Require equality for the number of limbs in the modulus and the residue.
This makes these functions consistent with residue_setup().
Signed-off-by: Janos Follath <janos.follath@arm.com>
The value was overwritten and the length wasn't used either. This latter
could have lead to a buffer overflow as well.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Test macros have goto instructions to the end where everything is freed.
We need to call init before that happens to make calling free functions
safe.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).
These are higher level concepts and are out of scope for Bignum and for
the modulus structure.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).
These are higher level concepts and are out of scope for Bignum and for
the modulus structure.
Passing endianness as a parameter is a step towards removing it from the
modulus structure.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).
These are higher level concepts and are out of scope for Bignum and for
the modulus structure.
Passing endianness as a parameter is a step towards removing it from the
modulus structure.
Signed-off-by: Janos Follath <janos.follath@arm.com>
In theory we could allow residues to have more allocated limbs than the
modulus, but we might or might not need it in the end.
Go for the simpler option for now and we can extend it later if we
really need it.
Signed-off-by: Janos Follath <janos.follath@arm.com>
We want to make sure that the value has at least as many limbs allocated
as the modulus as we need this to be able to do any operations in
constant time.
An invariant of the API is that the residue values are canonical, make
sure that the residue is compared to the entire modulus.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This patch adjusts the I/O methods and the tests.
Documentation has also been updated to be more clear.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adjusts the logic of the size checking of the method,
and refactors the tests. Documentation has also been updated.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch is inverting the input type checking logic in the method,
in order to ensure that residue < modulus.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adds the following tests for the high levet IO api:
* mpi_mod_io_neg
* mpi_mod_io
Manually generated test data has also been included.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.
The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.
With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates,
which is still needed for a few test cases in ssl-opt.sh. Curiously, this is
also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and
no other, including other DHE-PSK or ARIA cipher suites).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
