yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21909 commits 1 branch 0 tags 94 MiB
Commit graph

70 commits

Author SHA1 Message Date
Gilles Peskine
9603daddaa
Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add 
Bignum: extract core_add from the prototype
 2022-10-27 11:25:27 +02:00
Tom Cosgrove
82f131063a Update documentation following review comment 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Tom Cosgrove
af7d44b4d2 Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Hanno Becker
c98871339d Extract MPI_CORE(add) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Minos Galanakis
a081c51cd3 Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis
51d638baf6 bignum_core: Style update 
'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const
keyword to match the style of the rest of the module.

Documentation is also updated to remove
`MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis
ae4fb671b4 mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis
b85506e250 bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:23 +01:00
Minos Galanakis
4f43f61c6a Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:23 +01:00
Hanno Becker
ec440f2397 bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:08:08 +01:00
Gilles Peskine
abc6fbb8d7 Fix brief description 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-21 18:36:31 +02:00
Gilles Peskine
6641420951 Bignum core: Break shift_r function out of the classic shift_r 
This commit contains the function prototype for mbedtls_mpi_core_shift_r,
and the implementation minimally modified from mbedtls_mpi_shift_r.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-20 11:40:15 +02:00
Gilles Peskine
4281ae0bd2
Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions 
Spell out bignum core conventions
 2022-10-19 15:53:33 +02:00
Gilles Peskine
dcd1717f5f Forbid aliasing outputs 
Aliasing between two outputs is hardly ever useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-14 17:15:21 +02:00
Gabor Mezei
4086de667d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-10-14 16:29:42 +02:00
Gilles Peskine
01af3ddc82 Fixed confusion between number size and limb size; define limb 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 16:23:29 +02:00
Gilles Peskine
2926484de1 Describe generic conventions for the bignum core module 
This commit codifies some conventions that result from the original design
goals and others that have emerged after starting the implementation.

* Value ranges
* Bignum parameter naming and ordering
* Sizes
* Aliasing and overlap
* Error handling

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 14:51:21 +02:00
Gilles Peskine
7aab2fbe41 Add a short description of what each module does 
There was already a short introduction to _who_ should use each module, but
not to _what_ each module does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 14:50:17 +02:00
Gilles Peskine
7f887bdc05 Move license out of Doxygen comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 14:50:17 +02:00
Gabor Mezei
dba2677597
Update documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-10-03 17:01:02 +02:00
Gabor Mezei
86dfe384c2
Fix documentation tags to be lower case 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 14:03:04 +02:00
Gabor Mezei
e5b8585f1e
Follow parameter naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:54:02 +02:00
Gabor Mezei
1c628d5700
Follow parameter naming comvention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
3eff425b1a
Use only one limb parameter for assign 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
2b5bf4cec7
Fix doumentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
f4dd3b6a6d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
cfc0eb8d22
Remove unused parameter 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:39 +02:00
Gabor Mezei
9f6615f146
Remove argument checking from constant time functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:39 +02:00
Gabor Mezei
e1d31c4aad
Add conditional swap and assign function for MPI core 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:33:30 +02:00
Tom Cosgrove
6da3a3b15f Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-29 17:20:18 +01:00
Tom Cosgrove
4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-29 14:40:21 +01:00
Tom Cosgrove
4782823ec3 Ensure we explicitly document the modulus for fixed-width arithmetic 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-20 13:51:50 +01:00
Tom Cosgrove
b0b77e1b13 Document and test aliasing of the bignums given to mbedtls_mpi_core_mla() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-20 13:33:40 +01:00
Tom Cosgrove
ea45c1d2d4 Document and test aliasing of output for mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-20 13:17:51 +01:00
Tom Cosgrove
3bd7bc3add Use X rather than A for accumulator-style input (and output!) params, and rename others accordingly 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:55:07 +01:00
Tom Cosgrove
5c0e8104bc Prefer 'fixed-size' to 'known-size' in doc comments 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:46:10 +01:00
Tom Cosgrove
b7438d1f62 Update name of mbedtls_mpi_montg_init() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:05:59 +01:00
Tom Cosgrove
818d992cc7 Note that T must not overlap other parameters of mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:58:10 +01:00
Tom Cosgrove
5eefc3db3f Move macros to come before function declarations 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:16:50 +01:00
Tom Cosgrove
630110ab23 Fix documentation where ciL should be biL 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:04 +01:00
Tom Cosgrove
ed43c6caeb In add_if(), B MAY be aliased to A. Also update another comment for consistency. 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:04 +01:00
Tom Cosgrove
5dd97e60d5 Update comments following code review 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-30 14:31:49 +01:00
Tom Cosgrove
b496486cdc Reorder functions in bignum_core.[ch] 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-30 11:57:22 +01:00
Tom Cosgrove
d932de8857 Remove incorrect constant-time claim from doc for mbedtls_mpi_core_add_if() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-25 16:43:43 +01:00
Tom Cosgrove
ecbb124292 Fix incorrect parameter name in mbedtls_mpi_core_add_if() doc comment 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-25 10:13:44 +01:00
Tom Cosgrove
72594633a1 Apply the function parameter naming convention 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-24 11:51:58 +01:00
Tom Cosgrove
f0ffb1585a Have mbedtls_mpi_montg_init() take the modulus, rather than just its least significant limb 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-24 11:17:15 +01:00
Tom Cosgrove
9384284530 Use mbedtls_mpi_core_montmul() in mpi_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-23 16:29:32 +01:00
Tom Cosgrove
f334d9622b Add unit tests for bignum_new.c:mbedtls_mpi_core_montmul() 
These tests are also used to test the existing mpi_montmul() function (which
too is renamed with mbedtls_ prefix). Some of these are replays of captured
invocations during unit test runs. Others are generated.  They use a mixture
of primes and odd numbers for N, with four randomly-generated cases for each N.

