_modulus_init( &m ); + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, iendian, + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + + /* Enforcing p_limbs >= m->limbs */ + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); + + TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, input_A->x, input_A->len ) ); + + TEST_EQUAL( 0,mbedtls_mpi_mod_write( &r, &m, r_buff, a_bytes ) ); + + ASSERT_COMPARE( r_buff, a_bytes, input_A->x, a_bytes ); +exit: + mbedtls_mpi_mod_modulus_free( &m ); + mbedtls_free( N ); + mbedtls_free( R ); + mbedtls_free( r_buff ); +} +/* END_CASE */ /* END MERGE SLOT 7 */ /* BEGIN MERGE SLOT 8 */ From a17ad48e2d139d171dfe3bb59703b41eb869b18b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 16 Nov 2022 16:29:15 +0000 Subject: [PATCH 03/28] bignum_mod: Fixed an issue with input checking in `mpi_mod_residue_setup` This patch is inverting the input type checking logic in the method, in order to ensure that residue < modulus. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 2 +- tests/suites/test_suite_bignum_mod.data | 4 +- tests/suites/test_suite_bignum_mod.function | 47 +++++++++++++++++++++ 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index a4ed32b6a..6c13b4b22 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -39,7 +39,7 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_uint *p, size_t p_limbs ) { - if( p_limbs < m->limbs || !mbedtls_mpi_core_lt_ct( m->p, p, p_limbs ) ) + if( p_limbs > m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); r->limbs = m->limbs; diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index 6b25c49ee..5edb283ae 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -50,6 +50,9 @@ mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 # END MERGE SLOT 6 # BEGIN MERGE SLOT 7 +Test mbedtls_mpi_residue_setup +mpi_residue_setup: + Test mbedtls_mpi_mod_io_neg mpi_mod_io_neg: @@ -280,4 +283,3 @@ mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a Test mbedtls_mpi_mod_io #76 N: "32292747613635961694771916499883650667878589411552643628627186850993060141490368296439843252993342320145797691611646027435006878234727648863911408777308953382400333083852585109256846643097239747078406546553406955958288616728627292699264194880486908744773379992784153004816057528456043920098334713005039494478693892693017304730883448003944721685094014669042959451482141781404822386404101555113742346277194830729517252154824958327000717338180410404929239489607893939166712107274943411892079802406181464789204374234653633818543559183821503846194953493439237710780169796543565449952151334229364816621060143650318299210551" A: "136". mpi_mod_io:"ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"27d6b9ef85b7ecf293f6cb59a3b9ac5d72d1eb19c3fb6b7e8a1332ea2cfe352bb9cdd5f3cf35594a16fbe34fd726d96c372c27e174bda39d4a9e157d6de2fc7976af965c63ecd8c94e852ea3e68dcaf1c2752567a36f9dc5659dc9e2c1476c3a24a3a439b87c6e4c4dafdce56b1712b9e39d685bf21ccf87b2cf796c92e49b8d35aba846a87d2ad7a1dedc13c52a152336d4e9a386a2d275ae41ea5bb375d1a346317a822bdec9d1bcda63cb512a854c4fea437dc5f141732eada619ce2561cfa542524aa897d1a9de7a687f4875a679289cb5c4bfecc6d4deb64ea818eb86aff4be4ceac23aab95a3b45a41c6f2c82938db561fb15d3418a5488e1a2a5f41b6":MBEDTLS_MPI_MOD_EXT_REP_LE - diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 00e830670..5a2d000ca 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -81,6 +81,53 @@ exit: /* BEGIN MERGE SLOT 7 */ /* BEGIN_CASE */ +void mpi_residue_setup( ) +{ + #define RS_ONE 0 + #define RS_MAX_MIN1 1 + #define RS_MAX 2 + const char * s_data[ 3 ] = { "01", "fe", "ff" }; + + mbedtls_mpi_uint *N = NULL; + mbedtls_mpi_uint *R = NULL; + mbedtls_mpi_uint *R_MAX = NULL; + size_t n_limbs, r_limbs, r_max_limbs; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_residue r; + + /* Allocate the memory for intermediate data structures */ + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, s_data[ RS_MAX_MIN1 ] ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, s_data[ RS_ONE ] ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R_MAX, &r_max_limbs, s_data[ RS_MAX ] ) ); + + mbedtls_mpi_mod_modulus_init( &m ); + + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, + MBEDTLS_MPI_MOD_EXT_REP_LE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); + + /* Test for r-> limbs > m-> limbs */ + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs + 1 ) ); + + /* Test for r-> p > m-> p */ + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_residue_setup( &r, &m, R_MAX , r_max_limbs ) ); + + /* Test for r-> p == m-> p */ + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_residue_setup( &r, &m, N , r_max_limbs ) ); + +exit: + mbedtls_mpi_mod_modulus_free( &m ); + mbedtls_free( N ); + mbedtls_free( R ); + mbedtls_free( R_MAX ); + + #undef RS_ONE + #undef RS_MAX_MIN1 + #undef RS_MAX +} +/* END_CASE */ +/* BEGIN_CASE */ void mpi_mod_io_neg( ) { #define IO_ZERO 0 From aed832ac16a488c5e9dacfba5fa048420a2ffa6e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 24 Nov 2022 09:09:47 +0000 Subject: [PATCH 04/28] bignum_mod: Adjusted input checking for `mbedtls_mpi_mod_residue_setup()` This patch adjusts the logic of the size checking of the method, and refactors the tests. Documentation has also been updated. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 2 +- library/bignum_mod.h | 13 ++++---- tests/suites/test_suite_bignum_mod.data | 25 ++++++++++++-- tests/suites/test_suite_bignum_mod.function | 36 +++++---------------- 4 files changed, 39 insertions(+), 37 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 6c13b4b22..770e63358 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -39,7 +39,7 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_uint *p, size_t p_limbs ) { - if( p_limbs > m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) ) + if( p_limbs > m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, p_limbs ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); r->limbs = m->limbs; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 9378aabac..4a01dfc69 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -75,16 +75,17 @@ typedef struct { /** Setup a residue structure. * - * \param[out] r The address of residue to setup. The size is determined by - * \p m. - * (In particular, it must have at least as many limbs as the - * modulus \p m.) + * \param[out] r The address of residue to setup. The resulting structure's + * size is determined by \p m. * \param[in] m The address of the modulus related to \p r. * \param[in] p The address of the limb array storing the value of \p r. * The memory pointed to by \p p will be used by \p r and must * not be modified in any way until after - * mbedtls_mpi_mod_residue_release() is called. - * \param p_limbs The number of limbs of \p p. + * mbedtls_mpi_mod_residue_release() is called. The data + * pointed by p should be compatible (in terms of size/endianness) + * with the representation used in \p m. + * \param p_limbs The number of limbs of \p p. It must have at most as + * many limbs as the modulus \p m.) * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index 5edb283ae..e0aa5407f 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -50,8 +50,29 @@ mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 # END MERGE SLOT 6 # BEGIN MERGE SLOT 7 -Test mbedtls_mpi_residue_setup -mpi_residue_setup: +Test mbedtls_mpi_residue_setup #1 m > r +mpi_residue_setup:"fe":"01":0 + +Test mbedtls_mpi_residue_setup #2 r == m - 1 +mpi_residue_setup:"ff":"fe":0 + +Test mbedtls_mpi_residue_setup #3 m->limbs > r-> limbs && m > r +mpi_residue_setup:"000000000000000000000000000000007dfe5c6beb35a2d6":"fe":0 + +Test mbedtls_mpi_residue_setup #4 m->limbs > r-> limbs && m > r +mpi_residue_setup:"7ffffffffffffffffffffffffffffffffffffffffffffff1":"fe":0 + +Test mbedtls_mpi_residue_setup #5 m->limbs > r-> limbs && m > r +mpi_residue_setup:"7ffffffffffffffffffff000000000000000000000000000":"fe":-4 + +Test mbedtls_mpi_residue_setup #6 m->limbs < r-> limbs && m > r +mpi_residue_setup:"ff":"000000000000000000000000000000000000000000000001":-4 + +Test mbedtls_mpi_residue_setup #7 r == m +mpi_residue_setup:"fe":"fe":-4 + +Test mbedtls_mpi_residue_setup #8 r > m +mpi_residue_setup:"fe":"ff":-4 Test mbedtls_mpi_mod_io_neg mpi_mod_io_neg: diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 5a2d000ca..e4d7b41bc 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -81,52 +81,32 @@ exit: /* BEGIN MERGE SLOT 7 */ /* BEGIN_CASE */ -void mpi_residue_setup( ) +void mpi_residue_setup( char * input_X, char * input_Y, int ret ) { - #define RS_ONE 0 - #define RS_MAX_MIN1 1 - #define RS_MAX 2 - const char * s_data[ 3 ] = { "01", "fe", "ff" }; - mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; - mbedtls_mpi_uint *R_MAX = NULL; - size_t n_limbs, r_limbs, r_max_limbs; + size_t n_limbs, r_limbs; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue r; - /* Allocate the memory for intermediate data structures */ - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, s_data[ RS_MAX_MIN1 ] ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, s_data[ RS_ONE ] ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R_MAX, &r_max_limbs, s_data[ RS_MAX ] ) ); - mbedtls_mpi_mod_modulus_init( &m ); + /* Allocate the memory for intermediate data structures */ + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_X ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, input_Y ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, MBEDTLS_MPI_MOD_EXT_REP_LE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); - TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); - - /* Test for r-> limbs > m-> limbs */ - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs + 1 ) ); - - /* Test for r-> p > m-> p */ - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_residue_setup( &r, &m, R_MAX , r_max_limbs ) ); - - /* Test for r-> p == m-> p */ - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_residue_setup( &r, &m, N , r_max_limbs ) ); + TEST_EQUAL( ret, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); exit: mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( N ); mbedtls_free( R ); - mbedtls_free( R_MAX ); - - #undef RS_ONE - #undef RS_MAX_MIN1 - #undef RS_MAX } /* END_CASE */ + /* BEGIN_CASE */ void mpi_mod_io_neg( ) { From 8b375451c55600f32319771b3e36a3dce47b7881 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 24 Nov 2022 11:04:11 +0000 Subject: [PATCH 05/28] bignum_mod: Refactored `mbedtls_mpi_mod_read/write()` This patch adjusts the I/O methods and the tests. Documentation has also been updated to be more clear. