eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #6731 from tom-cosgrove-arm/issue-6293-mod_exp

Browse source 
Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form
This commit is contained in:
Janos Follath 2022-12-07 08:31:49 +00:00 committed by GitHub
commit 1d26d976e8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

10
library/bignum_core.c
View file

@ -610,9 +610,9 @@ static void exp_mod_precompute_window( const mbedtls_mpi_uint *A,
Wtable[0] = 1;
mbedtls_mpi_core_montmul( Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp );
/* W[1] = A * R^2 * R^-1 mod N = A * R mod N */
/* W[1] = A (already in Montgomery presentation) */
mbedtls_mpi_uint *W1 = Wtable + AN_limbs;
mbedtls_mpi_core_montmul( W1, A, RR, AN_limbs, N, AN_limbs, mm, temp );
memcpy( W1, A, AN_limbs * ciL );
/* W[i+1] = W[i] * W[1], i >= 2 */
mbedtls_mpi_uint *Wprev = W1;
@ -625,6 +625,8 @@ static void exp_mod_precompute_window( const mbedtls_mpi_uint *A,
}
/* Exponentiation: X := A^E mod N.
*
* A must already be in Montgomery form.
*
* As in other bignum functions, assume that AN_limbs and E_limbs are nonzero.
*
@ -730,10 +732,6 @@ int mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
}
while( ! ( E_bit_index == 0 && E_limb_index == 0 ) );
/* Convert X back to normal presentation */
const mbedtls_mpi_uint one = 1;
mbedtls_mpi_core_montmul( X, X, &one, 1, N, AN_limbs, mm, temp );
mbedtls_platform_zeroize( mempool, total_limbs * sizeof(mbedtls_mpi_uint) );
mbedtls_free( mempool );
return( 0 );

3
library/bignum_core.h
View file

@ -500,11 +500,12 @@ int mbedtls_mpi_core_fill_random( mbedtls_mpi_uint *X, size_t X_limbs,
/**
* \brief Perform a modular exponentiation with secret exponent:
* X = A^E mod N
* X = A^E mod N, where \p A is already in Montgomery form.
*
* \param[out] X The destination MPI, as a little endian array of length
* \p AN_limbs.
* \param[in] A The base MPI, as a little endian array of length \p AN_limbs.
* Must be in Montgomery form.
* \param[in] N The modulus, as a little endian array of length \p AN_limbs.
* \param AN_limbs The number of limbs in \p X, \p A, \p N, \p RR.
* \param[in] E The exponent, as a little endian array of length \p E_limbs.