The lines in the .data file were generated by the following script

```
    #!/usr/bin/env perl
    #
    # mpi-test-core-montmul.pl - generate MPI tests in Perl for mbedtls_mpi_core_montmul()
    #
    use strict;
    use warnings;
    use Math::BigInt;
    use sort 'stable';

    generate_tests();

    sub generate_tests {
        generate_mbedtls_mpi_core_montmul();
    }

    # XXX mbedtls_mpi_grow() and mbedtls_mpi_shrink() work in little-endian manner

    # \brief Montgomery multiplication: X = A * B * R^-1 mod N  (HAC 14.36)
    #
    # \param[out]     X      The destination MPI, as a big endian array of length \p n.
    #                        On successful completion, X contains the result of
    #                        the multiplication A * B * R^-1 mod N where
    #                        R = (2^ciL)^n.
    # \param[in]      A      Big endian presentation of first operand.
    #                        Must have exactly \p n limbs.
    # \param[in]      B      Big endian presentation of second operand.
    # \param[in]      B_len  The number of limbs in \p B.
    # \param[in]      N      Big endian presentation of the modulus.
    #                        This must be odd and have exactly \p n limbs.
    # \param[in]      n      The number of limbs in \p X, \p A, \p N.
    # \param          mm     The Montgomery constant for \p N: -N^-1 mod 2^ciL.
    #                        This can be calculated by `mbedtls_mpi_montg_init()`.
    # \param[in,out]  T      Temporary storage of size at least 2*n+1 limbs.
    #                        Its initial content is unused and
    #                        its final content is indeterminate.
    #
    # void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
    #                                const mbedtls_mpi_uint *A,
    #                                const mbedtls_mpi_uint *B, size_t B_len,
    #                                const mbedtls_mpi_uint *N, size_t n,
    #                                mbedtls_mpi_uint mm, mbedtls_mpi_uint *T );

    sub generate_mbedtls_mpi_core_montmul {

        my $sub_name = (caller(0))[3];      # e.g. main::generate_mbedtls_mpi_sub_mpi
        my ($ignore, $test_name) = split("main::generate_", $sub_name);

        my @cases = ();

        my @replay = (
            # [ limbsAN_4, limbsB_4, limbsAN_8, limbsB_8, hexA, hexB, hexN, hexExpected ]
            [ 2, 1, 1, 1, "19", "1", "1D", "18" ],
            [ 2, 1, 1, 1, "7", "1", "9", "1" ],
            [ 2, 1, 1, 1, "4", "1", "9", "7" ],
            #montmul:
            #A.n = 3
            #A.p = FFFE000000008004
            #      0000000000007FFC
            #      0000000000000000
            #B.n = 1
            #B.p = 0000000000000001
            #N.n = 3
            #N.p = 0000000000000001
            #      0000000000008000
            #      0000000000000000
            #mm = FFFFFFFFFFFFFFFF
            #res.n = 3
            #res.p = EFFF9FFF3FFF8001
            #        0000000000007FFF
            #        0000000000000000
            #[ "MBEDTLS_HAVE_INT32", 3, 1, 3, "7FFCFFFE000000008004", "1", "80000000000000000001", "2000C001800100000000" ],
            #[ "MBEDTLS_HAVE_INT64", 3, 1, 3, "7FFCFFFE000000008004", "1", "80000000000000000001", "7FFFEFFF9FFF3FFF8001" ],

            [ 12, 1, 6, 1, "3C246D0E059A93A266288A7718419EC741661B474C58C032C5EDAF92709402B07CC8C7CE0B781C641A1EA8DB2F4343", "1", "66A198186C18C10B2F5ED9B522752A9830B69916E535C8F047518A889A43A594B6BED27A168D31D4A52F88925AA8F5", "36E139AEA55215609D2816998ED020BBBD96C37890F65171D948E9BC7CBAA4D9325D24D6A3C12710F10A09FA08AB87" ],

            #A.n = 5
            #A.p = 340E918CE03C6211
            #      9888165CB75BFA1F
            #      FCCE74B999E470CA
            #      1E442976B0E63D64
            #      0000000000000000
            #B.n = 1
            #B.p = 0000000000000001
            #N.n = 4
            #N.p = 8054B3D124D0E561
            #      92A338655DCE4CA8
            #      E28581ECD892E0F5
            #      B3A119602EE213CD
            #mm = E41CFB909805815F
            #res.n = 5
            #res.p = 0E65383B59F8CA5B
            #        B103B17A2EEF84E6
            #        F23BC08FD0801C55
            #        38EB7749F4A5DA80
            #        0000000000000000
            [ 8, 1, 4, 1, "1E442976B0E63D64FCCE74B999E470CA9888165CB75BFA1F340E918CE03C6211", "1", "B3A119602EE213CDE28581ECD892E0F592A338655DCE4CA88054B3D124D0E561", "38EB7749F4A5DA80F23BC08FD0801C55B103B17A2EEF84E60E65383B59F8CA5B" ],

            #A.n = 12
            #A.p = 542306BCA7A2366E
            #      D2780B2B4968F8D8
            #      CBDFC696104353E4
            #      7776839B0AC9DB23
            #      B7E125BE407E7415
            #      D711917FD7537E13
            #      82392870D6D08F87
            #      D83ED5FA38560FFB
            #      9994B0FED1D2A8D3
            #      63C65413F57249F5
            #      007CF5AC97304E0B
            #      0000000000000000
            #B.n = 1
            #B.p = 0000000000000001
            #N.n = 11
            #N.p = E1AD22CEB7BA0123
            #      32B2A6AA42ADA923
            #      C56C62082912B661
            #      C6F0EAD752500A32
            #      DBC8D651793E93C9
            #      0B2F60D99CC1950C
            #      5B4CDCB5734C58F9
            #      09D3CB5BC5585472
            #      9A2C2BE12ED487A8
            #      BE09A8111926AAA3
            #      0284139EA19C139E
            #mm = C02E2164B293C975
            #res.n = 12
            #res.p = F6B14471839D8D31
            #        FF843ED3B17C44D7
            #        1C3D52C7CB9E0BA6
            #        82F3590C866BF9F8
            #        49C371DB2A4FB164
            #        964ECA2527A031ED
            #        FAACEC6982E0E5BE
            #        1F70C4CB2426AEE1
            #        2C92B02886267AB4
            #        0630B14113BEAD74
            #        01E4426A3D6C425F
            #        0000000000000000
            [ 22, 1, 11, 1, "7CF5AC97304E0B63C65413F57249F59994B0FED1D2A8D3D83ED5FA38560FFB82392870D6D08F87D711917FD7537E13B7E125BE407E74157776839B0AC9DB23CBDFC696104353E4D2780B2B4968F8D8542306BCA7A2366E", "1", "284139EA19C139EBE09A8111926AAA39A2C2BE12ED487A809D3CB5BC55854725B4CDCB5734C58F90B2F60D99CC1950CDBC8D651793E93C9C6F0EAD752500A32C56C62082912B66132B2A6AA42ADA923E1AD22CEB7BA0123", "1E4426A3D6C425F0630B14113BEAD742C92B02886267AB41F70C4CB2426AEE1FAACEC6982E0E5BE964ECA2527A031ED49C371DB2A4FB16482F3590C866BF9F81C3D52C7CB9E0BA6FF843ED3B17C44D7F6B14471839D8D31" ],
        );

        for my $c (@replay) {
            # For all of these, la4 = 2 * la8, so $xh4 == $xh8 (so we just have $xh)
            my ($la4, $lb4, $la8, $lb8, $ah, $bh, $nh, $xh) = @$c;    # limbs(A), limbs(B), limbs(N), (A, B, N, expected) hex

            my $a = Math::BigInt->from_hex($ah);
            my $b = Math::BigInt->from_hex($bh);
            my $n = Math::BigInt->from_hex($nh);

            my $desc = "$test_name #NUMBER (replay)";
            # mbedtls_mpi_core_montmul:mpiSize:limbs(A,N):limbs(B):<A>:<B>:<N>:<expected4>:<expected8>
            # (just repeat $xh, as la4 = 2 * la8, so $xh4 == $xh8)
            my $case = output($test_name, $la4, $lb4, $la8, $lb8, str($ah), str($bh), str($nh), str($xh), str($xh));

            push(@cases, [$case, $desc]);
        }

        # see mpi-modmul-gen.pl for the source of these test cases

        my @generate = (
            # [ hexN, hexA, hexB, info ]
            [ "3", "2", "2", "" ],
            [ "3", "1", "2", "" ],
            [ "3", "2", "1", "" ],
            [ "7", "6", "5", "" ],
            [ "7", "3", "4", "" ],
            [ "7", "1", "6", "" ],
            [ "7", "5", "6", "" ],
            [ "B", "3", "4", "" ],
            [ "B", "7", "4", "" ],
            [ "B", "9", "7", "" ],
            [ "B", "2", "a", "" ],
            [ "29", "25", "16", "(0x29 is prime)" ],
            [ "29", "8", "28", "" ],
            [ "29", "18", "21", "" ],
            [ "29", "15", "f", "" ],
            [ "FF", "e2", "ea", "" ],
            [ "FF", "43", "72", "" ],
            [ "FF", "d8", "70", "" ],
            [ "FF", "3c", "7c", "" ],
            [ "101", "99", "b9", "(0x101 is prime)" ],
            [ "101", "65", "b2", "" ],