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 14 ++++++---- library/bignum_mod.h | 19 +++++++------ tests/suites/test_suite_bignum_mod.function | 31 +++++++-------------- 3 files changed, 29 insertions(+), 35 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 770e63358..c10fb2ed3 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -210,8 +210,8 @@ exit: /* BEGIN MERGE SLOT 7 */ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, - mbedtls_mpi_mod_modulus *m, - unsigned char *buf, + const mbedtls_mpi_mod_modulus *m, + const unsigned char *buf, size_t buflen ) { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -219,7 +219,7 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, if ( r == NULL || m == NULL ) goto cleanup; - if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs ||\ + if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs || r->limbs == 0 || m->limbs == 0 ) goto cleanup; @@ -228,6 +228,8 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, if( ret != 0 ) goto cleanup; + r->limbs = m->limbs; + if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, m); @@ -235,8 +237,8 @@ cleanup: return ( ret ); } -int mbedtls_mpi_mod_write( mbedtls_mpi_mod_residue *r, - mbedtls_mpi_mod_modulus *m, +int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, + const mbedtls_mpi_mod_modulus *m, unsigned char *buf, size_t buflen ) { @@ -245,7 +247,7 @@ int mbedtls_mpi_mod_write( mbedtls_mpi_mod_residue *r, if ( r == NULL || m == NULL ) goto cleanup; - if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs ||\ + if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs || r->limbs == 0 || m->limbs == 0 ) goto cleanup; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 4a01dfc69..f0ce3c444 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -177,8 +177,9 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); /** Read public representation data stored in a buffer into a residue structure. * * The `mbedtls_mpi_mod_residue` and `mbedtls_mpi_mod_modulus` structures must - * be compatible. The data will be automatically converted into the appropriate - * representation based on the value of `m->int_rep field`. + * be compatible (Data in public representation is assumed to be in the m->ext_rep + * and will be padded to m->limbs). The data will be automatically converted + * into the appropriate internal representation based on the value of `m->int_rep`. * * \param r The address of the residue related to \p m. It must have as * many limbs as the modulus \p m. @@ -193,15 +194,17 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); * of \p m is invalid or \p X is not less than \p m. */ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, - mbedtls_mpi_mod_modulus *m, - unsigned char *buf, + const mbedtls_mpi_mod_modulus *m, + const unsigned char *buf, size_t buflen ); /** Write residue data onto a buffer using public representation data. * * The `mbedtls_mpi_mod_residue` and `mbedtls_mpi_mod_modulus` structures must - * be compatible. The data will be automatically converted into the appropriate - * representation based on the value of `m->int_rep field`. + * be compatible (Data will be exported onto the bufer using the m->ext_rep + * and will be read as of m->limbs length).The data will be automatically + * converted from the appropriate internal representation based on the + * value of `m->int_rep field`. * * \param r The address of the residue related to \p m. It must have as * many limbs as the modulus \p m. @@ -215,8 +218,8 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation * of \p m is invalid. */ -int mbedtls_mpi_mod_write( mbedtls_mpi_mod_residue *r, - mbedtls_mpi_mod_modulus *m, +int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, + const mbedtls_mpi_mod_modulus *m, unsigned char *buf, size_t buflen ); /* END MERGE SLOT 7 */ diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index e4d7b41bc..715a83998 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -110,13 +110,6 @@ exit: /* BEGIN_CASE */ void mpi_mod_io_neg( ) { - #define IO_ZERO 0 - #define IO_ONE 1 - #define IO_MIN1 2 - #define IO_MAX 3 - #define IO_2LIMBS_MIN1 4 - #define IO_2LIMBS 5 - mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; mbedtls_mpi_uint *N2 = NULL; @@ -130,15 +123,18 @@ void mpi_mod_io_neg( ) mbedtls_mpi_mod_modulus m2; mbedtls_mpi_mod_residue rn = { NULL, 0 }; - const char * s_data[ 6 ] = { "00", "01", "fe", "ff", - "7ffffffffffffffff0" ,"7ffffffffffffffff1" }; + const char *hex_residue_single = "01"; + const char *hex_modulus_single = "fe"; + const char *hex_residue_multi = "7ffffffffffffffffffffffffffffff0"; + const char *hex_modulus_multi = "7ffffffffffffffffffffffffffffff1"; + const size_t buff_bytes = 1024; /* Allocate the memory for intermediate data structures */ - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, s_data[ IO_MIN1 ] ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, s_data[ IO_ONE ] ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N2, &n2_limbs, s_data[ IO_2LIMBS ] ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R2, &r2_limbs, s_data[ IO_2LIMBS_MIN1 ] ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, hex_modulus_single ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, hex_residue_single ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N2, &n2_limbs, hex_modulus_multi ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R2, &r2_limbs, hex_residue_multi ) ); mbedtls_mpi_mod_modulus_init( &m ); mbedtls_mpi_mod_modulus_init( &m2 ); @@ -155,7 +151,7 @@ void mpi_mod_io_neg( ) /* Pass for input_r < modulo */ TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); - /* input_r == modulo -1 */ + /* Pass for input_r == modulo -1 */ memset( r_buff, 0xfd, buff_bytes ); TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); @@ -198,13 +194,6 @@ exit: mbedtls_free( N2 ); mbedtls_free( R2 ); mbedtls_free( r_buff ); - - #undef IO_ZERO - #undef IO_ONE - #undef IO_MIN1 - #undef IO_MAX - #undef IO_2LIMBS_MIN1 - #undef IO_2LIMBS } /* END_CASE */ From b62bad442e6afc863829d130f3cb5e5b5bacdf61 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 24 Nov 2022 16:48:41 +0000 Subject: [PATCH 06/28] Bidnum Mod: fix check in setup We want to make sure that the value has at least as many limbs allocated as the modulus as we need this to be able to do any operations in constant time. An invariant of the API is that the residue values are canonical, make sure that the residue is compared to the entire modulus. Signed-off-by: Janos Follath --- library/bignum_mod.c | 2 +- tests/suites/test_suite_bignum_mod.data | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index c10fb2ed3..1b3aff6a3 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -39,7 +39,7 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_uint *p, size_t p_limbs ) { - if( p_limbs > m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, p_limbs ) ) + if( p_limbs < m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); r->limbs = m->limbs; diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index e0aa5407f..02bc9f793 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -57,16 +57,16 @@ Test mbedtls_mpi_residue_setup #2 r == m - 1 mpi_residue_setup:"ff":"fe":0 Test mbedtls_mpi_residue_setup #3 m->limbs > r-> limbs && m > r -mpi_residue_setup:"000000000000000000000000000000007dfe5c6beb35a2d6":"fe":0 +mpi_residue_setup:"000000000000000000000000000000007dfe5c6beb35a2d6":"fe":MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_residue_setup #4 m->limbs > r-> limbs && m > r -mpi_residue_setup:"7ffffffffffffffffffffffffffffffffffffffffffffff1":"fe":0 +Test mbedtls_mpi_residue_setup #4 m->limbs = r-> limbs && m > r +mpi_residue_setup:"7ffffffffffffffffffffffffffffffffffffffffffffff1":"0000000000000000000000000000000000000000000000fe":0 -Test mbedtls_mpi_residue_setup #5 m->limbs > r-> limbs && m > r -mpi_residue_setup:"7ffffffffffffffffffff000000000000000000000000000":"fe":-4 +Test mbedtls_mpi_residue_setup #5 m->limbs < r-> limbs && m > r +mpi_residue_setup:"7ffffffff0000000":"000000000000000fe":0 Test mbedtls_mpi_residue_setup #6 m->limbs < r-> limbs && m > r -mpi_residue_setup:"ff":"000000000000000000000000000000000000000000000001":-4 +mpi_residue_setup:"ff":"000000000000000000000000000000000000000000000001":0 Test mbedtls_mpi_residue_setup #7 r == m mpi_residue_setup:"fe":"fe":-4 From 50cd4b842b02c1a6d3052121f64e7b6b7dce6fd4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 24 Nov 2022 17:08:13 +0000 Subject: [PATCH 07/28] Bignum Mod: Restrict residue setup In theory we could allow residues to have more allocated limbs than the modulus, but we might or might not need it in the end. Go for the simpler option for now and we can extend it later if we really need it. Signed-off-by: Janos Follath --- library/bignum_mod.c | 2 +- tests/suites/test_suite_bignum_mod.data | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 1b3aff6a3..4303efefa 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -39,7 +39,7 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, mbedtls_mpi_uint *p, size_t p_limbs ) { - if( p_limbs < m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) ) + if( p_limbs != m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); r->limbs = m->limbs; diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index 02bc9f793..ba7d5779f 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -56,17 +56,17 @@ mpi_residue_setup:"fe":"01":0 Test mbedtls_mpi_residue_setup #2 r == m - 1 mpi_residue_setup:"ff":"fe":0 -Test mbedtls_mpi_residue_setup #3 m->limbs > r-> limbs && m > r -mpi_residue_setup:"000000000000000000000000000000007dfe5c6beb35a2d6":"fe":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_residue_setup #3 m->limbs = r-> limbs && m > r +mpi_residue_setup:"7dfe5c6":"fe":0 Test mbedtls_mpi_residue_setup #4 m->limbs = r-> limbs && m > r mpi_residue_setup:"7ffffffffffffffffffffffffffffffffffffffffffffff1":"0000000000000000000000000000000000000000000000fe":0 -Test mbedtls_mpi_residue_setup #5 m->limbs < r-> limbs && m > r -mpi_residue_setup:"7ffffffff0000000":"000000000000000fe":0 +Test mbedtls_mpi_residue_setup #5 m->limbs > r-> limbs && m > r +mpi_residue_setup:"7ffffffff00000000":"fe":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_residue_setup #6 m->limbs < r-> limbs && m > r -mpi_residue_setup:"ff":"000000000000000000000000000000000000000000000001":0 +mpi_residue_setup:"ff":"000000000000000000000000000000000000000000000001":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_residue_setup #7 r == m mpi_residue_setup:"fe":"fe":-4 From d3eed3370902b84213118f533f512464da01d691 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 24 Nov 2022 17:42:02 +0000 Subject: [PATCH 08/28] Bignum Mod Raw: pass endianness as a parameter The external representation before included more than just endianness (like reading in Mongtomery curve scalars or converting hashes to numbers in a standard compliant way). These are higher level concepts and are out of scope for Bignum and for the modulus structure. Passing endianness as a parameter is a step towards removing it from the modulus structure. Signed-off-by: Janos Follath --- library/bignum_mod_raw.c | 10 ++++++---- library/bignum_mod_raw.h | 8 ++++++-- tests/suites/test_suite_bignum_mod_raw.function | 8 ++++---- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 2f49ea2d9..22e56b7e6 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -52,11 +52,12 @@ void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, const unsigned char *input, - size_t input_length ) + size_t input_length, + mbedtls_mpi_mod_ext_rep ext_rep ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch( m->ext_rep ) + switch( ext_rep ) { case MBEDTLS_MPI_MOD_EXT_REP_LE: ret = mbedtls_mpi_core_read_le( X, m->limbs, @@ -87,9 +88,10 @@ cleanup: int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A, const mbedtls_mpi_mod_modulus *m, unsigned char *output, - size_t output_length ) + size_t output_length, + mbedtls_mpi_mod_ext_rep ext_rep ) { - switch( m->ext_rep ) + switch( ext_rep ) { case MBEDTLS_MPI_MOD_EXT_REP_LE: return( mbedtls_mpi_core_write_le( A, m->limbs, diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index f6c6ebd8f..d7b6dd115 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -106,6 +106,7 @@ void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, * \param[in] m The address of the modulus related to \p X. * \param[in] input The input buffer to import from. * \param input_length The length in bytes of \p input. + * \param ext_rep The endianness of the number in the input buffer. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't @@ -116,7 +117,8 @@ void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, const unsigned char *input, - size_t input_length ); + size_t input_length, + mbedtls_mpi_mod_ext_rep ext_rep ); /** Export A into unsigned binary data. * @@ -126,6 +128,7 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, * \param[in] m The address of the modulus related to \p A. * \param[out] output The output buffer to export to. * \param output_length The length in bytes of \p output. + * \param ext_rep The endianness in which the number should be written into the output buffer. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't @@ -136,7 +139,8 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A, const mbedtls_mpi_mod_modulus *m, unsigned char *output, - size_t output_length ); + size_t output_length, + mbedtls_mpi_mod_ext_rep ext_rep ); /* BEGIN MERGE SLOT 1 */ diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 00ed005f5..031897889 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -54,17 +54,17 @@ void mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, TEST_EQUAL( ret, 0 ); if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0 ) - m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; + endian = MBEDTLS_MPI_MOD_EXT_REP_INVALID; - ret = mbedtls_mpi_mod_raw_read( X, &m, input->x, input->len ); + ret = mbedtls_mpi_mod_raw_read( X, &m, input->x, input->len, endian ); TEST_EQUAL( ret, iret ); if( iret == 0 ) { if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && oret != 0 ) - m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; + endian = MBEDTLS_MPI_MOD_EXT_REP_INVALID; - ret = mbedtls_mpi_mod_raw_write( X, &m, buf, nb ); + ret = mbedtls_mpi_mod_raw_write( X, &m, buf, nb, endian ); TEST_EQUAL( ret, oret ); } From 3e3fc91c33d985f806ea336accec1fe3e1ec1b44 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 24 Nov 2022 18:02:46 +0000 Subject: [PATCH 09/28] Bignum Mod: pass endianness as a parameter The external representation before included more than just endianness (like reading in Mongtomery curve scalars or converting hashes to numbers in a standard compliant way). These are higher level concepts and are out of scope for Bignum and for the modulus structure. Passing endianness as a parameter is a step towards removing it from the modulus structure. Signed-off-by: Janos Follath --- library/bignum_mod.c | 10 ++-- library/bignum_mod.h | 28 ++++++----- tests/suites/test_suite_bignum_mod.function | 51 +++++++++++++-------- 3 files changed, 54 insertions(+), 35 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 4303efefa..fa4831c7a 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -212,7 +212,8 @@ exit: int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, const unsigned char *buf, - size_t buflen ) + size_t buflen, + mbedtls_mpi_mod_ext_rep ext_rep ) { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -223,7 +224,7 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, r->limbs == 0 || m->limbs == 0 ) goto cleanup; - ret = mbedtls_mpi_mod_raw_read( r->p, m, buf, buflen ); + ret = mbedtls_mpi_mod_raw_read( r->p, m, buf, buflen, ext_rep ); if( ret != 0 ) goto cleanup; @@ -240,7 +241,8 @@ cleanup: int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, unsigned char *buf, - size_t buflen ) + size_t buflen, + mbedtls_mpi_mod_ext_rep ext_rep ) { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -254,7 +256,7 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m ); - ret = mbedtls_mpi_mod_raw_write( r->p, m, buf, buflen ); + ret = mbedtls_mpi_mod_raw_write( r->p, m, buf, buflen, ext_rep ); cleanup: return ( ret ); diff --git a/library/bignum_mod.h b/library/bignum_mod.h index f0ce3c444..e6da15fbc 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -181,11 +181,12 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); * and will be padded to m->limbs). The data will be automatically converted * into the appropriate internal representation based on the value of `m->int_rep`. * - * \param r The address of the residue related to \p m. It must have as - * many limbs as the modulus \p m. - * \param m The address of the modulus. - * \param buf The input buffer to import from. - * \param buflen The length in bytes of \p buf. + * \param r The address of the residue related to \p m. It must have as + * many limbs as the modulus \p m. + * \param m The address of the modulus. + * \param buf The input buffer to import from. + * \param buflen The length in bytes of \p buf. + * \param ext_rep The endianness of the number in the input buffer. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't @@ -196,7 +197,8 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, const unsigned char *buf, - size_t buflen ); + size_t buflen, + mbedtls_mpi_mod_ext_rep ext_rep ); /** Write residue data onto a buffer using public representation data. * @@ -206,11 +208,12 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, * converted from the appropriate internal representation based on the * value of `m->int_rep field`. * - * \param r The address of the residue related to \p m. It must have as - * many limbs as the modulus \p m. - * \param m The address of the modulus. - * \param buf The output buffer to export to. - * \param buflen The length in bytes of \p buf. + * \param r The address of the residue related to \p m. It must have as + * many limbs as the modulus \p m. + * \param m The address of the modulus. + * \param buf The output buffer to export to. + * \param buflen The length in bytes of \p buf. + * \param ext_rep The endianness in which the number should be written into the output buffer. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't @@ -221,7 +224,8 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, unsigned char *buf, - size_t buflen ); + size_t buflen, + mbedtls_mpi_mod_ext_rep ext_rep ); /* END MERGE SLOT 7 */ /* BEGIN MERGE SLOT 8 */ diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 715a83998..5a75ebc3a 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -143,48 +143,59 @@ void mpi_mod_io_neg( ) ASSERT_ALLOC( r_buff, buff_bytes ); memset( r_buff, 0x1, 1 ); + mbedtls_mpi_mod_ext_rep endian = MBEDTLS_MPI_MOD_EXT_REP_LE; TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, - MBEDTLS_MPI_MOD_EXT_REP_LE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + endian, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); /* Pass for input_r < modulo */ - TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); /* Pass for input_r == modulo -1 */ memset( r_buff, 0xfd, buff_bytes ); - TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); /* modulo->p == NULL || residue->p == NULL ( m2 has not been set-up ) */ - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m2, r_buff, 1 ) ); - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &rn, &m, r_buff, 1 ) ); - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &r, &m2, r_buff, 1 ) ); - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &rn, &m, r_buff, 1 ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &r, &m2, r_buff, 1, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &rn, &m, r_buff, 1, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_write( &r, &m2, r_buff, 1, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_write( &rn, &m, r_buff, 1, endian ) ); /* Fail for r_limbs < m->limbs */ r.limbs = m.limbs - 1; - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &rn, &m, r_buff, 1 ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_write( &rn, &m, r_buff, 1, endian ) ); r.limbs = r_limbs; /* Fail if input_r >= modulo m */ /* input_r = modulo */ memset( r_buff, 0xfe, buff_bytes ); - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); /* input_r > modulo */ memset( r_buff, 0xff, buff_bytes ); - TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, r_buff, 1 ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); /* Data too large to fit */ - TEST_EQUAL(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, + mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes, endian ) ); /* Read the two limbs input data into a larger modulus and residue */ TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m2, N2, n2_limbs, - MBEDTLS_MPI_MOD_EXT_REP_LE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + endian, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); rn.p = R2; rn.limbs = r2_limbs; - TEST_EQUAL(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, mbedtls_mpi_mod_write( &rn, &m2, r_buff, 1 ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, + mbedtls_mpi_mod_write( &rn, &m2, r_buff, 1, endian ) ); exit: mbedtls_mpi_mod_modulus_free( &m ); @@ -198,7 +209,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mpi_mod_io( char * input_N, data_t * input_A, int iendian ) +void mpi_mod_io( char * input_N, data_t * input_A, int endian ) { mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; @@ -221,15 +232,17 @@ void mpi_mod_io( char * input_N, data_t * input_A, int iendian ) /* Init Structures */ mbedtls_mpi_mod_modulus_init( &m ); - TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, iendian, + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, endian, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); /* Enforcing p_limbs >= m->limbs */ - TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R, n_limbs ) ); - TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, input_A->x, input_A->len ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, input_A->x, input_A->len, + endian ) ); - TEST_EQUAL( 0,mbedtls_mpi_mod_write( &r, &m, r_buff, a_bytes ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_write( &r, &m, r_buff, a_bytes, + endian ) ); ASSERT_COMPARE( r_buff, a_bytes, input_A->x, a_bytes ); exit: From 91295d2b8f3a6163b6cf29897548a1779f00b9fb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 24 Nov 2022 18:20:26 +0000 Subject: [PATCH 10/28] Bignum Mod: remove endianness from modulus The external representation before included more than just endianness (like reading in Mongtomery curve scalars or converting hashes to numbers in a standard compliant way). These are higher level concepts and are out of scope for Bignum and for the modulus structure. Signed-off-by: Janos Follath --- library/bignum_mod.c | 14 --------- library/bignum_mod.h | 4 --- tests/suites/test_suite_bignum_mod.data | 30 ++++--------------- tests/suites/test_suite_bignum_mod.function | 12 ++++---- .../suites/test_suite_bignum_mod_raw.function | 8 ++--- 5 files changed, 15 insertions(+), 53 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index fa4831c7a..3cb3c436d 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -65,7 +65,6 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ) m->p = NULL; m->limbs = 0; m->bits = 0; - m->ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID; } @@ -96,7 +95,6 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) m->p = NULL; m->limbs = 0; m->bits = 0; - m->ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID; m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID; } @@ -138,7 +136,6 @@ cleanup: int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, const mbedtls_mpi_uint *p, size_t p_limbs, - mbedtls_mpi_mod_ext_rep ext_rep, mbedtls_mpi_mod_rep_selector int_rep ) { int ret = 0; @@ -147,17 +144,6 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, m->limbs = p_limbs; m->bits = mbedtls_mpi_core_bitlen( p, p_limbs ); - switch( ext_rep ) - { - case MBEDTLS_MPI_MOD_EXT_REP_LE: - case MBEDTLS_MPI_MOD_EXT_REP_BE: - m->ext_rep = ext_rep; - break; - default: - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto exit; - } - switch( int_rep ) { case MBEDTLS_MPI_MOD_REP_MONTGOMERY: diff --git a/library/bignum_mod.h b/library/bignum_mod.h index e6da15fbc..5f948a499 