Require equality for the number of limbs in the modulus and the residue.
This makes these functions consistent with residue_setup().
Signed-off-by: Janos Follath <janos.follath@arm.com>
The function isn't documented as accepting null pointer, and there's no
reason why it should be. Just let it dereference the pointer.
The null/zero checks are only marginally useful: they validate that m
and r are properly populated objects, not freshly initialized ones. For
that, it's enough to check that the pointers aren't null or that the
sizes aren't zero, we don't need to check both.
Also, use separate if statements for unrelated checks.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The value was overwritten and the length wasn't used either. This latter
could have lead to a buffer overflow as well.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Test macros have goto instructions to the end where everything is freed.
We need to call init before that happens to make calling free functions
safe.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).
These are higher level concepts and are out of scope for Bignum and for
the modulus structure.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).
These are higher level concepts and are out of scope for Bignum and for
the modulus structure.
Passing endianness as a parameter is a step towards removing it from the
modulus structure.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).
These are higher level concepts and are out of scope for Bignum and for
the modulus structure.
Passing endianness as a parameter is a step towards removing it from the
modulus structure.
Signed-off-by: Janos Follath <janos.follath@arm.com>
In theory we could allow residues to have more allocated limbs than the
modulus, but we might or might not need it in the end.
Go for the simpler option for now and we can extend it later if we
really need it.
Signed-off-by: Janos Follath <janos.follath@arm.com>
We want to make sure that the value has at least as many limbs allocated
as the modulus as we need this to be able to do any operations in
constant time.
An invariant of the API is that the residue values are canonical, make
sure that the residue is compared to the entire modulus.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This patch adjusts the I/O methods and the tests.
Documentation has also been updated to be more clear.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adjusts the logic of the size checking of the method,
and refactors the tests. Documentation has also been updated.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch is inverting the input type checking logic in the method,
in order to ensure that residue < modulus.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adds the following tests for the high levet IO api:
* mpi_mod_io_neg
* mpi_mod_io
Manually generated test data has also been included.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adds input and ouput fucntions in the `bignum_mod` layer.
The data will be automatically converted between Cannonical and
Montgomery representation if required.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Don't use an all.sh component because there isn't one that does what we
want (modern Clang with ASan, and test everything).
* We need to set CC explicitly or tweak PATH, because clang in $PATH on
Travis focal instances is Clang 7 which is too old (we want Clang 10).
* Travis lacks the array of versions of openssl and gnutls that we normally
use for testing, so we need to exclude some tests (or build our
own multiple versions of openssl and gnutls).
The SSL test exclusions are ad hoc and based on what currently works.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.
The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.
With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates,
which is still needed for a few test cases in ssl-opt.sh. Curiously, this is
also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and
no other, including other DHE-PSK or ARIA cipher suites).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>