            [ "101", "81", "32", "" ],
            [ "101", "51", "dd", "" ],
            [ "38B", "d5", "143", "(0x38B is prime)" ],
            [ "38B", "3d", "387", "" ],
            [ "38B", "160", "2e5", "" ],
            [ "38B", "10f", "137", "" ],
            [ "8003", "7dac", "25a", "(0x8003 is prime)" ],
            [ "8003", "6f1c", "3286", "" ],
            [ "8003", "59ed", "2f3f", "" ],
            [ "8003", "6893", "736d", "" ],
            [ "10001", "d199", "2832", "(0x10001 is prime)" ],
            [ "10001", "c3b2", "3e5b", "" ],
            [ "10001", "abe4", "214e", "" ],
            [ "10001", "4360", "a05d", "" ],
            [ "7F7F7", "3f5a1", "165b2", "" ],
            [ "7F7F7", "3bd29", "37863", "" ],
            [ "7F7F7", "60c47", "64819", "" ],
            [ "7F7F7", "16584", "12c49", "" ],
            [ "800009", "1ff03f", "610347", "(0x800009 is prime)" ],
            [ "800009", "340fd5", "19812e", "" ],
            [ "800009", "3fe2e8", "4d0dc7", "" ],
            [ "800009", "40356", "e6392", "" ],
            [ "100002B", "dd8a1d", "266c0e", "(0x100002B is prime)" ],
            [ "100002B", "3fa1cb", "847fd6", "" ],
            [ "100002B", "5f439d", "5c3196", "" ],
            [ "100002B", "18d645", "f72dc6", "" ],
            [ "37EEE9D", "20051ad", "37def6e", "(0x37EEE9D is prime)" ],
            [ "37EEE9D", "2ec140b", "3580dbf", "" ],
            [ "37EEE9D", "1d91b46", "190d4fc", "" ],
            [ "37EEE9D", "34e488d", "1224d24", "" ],
            [ "8000000B", "2a4fe2cb", "263466a9", "(0x8000000B is prime)" ],
            [ "8000000B", "5643fe94", "29a1aefa", "" ],
            [ "8000000B", "29633513", "7b007ac4", "" ],
            [ "8000000B", "2439cef5", "5c9d5a47", "" ],
            [ "8CD626B9", "4de3cfaa", "50dea178", "(0x8CD626B9 is prime)" ],
            [ "8CD626B9", "b8b8563", "10dbbbac", "" ],
            [ "8CD626B9", "4e8a6151", "5574ec19", "" ],
            [ "8CD626B9", "69224878", "309cfc23", "" ],
            [ "10000000F", "fb6f7fb6", "afb05423", "(0x10000000F is prime)" ],
            [ "10000000F", "8391a243", "26034dcd", "" ],
            [ "10000000F", "d26b98c", "14b2d6aa", "" ],
            [ "10000000F", "6b9f1371", "a21daf1d", "" ],
            [ "174876E7E9", "9f49435ad", "c8264ade8", "0x174876E7E9 is prime (dec) 99999999977" ],
            [ "174876E7E9", "c402da434", "1fb427acf", "" ],
            [ "174876E7E9", "f6ebc2bb1", "1096d39f2a", "" ],
            [ "174876E7E9", "153b7f7b6b", "878fda8ff", "" ],
            [ "8000000017", "2c1adbb8d6", "4384d2d3c6", "(0x8000000017 is prime)" ],
            [ "8000000017", "2e4f9cf5fb", "794f3443d9", "" ],
            [ "8000000017", "149e495582", "3802b8f7b7", "" ],
            [ "8000000017", "7b9d49df82", "69c68a442a", "" ],
            [ "864CB9076D", "683a134600", "6dd80ea9f6", "(0x864CB9076D is prime)" ],
            [ "864CB9076D", "13a870ff0d", "59b099694a", "" ],
            [ "864CB9076D", "37d06b0e63", "4d2147e46f", "" ],
            [ "864CB9076D", "661714f8f4", "22e55df507", "" ],
            [ "F7F7F7F7F7", "2f0a96363", "52693307b4", "" ],
            [ "F7F7F7F7F7", "3c85078e64", "f2275ecb6d", "" ],
            [ "F7F7F7F7F7", "352dae68d1", "707775b4c6", "" ],
            [ "F7F7F7F7F7", "37ae0f3e0b", "912113040f", "" ],
            [ "1000000000F", "6dada15e31", "f58ed9eff7", "(0x1000000000F is prime)" ],
            [ "1000000000F", "69627a7c89", "cfb5ebd13d", "" ],
            [ "1000000000F", "a5e1ad239b", "afc030c731", "" ],
            [ "1000000000F", "f1cc45f4c5", "c64ad607c8", "" ],
            [ "800000000005", "2ebad87d2e31", "4c72d90bca78", "(0x800000000005 is prime)" ],
            [ "800000000005", "a30b3cc50d", "29ac4fe59490", "" ],
            [ "800000000005", "33674e9647b4", "5ec7ee7e72d3", "" ],
            [ "800000000005", "3d956f474f61", "74070040257d", "" ],
            [ "800795D9BA47", "48348e3717d6", "43fcb4399571", "(0x800795D9BA47 is prime)" ],
            [ "800795D9BA47", "5234c03cc99b", "2f3cccb87803", "" ],
            [ "800795D9BA47", "3ed13db194ab", "44b8f4ba7030", "" ],