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -64,7 +64,6 @@ typedef struct { const mbedtls_mpi_uint *p; size_t limbs; // number of limbs size_t bits; // bitlen of p - mbedtls_mpi_mod_ext_rep ext_rep; // signals external representation (eg. byte order) mbedtls_mpi_mod_rep_selector int_rep; // selector to signal the active member of the union union rep { @@ -122,8 +121,6 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); * not be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. * \param p_limbs The number of limbs of \p p. - * \param ext_rep The external representation to be used for residues - * associated with \p m (see #mbedtls_mpi_mod_ext_rep). * \param int_rep The internal representation to be used for residues * associated with \p m (see #mbedtls_mpi_mod_rep_selector). * @@ -134,7 +131,6 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, const mbedtls_mpi_uint *p, size_t p_limbs, - mbedtls_mpi_mod_ext_rep ext_rep, mbedtls_mpi_mod_rep_selector int_rep ); /** Free elements of a modulus structure. diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index ba7d5779f..ef9416e16 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -1,29 +1,11 @@ -Test mbedtls_mpi_mod_setup #1 (Both representations invalid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_mod_setup #1 (Internal representation invalid) +mpi_mod_setup:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_setup #2 (Internal representation invalid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_mod_setup #6 (Optimised reduction) +mpi_mod_setup:MBEDTLS_MPI_MOD_REP_OPT_RED:0 -Test mbedtls_mpi_mod_setup #3 (Internal representation invalid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_INVALID:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -Test mbedtls_mpi_mod_setup #4 (External representation invalid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_MONTGOMERY:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -Test mbedtls_mpi_mod_setup #5 (External representation invalid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_INVALID:MBEDTLS_MPI_MOD_REP_OPT_RED:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -Test mbedtls_mpi_mod_setup #6 (Both representations valid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_OPT_RED:0 - -Test mbedtls_mpi_mod_setup #7 (Both representations valid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_BE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 - -Test mbedtls_mpi_mod_setup #8 (Both representations valid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_OPT_RED:0 - -Test mbedtls_mpi_mod_setup #9 (Both representations valid) -mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 +Test mbedtls_mpi_mod_setup #7 (Montgomery representation) +mpi_mod_setup:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0 # BEGIN MERGE SLOT 1 diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 5a75ebc3a..bb87ba9d9 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -12,7 +12,7 @@ */ /* BEGIN_CASE */ -void mpi_mod_setup( int ext_rep, int int_rep, int iret ) +void mpi_mod_setup( int int_rep, int iret ) { #define MLIMBS 8 mbedtls_mpi_uint mp[MLIMBS]; @@ -22,7 +22,7 @@ void mpi_mod_setup( int ext_rep, int int_rep, int iret ) memset( mp, 0xFF, sizeof(mp) ); mbedtls_mpi_mod_modulus_init( &m ); - ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, ext_rep, int_rep ); + ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, int_rep ); TEST_EQUAL( ret, iret ); /* Only test if the constants have been set-up */ @@ -96,7 +96,7 @@ void mpi_residue_setup( char * input_X, char * input_Y, int ret ) TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, input_Y ) ); TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, - MBEDTLS_MPI_MOD_EXT_REP_LE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); TEST_EQUAL( ret, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); @@ -145,7 +145,7 @@ void mpi_mod_io_neg( ) mbedtls_mpi_mod_ext_rep endian = MBEDTLS_MPI_MOD_EXT_REP_LE; TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, - endian, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); @@ -191,7 +191,7 @@ void mpi_mod_io_neg( ) /* Read the two limbs input data into a larger modulus and residue */ TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m2, N2, n2_limbs, - endian, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); rn.p = R2; rn.limbs = r2_limbs; TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, @@ -232,7 +232,7 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) /* Init Structures */ mbedtls_mpi_mod_modulus_init( &m ); - TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, endian, + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); /* Enforcing p_limbs >= m->limbs */ diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 031897889..eb1980c29 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -49,7 +49,7 @@ void mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int, mbedtls_mpi_uint init[sizeof( X ) / sizeof( X[0] )]; memset( init, 0xFF, sizeof( init ) ); - int ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, endian, + int ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, MBEDTLS_MPI_MOD_REP_MONTGOMERY ); TEST_EQUAL( ret, 0 ); @@ -138,7 +138,6 @@ void mpi_mod_raw_cond_assign( char * input_X, memset( buff_m, 0xFF, copy_limbs ); TEST_EQUAL( mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs, - MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 ); /* condition is false */ @@ -211,7 +210,6 @@ void mpi_mod_raw_cond_swap( char * input_X, memset( buff_m, 0xFF, copy_limbs ); TEST_EQUAL( mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs, - MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 ); ASSERT_ALLOC( X, limbs ); @@ -480,7 +478,7 @@ void mpi_mod_raw_to_mont_rep( char * input_N, char * input_A, char * input_X ) TEST_LE_U(a_limbs, n_limbs); TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, - MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); /* Convert from cannonical into Montgomery representation */ TEST_EQUAL(0, mbedtls_mpi_mod_raw_to_mont_rep( A, &m ) ); @@ -516,7 +514,7 @@ void mpi_mod_raw_from_mont_rep( char * input_N, char * input_A, char * input_X ) TEST_LE_U(a_limbs, n_limbs); TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, - MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); /* Convert from Montgomery into cannonical representation */ TEST_EQUAL(0, mbedtls_mpi_mod_raw_from_mont_rep( A, &m ) ); From 41427dee80c1d2d1ea9feada36904b84549d7242 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 24 Nov 2022 19:04:54 +0000 Subject: [PATCH 11/28] Bignum Mod: improve documentation Signed-off-by: Janos Follath --- library/bignum_mod.h | 72 +++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 25 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 5f948a499..52a5a5674 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -73,6 +73,18 @@ typedef struct { } mbedtls_mpi_mod_modulus; /** Setup a residue structure. + * + * The residue will be set up with the \p p buffer \p m modulus. + * + * The memory pointed by \p p will be used by the resulting residue structure. + * The value at the pointed memory will be the initial value of \p r and must + * hold a value that is less than the modulus. This value will be used as it is + * and interpreted according to the value of the `m->int_rep` field. + * + * The modulus \p m will be the modulus associated with \p r. The residue \p r + * should only be used in operations where the modulus is \p m or a modulus + * equivalent to \p m (in the sense that all their fields or memory pointed by + * their fields hold the same value). * * \param[out] r The address of residue to setup. The resulting structure's * size is determined by \p m. @@ -81,8 +93,9 @@ typedef struct { * The memory pointed to by \p p will be used by \p r and must * not be modified in any way until after * mbedtls_mpi_mod_residue_release() is called. The data - * pointed by p should be compatible (in terms of size/endianness) - * with the representation used in \p m. + * pointed by \p p should be less than the modulus (the value + * pointed by `m->p`) and already in the representation + * indicated by `m->int_rep`. * \param p_limbs The number of limbs of \p p. It must have at most as * many limbs as the modulus \p m.) * @@ -170,25 +183,28 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); /* END MERGE SLOT 6 */ /* BEGIN MERGE SLOT 7 */ -/** Read public representation data stored in a buffer into a residue structure. +/** Read a residue from a byte buffer. * - * The `mbedtls_mpi_mod_residue` and `mbedtls_mpi_mod_modulus` structures must - * be compatible (Data in public representation is assumed to be in the m->ext_rep - * and will be padded to m->limbs). The data will be automatically converted - * into the appropriate internal representation based on the value of `m->int_rep`. + * The residue will be automatically converted to the internal representation + * based on the value of `m->int_rep` field. * - * \param r The address of the residue related to \p m. It must have as - * many limbs as the modulus \p m. + * The modulus \p m will be the modulus associated with \p r. The residue \p r + * should only be used in operations where the modulus is \p m or a modulus + * equivalent to \p m (in the sense that all their fields or memory pointed by + * their fields hold the same value). + * + * \param r The address of the residue. It must have as many limbs as + * the modulus \p m. * \param m The address of the modulus. * \param buf The input buffer to import from. * \param buflen The length in bytes of \p buf. * \param ext_rep The endianness of the number in the input buffer. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p r isn't * large enough to hold the value in \p buf. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation - * of \p m is invalid or \p X is not less than \p m. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep + * is invalid or the value in the buffer is not less than \p m. */ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, @@ -196,26 +212,32 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, size_t buflen, mbedtls_mpi_mod_ext_rep ext_rep ); -/** Write residue data onto a buffer using public representation data. +/** Write a residue into a byte buffer. * - * The `mbedtls_mpi_mod_residue` and `mbedtls_mpi_mod_modulus` structures must - * be compatible (Data will be exported onto the bufer using the m->ext_rep - * and will be read as of m->limbs length).The data will be automatically - * converted from the appropriate internal representation based on the - * value of `m->int_rep field`. + * The modulus \p m must be the modulus associated with \p r (see + * mbedtls_mpi_mod_residue_setup() and mbedtls_mpi_mod_read()). * - * \param r The address of the residue related to \p m. It must have as - * many limbs as the modulus \p m. - * \param m The address of the modulus. + * The residue will be automatically converted from the internal representation + * based on the value of `m->int_rep` field. + * + * \warning If the buffer is smaller than `m->bits`, the number of + * leading zeroes is leaked through side channels. If \p r is + * secret, the caller must ensure that \p buflen is at least + * (`m->bits`+7)/8. + * + * \param r The address of the residue. It must have as many limbs as + * the modulus \p m. + * \param m The address of the modulus associated with \r. * \param buf The output buffer to export to. * \param buflen The length in bytes of \p buf. - * \param ext_rep The endianness in which the number should be written into the output buffer. + * \param ext_rep The endianness in which the number should be written into + * the output buffer. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't - * large enough to hold the value of \p X. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation - * of \p m is invalid. + * large enough to hold the value of \p r (without leading + * zeroes). + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if of \p ext_rep is invalid. */ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, From fc6fbb4e969bc01857287c50ace8b197f2ffb1b7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 25 Nov 2022 15:43:17 +0000 Subject: [PATCH 12/28] Bignum Mod: improve documentation Signed-off-by: Janos Follath Co-authored-by: Tom Cosgrove Signed-off-by: Janos Follath --- library/bignum_mod.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 52a5a5674..0706dd7a1 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -74,30 +74,30 @@ typedef struct { /** Setup a residue structure. * - * The residue will be set up with the \p p buffer \p m modulus. + * The residue will be set up with the buffer \p p and modulus \p m. * - * The memory pointed by \p p will be used by the resulting residue structure. - * The value at the pointed memory will be the initial value of \p r and must - * hold a value that is less than the modulus. This value will be used as it is + * The memory pointed to by \p p will be used by the resulting residue structure. + * The value at the pointed-to memory will be the initial value of \p r and must + * hold a value that is less than the modulus. This value will be used as-is * and interpreted according to the value of the `m->int_rep` field. * * The modulus \p m will be the modulus associated with \p r. The residue \p r * should only be used in operations where the modulus is \p m or a modulus - * equivalent to \p m (in the sense that all their fields or memory pointed by + * equivalent to \p m (in the sense that all their fields or memory pointed to by * their fields hold the same value). * - * \param[out] r The address of residue to setup. The resulting structure's + * \param[out] r The address of the residue to setup. The resulting structure's * size is determined by \p m. * \param[in] m The address of the modulus related to \p r. - * \param[in] p The address of the limb array storing the value of \p r. + * \param[in] p The address of the limb array containing the value of \p r. * The memory pointed to by \p p will be used by \p r and must * not be modified in any way until after * mbedtls_mpi_mod_residue_release() is called. The data - * pointed by \p p should be less than the modulus (the value - * pointed by `m->p`) and already in the representation + * pointed to by \p p must be less than the modulus (the value + * pointed to by `m->p`) and already in the representation * indicated by `m->int_rep`. - * \param p_limbs The number of limbs of \p p. It must have at most as - * many limbs as the modulus \p m.) + * \param p_limbs The number of limbs of \p p. Must be <= the number of + * limbs in the modulus \p m.) * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the @@ -186,15 +186,15 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); /** Read a residue from a byte buffer. * * The residue will be automatically converted to the internal representation - * based on the value of `m->int_rep` field. + * based on the value of the `m->int_rep` field. * * The modulus \p m will be the modulus associated with \p r. The residue \p r * should only be used in operations where the modulus is \p m or a modulus * equivalent to \p m (in the sense that all their fields or memory pointed by * their fields hold the same value). * - * \param r The address of the residue. It must have as many limbs as - * the modulus \p m. + * \param r The address of the residue. It must have exactly the same + * number of limbs as the modulus \p m. * \param m The address of the modulus. * \param buf The input buffer to import from. * \param buflen The length in bytes of \p buf. @@ -237,7 +237,7 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't * large enough to hold the value of \p r (without leading * zeroes). - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if of \p ext_rep is invalid. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep is invalid. */ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, From ee530cc6445e3f8138cd2217b92e78394d892c47 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 25 Nov 2022 15:54:40 +0000 Subject: [PATCH 13/28] Bignum Mod: improve documentation Signed-off-by: Janos Follath --- library/bignum_mod.h | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 0706dd7a1..67c48498e 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -86,8 +86,7 @@ typedef struct { * equivalent to \p m (in the sense that all their fields or memory pointed to by * their fields hold the same value). * - * \param[out] r The address of the residue to setup. The resulting structure's - * size is determined by \p m. + * \param[out] r The address of the residue to setup. * \param[in] m The address of the modulus related to \p r. * \param[in] p The address of the limb array containing the value of \p r. * The memory pointed to by \p p will be used by \p r and must @@ -96,8 +95,8 @@ typedef struct { * pointed to by \p p must be less than the modulus (the value * pointed to by `m->p`) and already in the representation * indicated by `m->int_rep`. - * \param p_limbs The number of limbs of \p p. Must be <= the number of - * limbs in the modulus \p m.) + * \param p_limbs The number of limbs of \p p. Must be the same as the number + * of limbs in the modulus \p m.) * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the @@ -138,8 +137,7 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ); * associated with \p m (see #mbedtls_mpi_mod_rep_selector). * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep or \p int_rep is - * invalid. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid. */ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m, const mbedtls_mpi_uint *p, From 799eaeefdb585478c192cf13974e762ed6269b80 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 25 Nov 2022 15:57:04 +0000 Subject: [PATCH 14/28] Bignum Mod: move init before any goto Test macros have goto instructions to the end where everything is freed. We need to call init before that happens to make calling free functions safe. Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod.function | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index bb87ba9d9..b716ab5ca 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -130,15 +130,15 @@ void mpi_mod_io_neg( ) const size_t buff_bytes = 1024; + mbedtls_mpi_mod_modulus_init( &m ); + mbedtls_mpi_mod_modulus_init( &m2 ); + /* Allocate the memory for intermediate data structures */ TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, hex_modulus_single ) ); TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, hex_residue_single ) ); TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N2, &n2_limbs, hex_modulus_multi ) ); TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R2, &r2_limbs, hex_residue_multi ) ); - mbedtls_mpi_mod_modulus_init( &m ); - mbedtls_mpi_mod_modulus_init( &m2 ); - /* Allocate more than required space on buffer so we can test for input_r > mpi */ ASSERT_ALLOC( r_buff, buff_bytes ); memset( r_buff, 0x1, 1 ); @@ -218,6 +218,8 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) mbedtls_mpi_mod_residue r; size_t n_limbs, n_bytes, a_bytes; + mbedtls_mpi_mod_modulus_init( &m ); + /* Read inputs */ TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_N ) ); n_bytes = n_limbs * sizeof( mbedtls_mpi_uint ); @@ -231,7 +233,6 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) TEST_LE_U(a_bytes, n_bytes ); /* Init Structures */ - mbedtls_mpi_mod_modulus_init( &m ); TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); From f55505d38b330274c03148139667f0ca94278baa Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 25 Nov 2022 17:58:40 +0000 Subject: [PATCH 15/28] Bignum Mod Raw: fix tests after rebase Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod_raw.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index eb1980c29..c7decf007 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -308,7 +308,6 @@ void mpi_mod_raw_sub( char * input_A, TEST_EQUAL( mbedtls_mpi_mod_modulus_setup( &m, N, limbs, - MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 ); mbedtls_mpi_mod_raw_sub( X, A, B, &m ); @@ -390,7 +389,6 @@ void mpi_mod_raw_add( char * input_N, TEST_EQUAL( mbedtls_mpi_mod_modulus_setup( &m, N, limbs, - MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 ); From 91f3abdfdadcf1271bc88b9861324ca1b52d0ee4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 11:47:14 +0000 Subject: [PATCH 16/28] Bignum Mod: improve residue_setup test - Rename input variables to match their purpose. - Assert fields upon success Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod.function | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index b716ab5ca..6aaa9df76 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -81,7 +81,7 @@ exit: /* BEGIN MERGE SLOT 7 */ /* BEGIN_CASE */ -void mpi_residue_setup( char * input_X, char * input_Y, int ret ) +void mpi_residue_setup( char * input_N, char * input_R, int ret ) { mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; @@ -92,14 +92,20 @@ void mpi_residue_setup( char * input_X, char * input_Y, int ret ) mbedtls_mpi_mod_modulus_init( &m ); /* Allocate the memory for intermediate data structures */ - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_X ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, input_Y ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_N ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, input_R ) ); TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); TEST_EQUAL( ret, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); + if ( ret == 0 ) + { + TEST_EQUAL( r.limbs, r_limbs ); + TEST_ASSERT( r.p == R ); + } + exit: mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( N ); From 96070a53a872a02c3cd70a0fde37dd254e0a79a9 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 25 Nov 2022 19:32:10 +0000 Subject: [PATCH 17/28] bignum_tests: Refactored `mpi_mod_io_neg()` This patch refactores the negative testing suite to utilised non-hardcoded input data. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_bignum_mod.data | 16 ++- tests/suites/test_suite_bignum_mod.function | 108 +++++++------------- 2 files changed, 49 insertions(+), 75 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index ef9416e16..1c2f75b11 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -56,8 +56,20 @@ mpi_residue_setup:"fe":"fe":-4 Test mbedtls_mpi_residue_setup #8 r > m mpi_residue_setup:"fe":"ff":-4 -Test mbedtls_mpi_mod_io_neg -mpi_mod_io_neg: +Test mbedtls_mpi_mod_io_neg #1 input_r < modulo m +mpi_mod_io_neg:"fe":"01":1:253:0 + +Test mbedtls_mpi_mod_io_neg #2 input_r == modulo m +mpi_mod_io_neg:"fe":"01":1:254:-4 + +Test mbedtls_mpi_mod_io_neg #3 input_r >= modulo m +mpi_mod_io_neg:"fe":"01":1:255:-4 + +Test mbedtls_mpi_mod_io_neg #4 input_r too large to fit +mpi_mod_io_neg:"fe":"01":1024:255:-8 + +Test mbedtls_mpi_mod_io_neg #5 Sucesfull read / output buffer too small +mpi_mod_io_neg:"7ffffffffffffffffffffffffffffff1":"7ffffffffffffffffffffffffffffff0":2:255:0 Test mbedtls_mpi_mod_io #1 N: "11" A: "119". mpi_mod_io:"000000000000000b":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 6aaa9df76..d318ba89c 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -114,102 +114,64 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mpi_mod_io_neg( ) +void mpi_mod_io_neg( char * input_N, char * input_R, int buff_bytes, int buff_byte_val, int ret ) { mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; - mbedtls_mpi_uint *N2 = NULL; - mbedtls_mpi_uint *R2 = NULL; unsigned char *r_buff = NULL; - - size_t n_limbs, r_limbs, n2_limbs, r2_limbs; + size_t n_limbs, r_limbs; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue r; - mbedtls_mpi_mod_modulus m2; mbedtls_mpi_mod_residue rn = { NULL, 0 }; - - const char *hex_residue_single = "01"; - const char *hex_modulus_single = "fe"; - const char *hex_residue_multi = "7ffffffffffffffffffffffffffffff0"; - const char *hex_modulus_multi = "7ffffffffffffffffffffffffffffff1"; - - const size_t buff_bytes = 1024; + mbedtls_mpi_mod_ext_rep endian = MBEDTLS_MPI_MOD_EXT_REP_LE; mbedtls_mpi_mod_modulus_init( &m ); - mbedtls_mpi_mod_modulus_init( &m2 ); /* Allocate the memory for intermediate data structures */ - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, hex_modulus_single ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, hex_residue_single ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N2, &n2_limbs, hex_modulus_multi ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R2, &r2_limbs, hex_residue_multi ) ); - - /* Allocate more than required space on buffer so we can test for input_r > mpi */ ASSERT_ALLOC( r_buff, buff_bytes ); - memset( r_buff, 0x1, 1 ); + /* Fill the buffer with the value passed in */ + memset( r_buff, buff_byte_val, buff_bytes ); - mbedtls_mpi_mod_ext_rep endian = MBEDTLS_MPI_MOD_EXT_REP_LE; - TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_N ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, input_R ) ); - TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); - - /* Pass for input_r < modulo */ - TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); - - /* Pass for input_r == modulo -1 */ - memset( r_buff, 0xfd, buff_bytes ); - TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); - - /* modulo->p == NULL || residue->p == NULL ( m2 has not been set-up ) */ + /* modulo->p == NULL || residue->p == NULL ( m has not been set-up ) */ TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &r, &m2, r_buff, 1, endian ) ); - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &rn, &m, r_buff, 1, endian ) ); - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_write( &r, &m2, r_buff, 1, endian ) ); - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_write( &rn, &m, r_buff, 1, endian ) ); - - /* Fail for r_limbs < m->limbs */ - r.limbs = m.limbs - 1; - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_write( &rn, &m, r_buff, 1, endian ) ); - r.limbs = r_limbs; - - /* Fail if input_r >= modulo m */ - /* input_r = modulo */ - memset( r_buff, 0xfe, buff_bytes ); - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); - - /* input_r > modulo */ - memset( r_buff, 0xff, buff_bytes ); - TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &r, &m, r_buff, 1, endian ) ); - - /* Data too large to fit */ - TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes, endian ) ); - /* Read the two limbs input data into a larger modulus and residue */ - TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m2, N2, n2_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); - rn.p = R2; - rn.limbs = r2_limbs; - TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, - mbedtls_mpi_mod_write( &rn, &m2, r_buff, 1, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_write( &r, &m, r_buff, buff_bytes, endian ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); + + /* modulo->p == NULL || residue->p == NULL ( m has been set-up ) */ + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &rn, &m, r_buff, buff_bytes, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_write( &rn, &m, r_buff, buff_bytes, endian ) ); + + /* Fail for r_limbs > m->limbs */ + r.limbs = m.limbs + 1; + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_write( &r, &m, r_buff, buff_bytes, endian ) ); + r.limbs = r_limbs; + + /* Test the read */ + TEST_EQUAL( ret, mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes, endian ) ); + + /* Test write overflow only when the representation is large and read is successful */ + if (r.limbs > 1 && ret == 0) + TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, + mbedtls_mpi_mod_write( &r, &m, r_buff, 1, endian ) ); exit: mbedtls_mpi_mod_modulus_free( &m ); - mbedtls_mpi_mod_modulus_free( &m2 ); mbedtls_free( N ); mbedtls_free( R ); - mbedtls_free( N2 ); - mbedtls_free( R2 ); mbedtls_free( r_buff ); } /* END_CASE */ From 566c91db27a3b0d2b90e205db904966a6e5aa47f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 12:05:50 +0000 Subject: [PATCH 18/28] Bignum Mod: io_neg test pass data directly Pass buffer directly instead of constructing it in the function. Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod.data | 12 +++++----- tests/suites/test_suite_bignum_mod.function | 25 ++++++++------------- 2 files changed, 15 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index 1c2f75b11..8579becfa 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -57,19 +57,19 @@ Test mbedtls_mpi_residue_setup #8 r > m mpi_residue_setup:"fe":"ff":-4 Test mbedtls_mpi_mod_io_neg #1 input_r < modulo m -mpi_mod_io_neg:"fe":"01":1:253:0 +mpi_mod_io_neg:"fe":"01":"fd":0 Test mbedtls_mpi_mod_io_neg #2 input_r == modulo m -mpi_mod_io_neg:"fe":"01":1:254:-4 +mpi_mod_io_neg:"fe":"01":"fe":MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Test mbedtls_mpi_mod_io_neg #3 input_r >= modulo m -mpi_mod_io_neg:"fe":"01":1:255:-4 +Test mbedtls_mpi_mod_io_neg #3 input_r > modulo m +mpi_mod_io_neg:"fe":"01":"ff":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_mod_io_neg #4 input_r too large to fit -mpi_mod_io_neg:"fe":"01":1024:255:-8 +mpi_mod_io_neg:"fe":"01":"ffffffffffffffffff":MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL Test mbedtls_mpi_mod_io_neg #5 Sucesfull read / output buffer too small -mpi_mod_io_neg:"7ffffffffffffffffffffffffffffff1":"7ffffffffffffffffffffffffffffff0":2:255:0 +mpi_mod_io_neg:"7ffffffffffffffffffffffffffffff1":"7ffffffffffffffffffffffffffffff0":"ffff":0 Test mbedtls_mpi_mod_io #1 N: "11" A: "119". mpi_mod_io:"000000000000000b":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index d318ba89c..1d6b850b5 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -114,11 +114,10 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mpi_mod_io_neg( char * input_N, char * input_R, int buff_bytes, int buff_byte_val, int ret ) +void mpi_mod_io_neg( char * input_N, char * input_R, data_t * buf, int ret ) { mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; - unsigned char *r_buff = NULL; size_t n_limbs, r_limbs; mbedtls_mpi_mod_modulus m; @@ -128,20 +127,15 @@ void mpi_mod_io_neg( char * input_N, char * input_R, int buff_bytes, int buff_by mbedtls_mpi_mod_modulus_init( &m ); - /* Allocate the memory for intermediate data structures */ - ASSERT_ALLOC( r_buff, buff_bytes ); - /* Fill the buffer with the value passed in */ - memset( r_buff, buff_byte_val, buff_bytes ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_N ) ); TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, input_R ) ); /* modulo->p == NULL || residue->p == NULL ( m has not been set-up ) */ TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes, endian ) ); + mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_write( &r, &m, r_buff, buff_bytes, endian ) ); + mbedtls_mpi_mod_write( &r, &m, buf->x, buf->len, endian ) ); TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); @@ -149,30 +143,29 @@ void mpi_mod_io_neg( char * input_N, char * input_R, int buff_bytes, int buff_by /* modulo->p == NULL || residue->p == NULL ( m has been set-up ) */ TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &rn, &m, r_buff, buff_bytes, endian ) ); + mbedtls_mpi_mod_read( &rn, &m, buf->x, buf->len, endian ) ); TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_write( &rn, &m, r_buff, buff_bytes, endian ) ); + mbedtls_mpi_mod_write( &rn, &m, buf->x, buf->len, endian ) ); /* Fail for r_limbs > m->limbs */ r.limbs = m.limbs + 1; TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes, endian ) ); + mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_write( &r, &m, r_buff, buff_bytes, endian ) ); + mbedtls_mpi_mod_write( &r, &m, buf->x, buf->len, endian ) ); r.limbs = r_limbs; /* Test the read */ - TEST_EQUAL( ret, mbedtls_mpi_mod_read( &r, &m, r_buff, buff_bytes, endian ) ); + TEST_EQUAL( ret, mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); /* Test write overflow only when the representation is large and read is successful */ if (r.limbs > 1 && ret == 0) TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, - mbedtls_mpi_mod_write( &r, &m, r_buff, 1, endian ) ); + mbedtls_mpi_mod_write( &r, &m, buf->x, 1, endian ) ); exit: mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( N ); mbedtls_free( R ); - mbedtls_free( r_buff ); } /* END_CASE */ From 339b439906f9f36d36dac1ca5ece8eac73e72449 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 12:20:41 +0000 Subject: [PATCH 19/28] Bignum Mod: remove unused parameter in io_neg test The value was overwritten and the length wasn't used either. This latter could have lead to a buffer overflow as well. Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod.data | 10 +++++----- tests/suites/test_suite_bignum_mod.function | 9 +++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data index 8579becfa..2ea4a5833 100644 --- a/tests/suites/test_suite_bignum_mod.data +++ b/tests/suites/test_suite_bignum_mod.data @@ -57,19 +57,19 @@ Test mbedtls_mpi_residue_setup #8 r > m mpi_residue_setup:"fe":"ff":-4 Test mbedtls_mpi_mod_io_neg #1 input_r < modulo m -mpi_mod_io_neg:"fe":"01":"fd":0 +mpi_mod_io_neg:"fe":"fd":0 Test mbedtls_mpi_mod_io_neg #2 input_r == modulo m -mpi_mod_io_neg:"fe":"01":"fe":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mpi_mod_io_neg:"fe":"fe":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_mod_io_neg #3 input_r > modulo m -mpi_mod_io_neg:"fe":"01":"ff":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mpi_mod_io_neg:"fe":"ff":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_mod_io_neg #4 input_r too large to fit -mpi_mod_io_neg:"fe":"01":"ffffffffffffffffff":MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +mpi_mod_io_neg:"fe":"ffffffffffffffffff":MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL Test mbedtls_mpi_mod_io_neg #5 Sucesfull read / output buffer too small -mpi_mod_io_neg:"7ffffffffffffffffffffffffffffff1":"7ffffffffffffffffffffffffffffff0":"ffff":0 +mpi_mod_io_neg:"7ffffffffffffffffffffffffffffff1":"ffff":0 Test mbedtls_mpi_mod_io #1 N: "11" A: "119". mpi_mod_io:"000000000000000b":"0000000000000000":MBEDTLS_MPI_MOD_EXT_REP_BE diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 1d6b850b5..6a70e7287 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -114,11 +114,10 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mpi_mod_io_neg( char * input_N, char * input_R, data_t * buf, int ret ) +void mpi_mod_io_neg( char * input_N, data_t * buf, int ret ) { mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; - size_t n_limbs, r_limbs; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue r; @@ -127,8 +126,10 @@ void mpi_mod_io_neg( char * input_N, char * input_R, data_t * buf, int ret ) mbedtls_mpi_mod_modulus_init( &m ); + size_t n_limbs; TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_N ) ); - TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &R, &r_limbs, input_R ) ); + size_t r_limbs = n_limbs; + ASSERT_ALLOC( R, r_limbs ); /* modulo->p == NULL || residue->p == NULL ( m