Merge pull request #7725 from minosgalanakis/ecp/7268_add_optimised_reduction_setup_3
[Bignum] Add optimised reduction setup
This commit is contained in:
Paul Elliott
GitHub
commit
3048c8c906
9 changed files with 175 additions and 126 deletions
|
|
@ -99,7 +99,18 @@ int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
|
|||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep);
|
||||
|
||||
switch (int_rep) {
|
||||
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
|
||||
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
|
||||
break;
|
||||
case MBEDTLS_MPI_MOD_REP_OPT_RED:
|
||||
ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
|
||||
break;
|
||||
default:
|
||||
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
break;
|
||||
}
|
||||
if (ret != 0) {
|
||||
mbedtls_free(p);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,21 +10,6 @@
|
|||
ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
|
||||
(b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
|
||||
|
||||
static int test_read_modulus(mbedtls_mpi_mod_modulus *m,
|
||||
mbedtls_mpi_mod_rep_selector int_rep,
|
||||
char *input)
|
||||
{
|
||||
mbedtls_mpi_uint *p = NULL;
|
||||
size_t limbs;
|
||||
|
||||
int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep);
|
||||
}
|
||||
|
||||
static int test_read_residue(mbedtls_mpi_mod_residue *r,
|
||||
const mbedtls_mpi_mod_modulus *m,
|
||||
char *input,
|
||||
|
|
@ -65,7 +50,19 @@ void mpi_mod_setup(int int_rep, int iret)
|
|||
memset(mp, 0xFF, sizeof(mp));
|
||||
|
||||
mbedtls_mpi_mod_modulus_init(&m);
|
||||
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep);
|
||||
|
||||
switch (int_rep) {
|
||||
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
|
||||
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS);
|
||||
break;
|
||||
case MBEDTLS_MPI_MOD_REP_OPT_RED:
|
||||
ret = mbedtls_mpi_mod_optred_modulus_setup(&m, mp, MLIMBS, NULL);
|
||||
break;
|
||||
default:
|
||||
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
break;
|
||||
}
|
||||
|
||||
TEST_EQUAL(ret, iret);
|
||||
|
||||
/* Only test if the constants have been set-up */
|
||||
|
|
@ -112,8 +109,8 @@ void mpi_mod_mul(char *input_A,
|
|||
mbedtls_mpi_mod_modulus m;
|
||||
mbedtls_mpi_mod_modulus_init(&m);
|
||||
|
||||
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
|
||||
0);
|
||||
TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
|
||||
|
||||
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0);
|
||||
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0);
|
||||
|
|
@ -200,8 +197,8 @@ void mpi_mod_mul_neg(char *input_A,
|
|||
mbedtls_mpi_mod_modulus fake_m;
|
||||
mbedtls_mpi_mod_modulus_init(&fake_m);
|
||||
|
||||
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
|
||||
0);
|
||||
TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
|
||||
|
||||
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0);
|
||||
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0);
|
||||
|
|
@ -247,7 +244,8 @@ void mpi_mod_sub(char *input_N,
|
|||
mbedtls_mpi_mod_modulus_init(&m);
|
||||
|
||||
TEST_EQUAL(0,
|
||||
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
|
||||
mbedtls_test_read_mpi_modulus(&m, input_N,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
|
||||
/* test_read_residue() normally checks that inputs have the same number of
|
||||
* limbs as the modulus. For negative testing we can ask it to skip this
|
||||
|
|
@ -348,7 +346,8 @@ void mpi_mod_inv_mont(char *input_N,
|
|||
mbedtls_mpi_mod_modulus_init(&N);
|
||||
|
||||
TEST_EQUAL(0,
|
||||
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
|
||||
mbedtls_test_read_mpi_modulus(&N, input_N,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
|
||||
/* test_read_residue() normally checks that inputs have the same number of
|
||||
* limbs as the modulus. For negative testing we can ask it to skip this
|
||||
|
|
@ -397,7 +396,8 @@ void mpi_mod_inv_non_mont(char *input_N,
|
|||