            [ "800795D9BA47", "1c11e843bfdb", "95bd1b47b08", "" ],
            [ "1000000000015", "a81d11cb81fd", "1e5753a3f33d", "(0x1000000000015 is prime)" ],
            [ "1000000000015", "688c4db99232", "36fc0cf7ed", "" ],
            [ "1000000000015", "f0720cc07e07", "fc76140ed903", "" ],
            [ "1000000000015", "2ec61f8d17d1", "d270c85e36d2", "" ],
            [ "100000000000051", "6a24cd3ab63820", "ed4aad55e5e348", "(0x100000000000051 is prime)" ],
            [ "100000000000051", "e680c160d3b248", "31e0d8840ed510", "" ],
            [ "100000000000051", "a80637e9aebc38", "bb81decc4e1738", "" ],
            [ "100000000000051", "9afa5a59e9d630", "be9e65a6d42938", "" ],
            [ "ABCDEF0123456789", "ab5e104eeb71c000", "2cffbd639e9fea00", "" ],
            [ "ABCDEF0123456789", "197b867547f68a00", "44b796cf94654800", "" ],
            [ "ABCDEF0123456789", "329f9483a04f2c00", "9892f76961d0f000", "" ],
            [ "ABCDEF0123456789", "4a2e12dfb4545000", "1aa3e89a69794500", "" ],
            [ "25A55A46E5DA99C71C7", "8b9acdf013d140f000", "12e4ceaefabdf2b2f00", "0x25A55A46E5DA99C71C7 is the 3rd repunit prime (dec) 11111111111111111111111" ],
            [ "25A55A46E5DA99C71C7", "1b8d960ea277e3f5500", "14418aa980e37dd000", "" ],
            [ "25A55A46E5DA99C71C7", "7314524977e8075980", "8172fa45618ccd0d80", "" ],
            [ "25A55A46E5DA99C71C7", "ca14f031769be63580", "147a2f3cf2964ca9400", "" ],
            [ "314DC643FB763F2B8C0E2DE00879", "18532ba119d5cd0cf39735c0000", "25f9838e31634844924733000000", "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3" ],
            [ "314DC643FB763F2B8C0E2DE00879", "a56e2d2517519e3970e70c40000", "ec27428d4bb380458588fa80000", "" ],
            [ "314DC643FB763F2B8C0E2DE00879", "1cb5e8257710e8653fff33a00000", "15fdd42fe440fd3a1d121380000", "" ],
            [ "314DC643FB763F2B8C0E2DE00879", "e50d07a65fc6f93e538ce040000", "1f4b059ca609f3ce597f61240000", "" ],
            [ "47BF19662275FA2F6845C74942ED1D852E521", "1ea3ade786a095d978d387f30df9f20000000", "127c448575f04af5a367a7be06c7da0000000", "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4" ],
            [ "47BF19662275FA2F6845C74942ED1D852E521", "16e15b0ca82764e72e38357b1f10a20000000", "43e2355d8514bbe22b0838fdc3983a0000000", "" ],
            [ "47BF19662275FA2F6845C74942ED1D852E521", "be39332529d93f25c3d116c004c620000000", "5cccec42370a0a2c89c6772da801a0000000", "" ],
            [ "47BF19662275FA2F6845C74942ED1D852E521", "ecaa468d90de0eeda474d39b3e1fc0000000", "1e714554018de6dc0fe576bfd3b5660000000", "" ],
            [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "32298816711c5dce46f9ba06e775c4bedfc770e6700000000000000", "8ee751fd5fb24f0b4a653cb3a0c8b7d9e724574d168000000000000", "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 is (dec) 99999999977^6" ],
            [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "29213b9df3cfd15f4b428645b67b677c29d1378d810000000000000", "6cbb732c65e10a28872394dfdd1936d5171c3c3aac0000000000000", "" ],
            [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "6f18db06ad4abc52c0c50643dd13098abccd4a232f0000000000000", "7e6bf41f2a86098ad51f98dfc10490ba3e8081bc830000000000000", "" ],
            [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "62d3286cd706ad9d73caff63f1722775d7e8c731208000000000000", "530f7ba02ae2b04c2fe3e3d27ec095925631a6c2528000000000000", "" ],
            [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "a6c6503e3c031fdbf6009a89ed60582b7233c5a85de28b16000000000000000", "75c8ed18270b583f16d442a467d32bf95c5e491e9b8523798000000000000000", "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 is (dec) 99999999977^7" ],
            [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "bf84d1f85cf6b51e04d2c8f4ffd03532d852053cf99b387d4000000000000000", "397ba5a743c349f4f28bc583ecd5f06e0a25f9c6d98f09134000000000000000", "" ],
            [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "6db11c3a4152ed1a2aa6fa34b0903ec82ea1b88908dcb482000000000000000", "ac8ac576a74ad6ca48f201bf89f77350ce86e821358d85920000000000000000", "" ],