has not been set-up ) */ TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, @@ -139,7 +140,7 @@ void mpi_mod_io_neg( char * input_N, char * input_R, data_t * buf, int ret ) TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); - TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , n_limbs ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); /* modulo->p == NULL || residue->p == NULL ( m has been set-up ) */ TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, From 6ef582f2b8a8c280e6f47ffb372c89f6b93cfb11 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 14:19:02 +0000 Subject: [PATCH 20/28] Bignum Mod Tests: improve readabilty and style Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 6a70e7287..8945968d7 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -160,7 +160,7 @@ void mpi_mod_io_neg( char * input_N, data_t * buf, int ret ) TEST_EQUAL( ret, mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); /* Test write overflow only when the representation is large and read is successful */ - if (r.limbs > 1 && ret == 0) + if ( r.limbs > 1 && ret == 0 ) TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, mbedtls_mpi_mod_write( &r, &m, buf->x, 1, endian ) ); exit: @@ -185,14 +185,14 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) /* Read inputs */ TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &N, &n_limbs, input_N ) ); n_bytes = n_limbs * sizeof( mbedtls_mpi_uint ); - a_bytes = input_A->len * sizeof( char ); + a_bytes = input_A->len; /* Allocate the memory for intermediate data structures */ ASSERT_ALLOC( R, n_bytes ); ASSERT_ALLOC( r_buff, a_bytes ); /* Test that input's size is not greater to modulo's */ - TEST_LE_U(a_bytes, n_bytes ); + TEST_LE_U( a_bytes, n_bytes ); /* Init Structures */ TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, From 75b9f0fd2e463ce748dbd44efb1fd1fecbd26d89 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 14:28:50 +0000 Subject: [PATCH 21/28] mbedtls_mpi_mod_read/write: remove redundant checks The function isn't documented as accepting null pointer, and there's no reason why it should be. Just let it dereference the pointer. The null/zero checks are only marginally useful: they validate that m and r are properly populated objects, not freshly initialized ones. For that, it's enough to check that the pointers aren't null or that the sizes aren't zero, we don't need to check both. Also, use separate if statements for unrelated checks. Signed-off-by: Janos Follath --- library/bignum_mod.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 3cb3c436d..f07307ce5 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -203,11 +203,11 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - if ( r == NULL || m == NULL ) - goto cleanup; - if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs || - r->limbs == 0 || m->limbs == 0 ) + /* Do our best to check if r and m have been set up */ + if ( r->limbs == 0 || m->limbs == 0 ) + goto cleanup; + if ( r->limbs > m->limbs ) goto cleanup; ret = mbedtls_mpi_mod_raw_read( r->p, m, buf, buflen, ext_rep ); @@ -232,11 +232,10 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - if ( r == NULL || m == NULL ) + /* Do our best to check if r and m have been set up */ + if ( r->limbs == 0 || m->limbs == 0 ) goto cleanup; - - if ( r->p == NULL || m->p == NULL || r->limbs > m->limbs || - r->limbs == 0 || m->limbs == 0 ) + if ( r->limbs > m->limbs ) goto cleanup; if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) From d7bb35257b7279696a445a03d48579f58a53e5d3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 14:59:27 +0000 Subject: [PATCH 22/28] mbedtls_mpi_mod_read/write: restrict pre-conditions Require equality for the number of limbs in the modulus and the residue. This makes these functions consistent with residue_setup(). Signed-off-by: Janos Follath --- library/bignum_mod.c | 4 ++-- tests/suites/test_suite_bignum_mod.function | 18 +++++++++++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index f07307ce5..7f7c71512 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -207,7 +207,7 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, /* Do our best to check if r and m have been set up */ if ( r->limbs == 0 || m->limbs == 0 ) goto cleanup; - if ( r->limbs > m->limbs ) + if ( r->limbs != m->limbs ) goto cleanup; ret = mbedtls_mpi_mod_raw_read( r->p, m, buf, buflen, ext_rep ); @@ -235,7 +235,7 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, /* Do our best to check if r and m have been set up */ if ( r->limbs == 0 || m->limbs == 0 ) goto cleanup; - if ( r->limbs > m->limbs ) + if ( r->limbs != m->limbs ) goto cleanup; if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 8945968d7..7042ed3d2 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -148,13 +148,23 @@ void mpi_mod_io_neg( char * input_N, data_t * buf, int ret ) TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &rn, &m, buf->x, buf->len, endian ) ); - /* Fail for r_limbs > m->limbs */ - r.limbs = m.limbs + 1; + /* Fail for r_limbs < m->limbs */ + r.limbs--; + TEST_ASSERT( r.limbs < m.limbs ); TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &r, &m, buf->x, buf->len, endian ) ); - r.limbs = r_limbs; + r.limbs++; + + /* Fail for r_limbs > m->limbs */ + m.limbs--; + TEST_ASSERT( r.limbs > m.limbs ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); + TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, + mbedtls_mpi_mod_write( &r, &m, buf->x, buf->len, endian ) ); + m.limbs++; /* Test the read */ TEST_EQUAL( ret, mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); @@ -163,7 +173,9 @@ void mpi_mod_io_neg( char * input_N, data_t * buf, int ret ) if ( r.limbs > 1 && ret == 0 ) TEST_EQUAL( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, mbedtls_mpi_mod_write( &r, &m, buf->x, 1, endian ) ); + exit: + mbedtls_mpi_mod_residue_release( &r ); mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( N ); mbedtls_free( R ); From 8dfc8c41b7fb12a42d2828e88943850ec69e9480 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 15:39:02 +0000 Subject: [PATCH 23/28] mbedtls_mpi_mod_write: prevent data corruption The function wasn't converting back data to internal representation when writing it out. Signed-off-by: Janos Follath --- library/bignum_mod.c | 16 ++++++++++++++-- tests/suites/test_suite_bignum_mod.function | 10 ++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 7f7c71512..4fe6e4854 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -231,6 +231,7 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_ext_rep ext_rep ) { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + int conv_ret = 0; /* Do our best to check if r and m have been set up */ if ( r->limbs == 0 || m->limbs == 0 ) @@ -238,12 +239,23 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, if ( r->limbs != m->limbs ) goto cleanup; - if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) - ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m ); + if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) + { + conv_ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m ); + if( conv_ret != 0 ) + goto cleanup; + } ret = mbedtls_mpi_mod_raw_write( r->p, m, buf, buflen, ext_rep ); + if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) + conv_ret = mbedtls_mpi_mod_raw_to_mont_rep( r->p, m ); + cleanup: + + if ( ret == 0 ) + ret = conv_ret; + return ( ret ); } /* END MERGE SLOT 7 */ diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 7042ed3d2..df6bb45f6 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -187,9 +187,11 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) { mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; + mbedtls_mpi_uint *R_COPY = NULL; unsigned char *r_buff = NULL; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue r; + mbedtls_mpi_mod_residue r_copy; size_t n_limbs, n_bytes, a_bytes; mbedtls_mpi_mod_modulus_init( &m ); @@ -201,6 +203,7 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) /* Allocate the memory for intermediate data structures */ ASSERT_ALLOC( R, n_bytes ); + ASSERT_ALLOC( R_COPY, n_bytes ); ASSERT_ALLOC( r_buff, a_bytes ); /* Test that input's size is not greater to modulo's */ @@ -219,11 +222,18 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) TEST_EQUAL( 0, mbedtls_mpi_mod_write( &r, &m, r_buff, a_bytes, endian ) ); + /* Make sure that writing didn't change the value of r */ + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r_copy, &m, R_COPY, n_limbs ) ); + TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r_copy, &m, input_A->x, input_A->len, + endian ) ); + ASSERT_COMPARE( r.p, r.limbs, r_copy.p, r_copy.limbs ); + ASSERT_COMPARE( r_buff, a_bytes, input_A->x, a_bytes ); exit: mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( N ); mbedtls_free( R ); + mbedtls_free( R_COPY ); mbedtls_free( r_buff ); } /* END_CASE */ From 0020df9cf929119eb322784a8608039533f645b9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 17:23:16 +0000 Subject: [PATCH 24/28] mpi_mod_io: test with various buffer sizes Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod.function | 70 ++++++++++++++++++--- 1 file changed, 60 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index df6bb45f6..8fdd7b986 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -188,7 +188,8 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) mbedtls_mpi_uint *N = NULL; mbedtls_mpi_uint *R = NULL; mbedtls_mpi_uint *R_COPY = NULL; - unsigned char *r_buff = NULL; + unsigned char *obuf = NULL; + unsigned char *ref_buf = NULL; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue r; mbedtls_mpi_mod_residue r_copy; @@ -204,7 +205,6 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) /* Allocate the memory for intermediate data structures */ ASSERT_ALLOC( R, n_bytes ); ASSERT_ALLOC( R_COPY, n_bytes ); - ASSERT_ALLOC( r_buff, a_bytes ); /* Test that input's size is not greater to modulo's */ TEST_LE_U( a_bytes, n_bytes ); @@ -219,22 +219,72 @@ void mpi_mod_io( char * input_N, data_t * input_A, int endian ) TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r, &m, input_A->x, input_A->len, endian ) ); - TEST_EQUAL( 0, mbedtls_mpi_mod_write( &r, &m, r_buff, a_bytes, - endian ) ); - - /* Make sure that writing didn't change the value of r */ - TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r_copy, &m, R_COPY, n_limbs ) ); + /* Read a copy for checking that writing didn't change the value of r */ + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r_copy, &m, + R_COPY, n_limbs ) ); TEST_EQUAL( 0, mbedtls_mpi_mod_read( &r_copy, &m, input_A->x, input_A->len, endian ) ); - ASSERT_COMPARE( r.p, r.limbs, r_copy.p, r_copy.limbs ); - ASSERT_COMPARE( r_buff, a_bytes, input_A->x, a_bytes ); + /* Get number of bytes without leading zeroes */ + size_t a_bytes_trimmed = a_bytes; + while( a_bytes_trimmed > 0 ) + { + unsigned char* r_byte_array = (unsigned char*) r.p; + if( r_byte_array[--a_bytes_trimmed] != 0 ) + break; + } + a_bytes_trimmed++; + + /* Test write with three output buffer sizes: tight, same as input and + * longer than the input */ + size_t obuf_sizes[3]; + const size_t obuf_sizes_len = sizeof( obuf_sizes ) / sizeof( obuf_sizes[0] ); + obuf_sizes[0] = a_bytes_trimmed; + obuf_sizes[1] = a_bytes; + obuf_sizes[2] = a_bytes + 8; + + for( size_t i = 0; i < obuf_sizes_len; i++ ) + { + ASSERT_ALLOC( obuf, obuf_sizes[i] ); + TEST_EQUAL( 0, mbedtls_mpi_mod_write( &r, &m, obuf, obuf_sizes[i], endian ) ); + + /* Make sure that writing didn't corrupt the value of r */ + ASSERT_COMPARE( r.p, r.limbs, r_copy.p, r_copy.limbs ); + + /* Set up reference output for checking the result */ + ASSERT_ALLOC( ref_buf, obuf_sizes[i] ); + switch( endian ) + { + case MBEDTLS_MPI_MOD_EXT_REP_LE: + memcpy( ref_buf, input_A->x, a_bytes_trimmed ); + break; + case MBEDTLS_MPI_MOD_EXT_REP_BE: + { + size_t a_offset = input_A->len - a_bytes_trimmed; + size_t ref_offset = obuf_sizes[i] - a_bytes_trimmed; + memcpy( ref_buf + ref_offset, input_A->x + a_offset, + a_bytes_trimmed ); + } + break; + default: + TEST_ASSERT( 0 ); + } + + /* Check the result */ + ASSERT_COMPARE( obuf, obuf_sizes[i], ref_buf, obuf_sizes[i] ); + + mbedtls_free( ref_buf ); + ref_buf = NULL; + mbedtls_free( obuf ); + obuf = NULL; + } + exit: mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( N ); mbedtls_free( R ); mbedtls_free( R_COPY ); - mbedtls_free( r_buff ); + mbedtls_free( obuf ); } /* END_CASE */ /* END MERGE SLOT 7 */ From 6eb92c04106faeab4ee280ed4c17b90eeb36436f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 17:34:37 +0000 Subject: [PATCH 25/28] Bignum Mod: improve documentation and style Signed-off-by: Janos Follath --- library/bignum_mod.c | 31 +++++++++++++++---------------- library/bignum_mod.h | 8 +++----- 2 files changed, 18 insertions(+), 21 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 4fe6e4854..74af509ae 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -50,7 +50,7 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r, void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) { - if ( r == NULL ) + if( r == NULL ) return; r->limbs = 0; @@ -59,7 +59,7 @@ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r ) void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ) { - if ( m == NULL ) + if( m == NULL ) return; m->p = NULL; @@ -70,7 +70,7 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m ) void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ) { - if ( m == NULL ) + if( m == NULL ) return; switch( m->int_rep ) @@ -110,17 +110,17 @@ static int set_mont_const_square( const mbedtls_mpi_uint **X, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &RR ); - if ( A == NULL || limbs == 0 || limbs >= ( MBEDTLS_MPI_MAX_LIMBS / 2 ) - 2 ) + if( A == NULL || limbs == 0 || limbs >= ( MBEDTLS_MPI_MAX_LIMBS / 2 ) - 2 ) goto cleanup; - if ( mbedtls_mpi_grow( &N, limbs ) ) + if( mbedtls_mpi_grow( &N, limbs ) ) goto cleanup; memcpy( N.p, A, sizeof(mbedtls_mpi_uint) * limbs ); ret = mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N); - if ( ret == 0 ) + if( ret == 0 ) { *X = RR.p; RR.p = NULL; @@ -205,20 +205,19 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, /* Do our best to check if r and m have been set up */ - if ( r->limbs == 0 || m->limbs == 0 ) + if( r->limbs == 0 || m->limbs == 0 ) goto cleanup; - if ( r->limbs != m->limbs ) + if( r->limbs != m->limbs ) goto cleanup; ret = mbedtls_mpi_mod_raw_read( r->p, m, buf, buflen, ext_rep ); - if( ret != 0 ) goto cleanup; r->limbs = m->limbs; - if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) - ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, m); + if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) + ret = mbedtls_mpi_mod_raw_to_mont_rep( r->p, m ); cleanup: return ( ret ); @@ -234,12 +233,12 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, int conv_ret = 0; /* Do our best to check if r and m have been set up */ - if ( r->limbs == 0 || m->limbs == 0 ) + if( r->limbs == 0 || m->limbs == 0 ) goto cleanup; - if ( r->limbs != m->limbs ) + if( r->limbs != m->limbs ) goto cleanup; - if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) + if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) { conv_ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m ); if( conv_ret != 0 ) @@ -248,12 +247,12 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, ret = mbedtls_mpi_mod_raw_write( r->p, m, buf, buflen, ext_rep ); - if ( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) + if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) conv_ret = mbedtls_mpi_mod_raw_to_mont_rep( r->p, m ); cleanup: - if ( ret == 0 ) + if( ret == 0 ) ret = conv_ret; return ( ret ); diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 67c48498e..ae486b9b6 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -82,9 +82,7 @@ typedef struct { * and interpreted according to the value of the `m->int_rep` field. * * The modulus \p m will be the modulus associated with \p r. The residue \p r - * should only be used in operations where the modulus is \p m or a modulus - * equivalent to \p m (in the sense that all their fields or memory pointed to by - * their fields hold the same value). + * should only be used in operations where the modulus is \p m. * * \param[out] r The address of the residue to setup. * \param[in] m The address of the modulus related to \p r. @@ -96,7 +94,7 @@ typedef struct { * pointed to by `m->p`) and already in the representation * indicated by `m->int_rep`. * \param p_limbs The number of limbs of \p p. Must be the same as the number - * of limbs in the modulus \p m.) + * of limbs in the modulus \p m. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the @@ -219,7 +217,7 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, * based on the value of `m->int_rep` field. * * \warning If the buffer is smaller than `m->bits`, the number of - * leading zeroes is leaked through side channels. If \p r is + * leading zeroes is leaked through timing. If \p r is * secret, the caller must ensure that \p buflen is at least * (`m->bits`+7)/8. * From e7190a2960d2071b96246808f7f76996bdb61592 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 26 Nov 2022 18:46:54 +0000 Subject: [PATCH 26/28] mpi_mod_io_neg: fix use of uninitialized value Uninitialized values are invalid for the tested functions and we shouldn't be testing that. Signed-off-by: Janos Follath --- tests/suites/test_suite_bignum_mod.function | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 8fdd7b986..a941cb642 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -120,8 +120,7 @@ void mpi_mod_io_neg( char * input_N, data_t * buf, int ret ) mbedtls_mpi_uint *R = NULL; mbedtls_mpi_mod_modulus m; - mbedtls_mpi_mod_residue r; - mbedtls_mpi_mod_residue rn = { NULL, 0 }; + mbedtls_mpi_mod_residue r = { NULL, 0 }; mbedtls_mpi_mod_ext_rep endian = MBEDTLS_MPI_MOD_EXT_REP_LE; mbedtls_mpi_mod_modulus_init( &m ); @@ -131,22 +130,24 @@ void mpi_mod_io_neg( char * input_N, data_t * buf, int ret ) size_t r_limbs = n_limbs; ASSERT_ALLOC( R, r_limbs ); - /* modulo->p == NULL || residue->p == NULL ( m has not been set-up ) */ + /* modulus->p == NULL || residue->p == NULL ( m has not been set-up ) */ TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_write( &r, &m, buf->x, buf->len, endian ) ); + /* Set up modulus and test with residue->p == NULL */ TEST_EQUAL( 0, mbedtls_mpi_mod_modulus_setup( &m, N, n_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) ); - TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); - /* modulo->p == NULL || residue->p == NULL ( m has been set-up ) */ TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_read( &rn, &m, buf->x, buf->len, endian ) ); + mbedtls_mpi_mod_read( &r, &m, buf->x, buf->len, endian ) ); TEST_EQUAL( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_write( &rn, &m, buf->x, buf->len, endian ) ); + mbedtls_mpi_mod_write( &r, &m, buf->x, buf->len, endian ) ); + + /* Do the rest of the tests with a residue set up with the input data */ + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &r, &m, R , r_limbs ) ); /* Fail for r_limbs < m->limbs */ r.limbs--; From 84bee4c49230ecd50ab6105faf696ff015f03624 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 28 Nov 2022 10:27:14 +0000 Subject: [PATCH 27/28] mbedtls_mpi_mod_write: improve readability Signed-off-by: Janos Follath --- library/bignum_mod.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 74af509ae..0f2d7e23a 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -230,7 +230,6 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, mbedtls_mpi_mod_ext_rep ext_rep ) { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - int conv_ret = 0; /* Do our best to check if r and m have been set up */ if( r->limbs == 0 || m->limbs == 0 ) @@ -240,21 +239,26 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) { - conv_ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m ); - if( conv_ret != 0 ) + ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m ); + if( ret != 0 ) goto cleanup; } ret = mbedtls_mpi_mod_raw_write( r->p, m, buf, buflen, ext_rep ); if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY ) - conv_ret = mbedtls_mpi_mod_raw_to_mont_rep( r->p, m ); + { + /* If this fails, the value of r is corrupted and we want to return + * this error (as opposed to the error code from the write above) to + * let the caller know. If it succeeds, we want to return the error + * code from write above. */ + int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep( r->p, m ); + if( ret == 0 ) + ret = conv_ret; + } cleanup: - if( ret == 0 ) - ret = conv_ret; - return ( ret ); } /* END MERGE SLOT 7 */ From 1f8afa22a4312f94de639fe3f38bec0da062e316 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 28 Nov 2022 14:32:33 +0000 Subject: [PATCH 28/28] Bignum Mod: improve documentation and style Signed-off-by: Janos Follath --- library/bignum_mod.c | 1 - library/bignum_mod.h | 19 ++++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 0f2d7e23a..7a5539d8d 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -203,7 +203,6 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - /* Do our best to check if r and m have been set up */ if( r->limbs == 0 || m->limbs == 0 ) goto cleanup; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index ae486b9b6..d92f21ee0 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -189,10 +189,10 @@ void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m ); * equivalent to \p m (in the sense that all their fields or memory pointed by * their fields hold the same value). * - * \param r The address of the residue. It must have exactly the same + * \param[out] r The address of the residue. It must have exactly the same * number of limbs as the modulus \p m. - * \param m The address of the modulus. - * \param buf The input buffer to import from. + * \param[in] m The address of the modulus. + * \param[in] buf The input buffer to import from. * \param buflen The length in bytes of \p buf. * \param ext_rep The endianness of the number in the input buffer. * @@ -221,10 +221,12 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, * secret, the caller must ensure that \p buflen is at least * (`m->bits`+7)/8. * - * \param r The address of the residue. It must have as many limbs as - * the modulus \p m. - * \param m The address of the modulus associated with \r. - * \param buf The output buffer to export to. + * \param[in] r The address of the residue. It must have the same number of + * limbs as the modulus \p m. (\p r is an input parameter, but + * its value will be modified during execution and restored + * before the function returns.) + * \param[in] m The address of the modulus associated with \r. + * \param[out] buf The output buffer to export to. * \param buflen The length in bytes of \p buf. * \param ext_rep The endianness in which the number should be written into * the output buffer. @@ -234,6 +236,9 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r, * large enough to hold the value of \p r (without leading * zeroes). * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep is invalid. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if couldn't allocate enough + * memory for conversion. Can occur only for moduli with + * MBEDTLS_MPI_MOD_REP_MONTGOMERY. */ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m,