Commit graph

122 commits

Author SHA1 Message Date
Gilles Peskine
4380d7b7f3 Simplify cleanup logic
Take advantage of the fact that there's a single point of failure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
3b63d09fea Make the main loop's logic clearer
The loop ends when there are no more bits to process, with one twist: when
that happens, we need to clear the window one last time. Since the window
does not start empty (E_limbs==0 is not supported), the loop always starts
with a non-empty window and some bits to process. So it's correct to move
the window clearing logic to the end of the loop. This lets us exit the loop
when the end of the exponent is reached.

It would be clearer not to do the final window clearing inside the loop, so
we wouldn't need to repeat the loop termination condition (end of exponent
reached) inside the loop. However, this requires duplicating the code to
clear the window. Empirically, this causes a significant code size increase,
even if the window clearing code is placed into a function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
c718a3ce94 Simplify exponent bit selection
Use indices instead of mutating data to extract the bits of the exponent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
d83b5cb504 Local readability improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
0de0a049f1 Move window precomputation into an auxiliary function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
cf979b0fc1 Define variables closer to their use
Make variables const where possible.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
7af166b827 Change E closer to where it's used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
07f2c69511 More consistent variable names
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
0ec6e3f394 mpi_core_mod_exp: improve style and documentation
No intended change in behaviour.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
a77911e5c1 core_exp_mod: improve window selection
We are looking at the exponent at limb granularity and therefore
exponent bits can't go below 32.

The `mpi_` prefix is also removed as it is better not to have prefix at
all than to have just a partial. (Full prefix would be overly long and
would hurt readability.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
59cbd1be27 Make mbedtls_mpi_core_ct_uint_table_lookup static
Now that we have a function that calls
mbedtls_mpi_core_ct_uint_table_lookup(), the compiler won't complain if
we make it static.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
bad42c4d0d mpi_core_exp_mod: fix local variable type
On platforms with size_t different from int, mismatch between size_t and
mpi_uint can cause incorrect results or complaints from the compiler.

Signed-off-by: Janos Follath <janos.follath@arm.com>

mpi_core_exp_mod: Cast local variable explicitly

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
b6673f0f19 Add modular exponentiation to bignum core
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Tom Cosgrove
f7ff4c9a11 Tidy up, remove MPI_CORE(), and apply the naming convention
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-22 14:58:15 +00:00
Hanno Becker
d9b2348d8f Extract MPI_CORE(sub_int) from the prototype
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-22 14:58:15 +00:00
Janos Follath
2a8bcf8c6f Add bignum merge scaffolding
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:25:48 +00:00
Gilles Peskine
22cdd0ccd3 Update some internal comments
The refactoring of fill_random had left some obsolete bits in comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
009d195a56 Move mbedtls_mpi_core_fill_random to the proper .c file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Janos Follath
8904a2db29 mpi_core_ct_uint_table_lookup: style and docs
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-31 16:51:56 +00:00
Janos Follath
e50f2f1a8e Add mbedtls_mpi_core_ct_uint_table_lookup
This will be needed for extracting modular exponentiation from the
prototype. The function signature is kept aligned to the prototype, but
the implementation is new. (The implementation of this function in the
prototype has further optimisations which are out of scope for now.)

The function is not reused in the bignum counterpart as it will become
redundant soon.

This function is meant to be static, but doesn't have the qualifier as
it is not used yet and would cause compiler warnings. The
MBEDTLS_STATIC_TESTABLE macro will be added in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-31 11:32:55 +00:00
Gilles Peskine
9603daddaa
Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add
Bignum: extract core_add from the prototype
2022-10-27 11:25:27 +02:00
Tom Cosgrove
af7d44b4d2 Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Hanno Becker
c98871339d Extract MPI_CORE(add) from the prototype
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Minos Galanakis
a081c51cd3 Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
51d638baf6 bignum_core: Style update
'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const
keyword to match the style of the rest of the module.

Documentation is also updated to remove
`MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
ae4fb671b4 mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
4f43f61c6a Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Hanno Becker
ec440f2397 bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:08:08 +01:00
Gilles Peskine
c279b2fa4a Move mbedtls_mpi_core_shift_r to the proper source file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-20 11:40:15 +02:00
Gilles Peskine
db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum
Bignum: Add safe conditional assign and swap for the new MPI types
2022-10-19 15:51:19 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Gabor Mezei
e9c013c222
Handle if parameters are alised
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:26:57 +02:00
Gabor Mezei
e5b8585f1e
Follow parameter naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:54:02 +02:00
Gabor Mezei
1c628d5700
Follow parameter naming comvention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
3eff425b1a
Use only one limb parameter for assign
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
cfc0eb8d22
Remove unused parameter
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
9f6615f146
Remove argument checking from constant time functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
e1d31c4aad
Add conditional swap and assign function for MPI core
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:33:30 +02:00
Tom Cosgrove
4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 14:40:21 +01:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Tom Cosgrove
3bd7bc3add Use X rather than A for accumulator-style input (and output!) params, and rename others accordingly
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:55:07 +01:00
Tom Cosgrove
b7438d1f62 Update name of mbedtls_mpi_montg_init()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:05:59 +01:00
Tom Cosgrove
2701deaa4b Use mbedtls_ct_mpi_uint_mask() rather than rolling our own
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:00:07 +01:00
Tom Cosgrove
67c9247ed9 Move the T++ in mbedtls_mpi_core_montmul() to within the loop body
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-02 13:28:59 +01:00
Tom Cosgrove
f0b2231fcd Update comments at the end of montmul following Gilles' feedback
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-31 17:57:34 +01:00
Tom Cosgrove
9354990a54 Don't use multiplication by condition in even a semi-constant time function
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-31 17:15:02 +01:00
Tom Cosgrove
f0c8a8cf44 One statement per line
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-30 15:15:02 +01:00
Tom Cosgrove
5dd97e60d5 Update comments following code review
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-30 14:31:49 +01:00
Tom Cosgrove
b496486cdc Reorder functions in bignum_core.[ch]
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-30 11:57:22 +01:00
Tom Cosgrove
72594633a1 Apply the function parameter naming convention
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-24 11:51:58 +01:00
Tom Cosgrove
f0ffb1585a Have mbedtls_mpi_montg_init() take the modulus, rather than just its least significant limb
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-24 11:17:15 +01:00
Tom Cosgrove
958fd3dc0c Remove bignum_new.c, moving contents to bignum_core.c
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-24 11:08:51 +01:00
Janos Follath
2e328c8591 Remove confusing const qualifier
Since a is not a pointer, it is passed by value and declaring it const
doesn’t make any sense and on the first read can make me miss the fact
that a is not a pointer.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 11:19:10 +01:00
Janos Follath
c459641ad1 Bignum: add missing limb qualifiers
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 10:04:52 +01:00
Janos Follath
af3f39c01c Fix typos
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <Werner.Lewis@arm.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:08:04 +01:00
Janos Follath
a95f204cd3 Improve documentation
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com>
Co-authored-by: Minos Galanakis <minos.galanakis@arm.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
ca5688e10c Improve coding style
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
b7a88eca42 Bignum: Apply naming conventions
Numbers:

- A, B for mbedtls_mpi_uint* operands
- a, b for mbedtls_mpi_uint operands
- X or x for result
- HAC references where applicable

Lengths:

- Reserve size or length for length/size in bytes or byte buffers.
- For length of mbedtls_mpi_uint* buffers use limbs
- Length parameters are qualified if possible (eg. input_length or
  a_limbs)

Setup functions:

- The parameters match the corresponding structure member's name
- The structure to set up is a standard lower case name even if in other
  functions different naming conventions would apply

Scope of changes/conventions:

- bignum_core
- bignum_mod
- bignum_mod_raw

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
6b8a4ad0d8 Bignum: update const qualifiers
While at it, mark parameters based on their role.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
cc93908b88 Bignum: Declare loop variable in loop head
In the new bignum files (bignum_core.c, bignum_mod_raw.c and
bignum_mod.c) the loop variables are declared in the loop head wherever
this change is beneficial.

There are loops where the loop variable is used after the end of the
loop (this might not be good practice, but that is out of scope for this
commit) and others where there are several loop variables and declaring
them there would hurt readability.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 12:08:49 +01:00
Janos Follath
620c58ced9 Bignum: make const placement consistent
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:58:42 +01:00
Gabor Mezei
c414ba3fc0
Simplify code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 17:59:53 +02:00
Gabor Mezei
5a5c0c5f0a
Move the declaration of variables to their scope of usage
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:40:09 +02:00
Gabor Mezei
89e31460db
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:36:56 +02:00
Gabor Mezei
5f56df44f0
Remove redundant check
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:41:54 +02:00
Gabor Mezei
bf9da1dfb1
Do not read if output pointer is NULL
Skip reading if output pointer is NULL even if the length of the input buffer is 0.
The memory sanitizer will mark this as an error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:11:56 +02:00
Janos Follath
a30b4e5692 Bignum: remove duplicate documentation from source
These functions have full documentation in the header. Maintaing two
copies does not worth the effort and having an out of sync reduced
duplicate is not helpful.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:15:18 +01:00
Janos Follath
2ab2d3e3e9 Inline mpi_core_clear()
This used to resize MPIs in the legacy interface, which is not
needed/possible as the new interface has fixed size MPIs.

Inlining this function makes the code easier to read and maintain, while
there is no obvious drawback to it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 16:16:49 +01:00
Janos Follath
56a10f97ba Bignum: remove unnecessary NULL pointer checks
A null pointer dereference, or null pointer plus small offset, is a
clean runtime error in most environments. So it's not particularly
useful to protect against this.

While at it make a null pointer check that is actually necessary more
robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 15:19:00 +01:00
Janos Follath
d0895708e2 Bignum: move internal constants to headers
Now that the check_names script allows it, we can do so.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 13:32:16 +01:00
Janos Follath
c47c0569d4 Remove VALIDATE macros from bignum_core.c
They are deprecated and are declared to be empty anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:54:43 +01:00
Janos Follath
3ca0775e59 Bignum: extract bignum_core.h functions
Extract functions declared in bignum_core.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 11:45:47 +01:00