            [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "3001d96d7fe8b733f33687646fc3017e3ac417eb32e0ec708000000000000000", "925ddbdac4174e8321a48a32f79640e8cf7ec6f46ea235a80000000000000000", "" ],
            [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "1029048755f2e60dd98c8de6d9989226b6bb4f0db8e46bd1939de560000000000000000000", "51bb7270b2e25cec0301a03e8275213bb6c2f6e6ec93d4d46d36ca0000000000000000000", "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 is 99999999977^8" ],
            [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "1c5337ff982b3ad6611257dbff5bbd7a9920ba2d4f5838a0cc681ce000000000000000000", "520c5d049ca4702031ba728591b665c4d4ccd3b2b86864d4c160fd2000000000000000000", "" ],
            [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "57074dfa00e42f6555bae624b7f0209f218adf57f73ed34ab0ff90c000000000000000000", "41eb14b6c07bfd3d1fe4f4a610c17cc44fcfcda695db040e011065000000000000000000", "" ],
            [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "d8ed7feed2fe855e6997ad6397f776158573d425031bf085a615784000000000000000000", "6f121dcd18c578ab5e229881006007bb6d319b179f11015fe958b9c000000000000000000", "" ],
            [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "2a462b156180ea5fe550d3758c764e06fae54e626b5f503265a09df76edbdfbfa1e6000000000000000000000000", "1136f41d1879fd4fb9e49e0943a46b6704d77c068ee237c3121f9071cfd3e6a00315800000000000000000000000", "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10" ],
            [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "c1ac3800dfb3c6954dea391d206200cf3c47f795bf4a5603b4cb88ae7e574de4740800000000000000000000000", "c0d16eda0549ede42fa0deb4635f7b7ce061fadea02ee4d85cba4c4f7096034193c800000000000000000000000", "" ],
            [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "19e45bb7633094d272588ad2e43bcb3ee341991c6731b6fa9d47c4018d7ce7bba5ee800000000000000000000000", "1e4f83166ae59f6b9cc8fd3e7677ed8bfc01bb99c98bd3eb084246b64c1e18c3365b800000000000000000000000", "" ],
            [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "1aa93395fad5f9b7f20b8f9028a054c0bb7c11bb8520e6a95e5a34f06cb70bcdd01a800000000000000000000000", "54b45afa5d4310192f8d224634242dd7dcfb342318df3d9bd37b4c614788ba13b8b000000000000000000000000", "" ],
            [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "544f2628a28cfb5ce0a1b7180ee66b49716f1d9476c466c57f0c4b2308991784306d48f78686115ee19e25400000000000000000000000000000000", "677eb31ef8d66c120fa872a60cd47f6e10cbfdf94f90501bd7883cba03d185be0a0148d1625745e9c4c827300000000000000000000000000000000", "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime, (dec) 10^143 + 3^4" ],
            [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "76bb3470985174915e9993522aec989666908f9e8cf5cb9f037bf4aee33d8865cb6464174795d07e30015b80000000000000000000000000000000", "6aaaf60d5784dcef612d133613b179a317532ecca0eed40b8ad0c01e6d4a6d8c79a52af190abd51739009a900000000000000000000000000000000", "" ],
            [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "6cfdd6e60912e441d2d1fc88f421b533f0103a5322ccd3f4db84861643ad63fd63d1d8cfbc1d498162786ba00000000000000000000000000000000", "1177246ec5e93814816465e7f8f248b350d954439d35b2b5d75d917218e7fd5fb4c2f6d0667f9467fdcf33400000000000000000000000000000000", "" ],
            [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "7a09a0b0f8bbf8057116fb0277a9bdf3a91b5eaa8830d448081510d8973888be5a9f0ad04facb69aa3715f00000000000000000000000000000000", "764dec6c05a1c0d87b649efa5fd94c91ea28bffb4725d4ab4b33f1a3e8e3b314d799020e244a835a145ec9800000000000000000000000000000000", "" ],
        );

        my %described = ();

        for my $g (@generate) {
            my ($nh, $ah, $bh, $info) = @$g;
            my $a = Math::BigInt->from_hex($ah);
            my $b = Math::BigInt->from_hex($bh);
            my $n = Math::BigInt->from_hex($nh);

            my $ln4 = mpi4s($n);
            my $la4 = mpi4s($a);
            my $lb4 = mpi4s($b);

            my $ln8 = mpi8s($n);
            my $la8 = mpi8s($a);
            my $lb8 = mpi8s($b);

            my $r4 = bound_mpi4($n->copy());
            my $i4 = $r4->copy()->bmodinv($n);
            my $x4 = $a * $b * $i4;
            $x4->bmod($n);
            my $xh4 = Math::BigInt->new($x4)->to_hex();

            my $r8 = bound_mpi8($n->copy());
            my $i8 = $r8->copy()->bmodinv($n);
            my $x8 = $a * $b * $i8;
            $x8->bmod($n);
            my $xh8 = Math::BigInt->new($x8)->to_hex();

            die("") if $la4 > $ln4 || $la8 > $ln8;

            my $desc = "$test_name #NUMBER (gen)";
            if ($ln4 > 1) {
                if (!$described{"2-MPI4"}) {
                    $desc .= " (start of 2-MPI 4-byte bignums)";
                    $described{"2-MPI4"} = 1;
                }
            }
            if ($ln8 > 1) {
                if (!$described{"2-MPI8"}) {
                    $desc .= " (start of 2-MPI 8-byte bignums)";
                    $described{"2-MPI8"} = 1;
                }
            }
            if (length($info) && !$described{$info}) {
                $desc .= " " . $info;
                $described{$info} = 1;
            }
            my $case = output($test_name, $ln4, $lb4, $ln8, $lb8, str($ah), str($bh), str($nh), str($xh4), str($xh8));

            #push(@cases, [$case, $desc, "MBEDTLS_HAVE_INT64"]);    -- now doing it differently
            push(@cases, [$case, $desc]);
        }

        output_cases("", @cases);
    }

    sub output_cases {

        my ($explain, @cases) = @_;

        my $count = 1;
        for my $c (@cases) {

            my ($case, $desc, $dep) = @$c;
            $desc =~ s/NUMBER/$count/; $count++;
            if (defined($explain) && $desc =~ /EXPLAIN/) {
                $desc =~ s/EXPLAIN/$explain/;
                $explain = "";
            }

            my $depends = "";
            $depends = "depends_on:$dep\n" if defined($dep) && length($dep);

            print <<EOF;

    $desc
    $depends$case
    EOF
        }
    }

    # The first number (a power of 2) that won't fit in the number of MPIs
    # needed for the given number
    sub bound_mpi4 {
        my $one = Math::BigInt->new(1);     # blsft modifies caller
        return $one->blsft(bits_mpi4($_[0]));
    }

    sub bound_mpi8 {
        my $one = Math::BigInt->new(1);     # blsft modifies caller
        return $one->blsft(bits_mpi8($_[0]));
    }

    # How many bits (a multiple of 32) needed to store the specified number
    # when using 4-byte MPIs
    sub bits_mpi4 {
        return 32 * mpi4s($_[0]);
    }

    # How many bits (a multiple of 64) needed to store the specified number
    # when using 8-byte MPIs
    sub bits_mpi8 {
        return 64 * mpi8s($_[0]);
    }

    # How many 4-byte MPIs needed to store the specified number
    sub mpi4s {
        my ($n) = @_;
        my $h = $n->to_hex();
        return int((length($h) + 7) / 8);
    }

    # How many 8-byte MPIs needed to store the specified number
    sub mpi8s {
        my ($n) = @_;
        my $h = $n->to_hex();
        return int((length($h) + 15) / 16);
    }

    sub output {
        #run_test(@_);

        return join(":", @_);
    }

    sub str {
        return '"' . $_[0] . '"';
    }
```

The data for the generated test cases (@generate) for mpi-test-core-montmul.pl
was created by

```
    #!/usr/bin/env perl
    #
    # mpi-modmul-gen.pl - randomly generate test cases for mpi-test-core-montmul.pl
    #
    use strict;
    use warnings;
    use Math::BigInt;
    use sort 'stable';

    my %seen = ();

    my @primes = (
        "3",
        "7",
        "B",
        "29",
        "101",
        "38B",
        "8003",
        "10001",
        "800009",
        "100002B",
        "37EEE9D",
        "8000000B",
        "8CD626B9",
        # From here they require > 1 4-byte MPI
        "10000000F",
        "174876E7E9",
        "8000000017",
        "864CB9076D",
        "1000000000F",
        "800000000005",
        "800795D9BA47",
        "1000000000015",
        "100000000000051",
        # From here they require > 1 8-byte MPI
        "25A55A46E5DA99C71C7",      # this is 11111111111111111111111 decimal
        # 10^143 + 3^4: (which is prime)