mbedtls_mpi_mod_modulus_init(&N);
|
||||
|
||||
TEST_EQUAL(0,
|
||||
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N));
|
||||
mbedtls_test_read_mpi_modulus(&N, input_N,
|
||||
MBEDTLS_MPI_MOD_REP_OPT_RED));
|
||||
|
||||
/* test_read_residue() normally checks that inputs have the same number of
|
||||
* limbs as the modulus. For negative testing we can ask it to skip this
|
||||
|
|
@ -447,7 +447,8 @@ void mpi_mod_add(char *input_N,
|
|||
mbedtls_mpi_mod_modulus_init(&m);
|
||||
|
||||
TEST_EQUAL(0,
|
||||
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
|
||||
mbedtls_test_read_mpi_modulus(&m, input_N,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
|
||||
/* test_read_residue() normally checks that inputs have the same number of
|
||||
* limbs as the modulus. For negative testing we can ask it to skip this
|
||||
|
|
@ -550,8 +551,7 @@ void mpi_residue_setup(char *input_N, char *input_R, int ret)
|
|||
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
|
||||
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R));
|
||||
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
|
||||
|
||||
TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
|
||||
|
||||
|
|
@ -592,8 +592,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret)
|
|||
mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
|
||||
|
||||
/* Set up modulus and test with residue->p == NULL */
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
|
||||
|
||||
TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
|
||||
mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
|
||||
|
|
@ -666,8 +665,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian)
|
|||
TEST_LE_U(a_bytes, n_bytes);
|
||||
|
||||
/* Init Structures */
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
|
||||
|
||||
/* Enforcing p_limbs >= m->limbs */
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs));
|
||||
|
|
|
|||
|
|
@ -54,8 +54,7 @@ void mpi_mod_raw_io(data_t *input, int nb_int, int nx_32_int,
|
|||
|
||||
mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])];
|
||||
memset(init, 0xFF, sizeof(init));
|
||||
int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY);
|
||||
int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) {
|
||||
|
|
@ -137,8 +136,7 @@ void mpi_mod_raw_cond_assign(char *input_X,
|
|||
ASSERT_ALLOC(buff_m, copy_limbs);
|
||||
memset(buff_m, 0xFF, copy_limbs);
|
||||
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
|
||||
&m, buff_m, copy_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
|
||||
&m, buff_m, copy_limbs), 0);
|
||||
|
||||
/* condition is false */
|
||||
TEST_CF_SECRET(X, bytes);
|
||||
|
|
@ -208,8 +206,7 @@ void mpi_mod_raw_cond_swap(char *input_X,
|
|||
ASSERT_ALLOC(buff_m, copy_limbs);
|
||||
memset(buff_m, 0xFF, copy_limbs);
|
||||
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
|
||||
&m, buff_m, copy_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
|
||||
&m, buff_m, copy_limbs), 0);
|
||||
|
||||
ASSERT_ALLOC(X, limbs);
|
||||
memcpy(X, tmp_X, bytes);
|
||||
|
|
@ -297,8 +294,7 @@ void mpi_mod_raw_sub(char *input_A,
|
|||
ASSERT_ALLOC(X, limbs);
|
||||
|
||||
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
|
||||
&m, N, limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
|
||||
&m, N, limbs), 0);
|
||||
|
||||
mbedtls_mpi_mod_raw_sub(X, A, B, &m);
|
||||
ASSERT_COMPARE(X, bytes, res, bytes);
|
||||
|
|
@ -368,8 +364,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N,
|
|||
TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs));
|
||||
|
||||
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
|
||||
&m, N, limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
|
||||
&m, N, limbs), 0);
|
||||
|
||||
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
|
||||
ASSERT_COMPARE(X, bytes, res, bytes);
|
||||
|
|
@ -419,8 +414,7 @@ void mpi_mod_raw_mul(char *input_A,
|
|||
ASSERT_ALLOC(X, limbs);
|
||||
|
||||