        # 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081
        "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051",
    );
    my %prime = map { $_ => 1 } @primes;

    my @moduli = (
        [ "3", "" ],
        [ "7", "" ],
        [ "B", "" ],
        [ "29", "" ],
        [ "FF", "" ],
        [ "101", "" ],
        [ "38B", "" ],
        [ "8003", "" ],
        [ "10001", "" ],
        [ "7F7F7", "" ],
        [ "800009", "" ],
        [ "100002B", "" ],
        [ "37EEE9D", "" ],
        [ "8000000B", "" ],
        [ "8CD626B9", "" ],
        [ "10000000F", "" ],
        [ "174876E7E9", "0x174876E7E9 is prime (dec) 99999999977" ],
        [ "8000000017", "" ],
        [ "864CB9076D", "" ],
        [ "F7F7F7F7F7", "" ],
        [ "1000000000F", "" ],
        [ "800000000005", "" ],
        [ "800795D9BA47", "" ],
        [ "1000000000015", "" ],
        [ "100000000000051", "" ],
        [ "ABCDEF0123456789", "" ],
        [ "25A55A46E5DA99C71C7", "0x25A55A46E5DA99C71C7 is the 3rd repunit prime (dec) 11111111111111111111111" ],
        [ "314DC643FB763F2B8C0E2DE00879", "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3" ],
        [ "47BF19662275FA2F6845C74942ED1D852E521", "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4" ],
        [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 is (dec) 99999999977^6" ],
        [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 is (dec) 99999999977^7" ],
        [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 is 99999999977^8" ],
        [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10" ],
        [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime, (dec) 10^143 + 3^4" ], # 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081
    );

    #99999999977^2:
    #ibase=16 ; obase=10 ; 174876E7E9*174876E7E9
    #99999999977^3:
    #ibase=16 ; obase=10 ; 174876E7E9*174876E7E9*174876E7E9
    #99999999977^2: 21E19E0C58BACE25211
    #99999999977^3: 314DC643FB763F2B8C0E2DE00879
    #99999999977^4: 47BF19662275FA2F6845C74942ED1D852E521
    #99999999977^5: 6867A5A664437D20ED7941408583AADA2193CE95695209
    #99999999977^6: 97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931
    #99999999977^7: DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499
    #99999999977^8: 141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41
    #99999999977^9: 1D42AEA1837AA78C6339224E9B39A483E4AAAF12CE7752E1EA1681082CBC8AB056A36B6299557D7A029
    #99999999977^10: 2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451

    my %mentioned = ();

    for my $mod (@moduli) {
        my ($nh, $info) = @$mod;
        my $n = Math::BigInt->from_hex($nh);

        my $xxx = $n->to_hex();
        die("$xxx != $nh") unless lc($xxx) eq lc($nh);

        my $cases = ($n < 5) ? 3 : 4;
        for (my $case = 0; $case < $cases; $case++) {
            my ($a, $b);
            for ($a = 0; $a == 0; ) {
                $a = int(rand($n));
            }
            for ($b = 0; $b == 0; ) {
                $b = int(rand($n));
            }

            my $cstr = "$a|$b|$n";
            if (exists($seen{$cstr})) {     # don't repeat ourselves
                $case--;
                next;
            }

            $seen{$cstr} = 1;

            my $ah = Math::BigInt->new($a)->to_hex();
            my $bh = Math::BigInt->new($b)->to_hex();

            my $desc = "";
            if (length($info)) {
                $desc = $info if !$mentioned{$info};
                $mentioned{$info} = 1;
            } elsif (length($nh) > 1 && $prime{$nh} && !$mentioned{$nh}) {
                $desc = "(0x$nh is prime)";
                $mentioned{$nh} = 1;
            }

            print <<EOF;
            [ "$nh", "$ah", "$bh", "$desc" ],
    EOF
        }
    }
```

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-23 16:29:00 +01:00
Tom Cosgrove
79b70f6394 Make a public version of mpi_montg_init() in bignum_new.c and add unit tests 
The unit tests were created by capturing runs of the existing function during
execution of existing unit tests.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-23 16:28:32 +01:00