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
|
||||
&m, N, limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
|
||||
&m, N, limbs), 0);
|
||||
|
||||
const size_t limbs_T = limbs * 2 + 1;
|
||||
ASSERT_ALLOC(T, limbs_T);
|
||||
|
|
@ -580,9 +574,7 @@ void mpi_mod_raw_add(char *input_N,
|
|||
ASSERT_ALLOC(X, limbs);
|
||||
|
||||
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
|
||||
&m, N, limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY
|
||||
), 0);
|
||||
&m, N, limbs), 0);
|
||||
|
||||
/* A + B => Correct result */
|
||||
mbedtls_mpi_mod_raw_add(X, A, B, &m);
|
||||
|
|
@ -720,8 +712,7 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X)
|
|||
size_t limbs = n_limbs;
|
||||
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
|
||||
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
|
||||
|
||||
/* 1. Test low-level function first */
|
||||
|
||||
|
|
@ -785,8 +776,7 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X)
|
|||
size_t limbs = n_limbs;
|
||||
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
|
||||
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
|
||||
|
||||
/* 1. Test low-level function first */
|
||||
|
||||
|
|
@ -847,8 +837,7 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X)
|
|||
ASSERT_ALLOC(R, n_limbs);
|
||||
ASSERT_ALLOC(Z, n_limbs);
|
||||
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
|
||||
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
|
||||
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
|
||||
|
||||
/* Neg( A == 0 ) => Zero result */
|
||||
mbedtls_mpi_mod_raw_neg(R, Z, &m);
|
||||
|
|
|
|||
|
|
@ -1294,35 +1294,35 @@ void ecp_mod_p_generic_raw(int curve_id,
|
|||
bytes = limbs_N * sizeof(mbedtls_mpi_uint);
|
||||
|
||||
switch (curve_id) {
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
|
||||
case MBEDTLS_ECP_DP_SECP192R1:
|
||||
limbs = 2 * limbs_N;
|
||||
curve_bits = 192;
|
||||
curve_func = &mbedtls_ecp_mod_p192_raw;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
|
||||
case MBEDTLS_ECP_DP_SECP224R1:
|
||||
limbs = 448 / biL;
|
||||
curve_bits = 224;
|
||||
curve_func = &mbedtls_ecp_mod_p224_raw;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
|
||||
case MBEDTLS_ECP_DP_SECP256R1:
|
||||
limbs = 2 * limbs_N;
|
||||
curve_bits = 256;
|
||||
curve_func = &mbedtls_ecp_mod_p256_raw;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
|
||||
case MBEDTLS_ECP_DP_SECP384R1:
|
||||
limbs = 2 * limbs_N;
|
||||
curve_bits = 384;
|
||||
curve_func = &mbedtls_ecp_mod_p384_raw;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
|
||||
case MBEDTLS_ECP_DP_SECP521R1:
|
||||
limbs = 2 * limbs_N;
|
||||
curve_bits = 522;
|
||||
|
|
@ -1373,8 +1373,7 @@ void ecp_mod_p_generic_raw(int curve_id,
|
|||
TEST_EQUAL(limbs_res, limbs_N);
|
||||
|
||||
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
|
||||
&m, N, limbs_N,
|
||||
MBEDTLS_MPI_MOD_REP_OPT_RED), 0);
|
||||
&m, N, limbs_N), 0);
|
||||
|
||||
TEST_EQUAL((*curve_func)(X, limbs_X), 0);
|
||||
|
||||
|
|
@ -1407,16 +1406,18 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
|
|||
TEST_EQUAL(ret, iret);
|
||||
|
||||
if (ret == 0) {
|
||||
|
||||
TEST_ASSERT(m.int_rep != MBEDTLS_MPI_MOD_REP_INVALID);
|
||||
/* Test for limb sizes */
|
||||
TEST_EQUAL(m.limbs, p_limbs);
|
||||
bytes = p_limbs * sizeof(mbedtls_mpi_uint);
|
||||
|
||||
/* Test for validity of moduli by the presence of Montgomery consts */
|
||||
|
||||
TEST_ASSERT(m.rep.mont.mm != 0);
|
||||
TEST_ASSERT(m.rep.mont.rr != NULL);
|
||||
|
||||
if (m.int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
|
||||
/* Test for validity of moduli by the presence of Montgomery consts */
|
||||
TEST_ASSERT(m.rep.mont.mm != 0);
|
||||
TEST_ASSERT(m.rep.mont.rr != NULL);
|
||||
} else {
|
||||
TEST_ASSERT(m.rep.ored.modp != NULL);
|
||||
}
|
||||
|
||||
/* Compare output byte-by-byte */
|
||||
ASSERT_COMPARE(p, bytes, m.p, bytes);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue