Add Montgomery conversion and high level I/O #6213
Conversation
minosgalanakis
added
enhancement
component-crypto
minosgalanakis
force-pushed
the
minos/6017_add_Montgomery_conversion_high_lv_IO
branch
from
d70742f to
9903195
Compare
minosgalanakis
force-pushed
the
minos/6017_add_Montgomery_conversion_high_lv_IO
branch
from
9903195 to
e18cf06
Compare
minosgalanakis
force-pushed
the
minos/6017_add_Montgomery_conversion_high_lv_IO
branch
from
89e3d16 to
651dfcd
Compare
This patch adds the Montgomery constants to the `mbedtls_mpi_mont_struct`. Signed-off-by: Minos Galanakis <[email protected]>
At the current state, those fields are initialised to 0,NULL. Signed-off-by: Minos Galanakis <[email protected]>
…m prototype Signed-off-by: Minos Galanakis <[email protected]>
This patch modifies `mbedtls_mpi_get_montgomery_constant_unsafe()` to include intermediate mpi management inside the method and simplify invocation parameters. Signed-off-by: Minos Galanakis <[email protected]>
This patch extends the setup method to pre-calculate mm and RR when setting up a modulus structure Signed-off-by: Minos Galanakis <[email protected]>
…resentation Signed-off-by: Minos Galanakis <[email protected]>
This patch updates the the method names as: `mbedtls_mpi_core_mod_conv_fwd` -> `mbedtls_mpi_mod_raw_to_mont_rep` `mbedtls_mpi_core_mod_conv_inv` -> `mbedtls_mpi_mod_raw_from_mont_rep` `mbedtls_mpi_mod_modulus *modulus` is also renamed to `*m` for consistency. Signed-off-by: Minos Galanakis <[email protected]>
This patch adds input and ouput fucntions in the `bignum_mod` layer. The data will be automatically converted between Cannonical and Montgomery representation if required. Signed-off-by: Minos Galanakis <[email protected]>
This patch adds a test for `MBEDTLS_MPI_MOD_REP_MONTGOMERY`, and will not perform operations where input structure is using cannonical representation. Signed-off-by: Minos Galanakis <[email protected]>
This patch updates `mbedtls_mpi_set_montgomery_constant_unsafe()` and `mbedtls_mpi_mod_modulus_setup()` to change the memory allocation hierarchy used for `m->rep.mont.rr`. The memory is now allocated by `mbedtls_mpi_set_montgomery_constant_unsafe()` and freed by `mbedtls_mpi_mod_modulus_free()` Signed-off-by: Minos Galanakis <[email protected]>
…t_struct.rr` Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
…e()` This patch updates input parameters of the method, to eliminate the dependency to a partially initialised structure and to simplify testing. The error codes have also been simplified to 0 when successful and `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` when not. Signed-off-by: Minos Galanakis <[email protected]>
minosgalanakis
force-pushed
the
minos/6017_add_Montgomery_conversion_high_lv_IO
branch
from
651dfcd to
8456beb
Compare
library/bignum_mod_raw.c
Outdated
| const mbedtls_mpi_mod_modulus *m ) | ||
| { | ||
| mbedtls_mpi_uint one = 1; | ||
| mbedtls_mpi T; |
There was a problem hiding this comment.
We shouldn't be using the legacy mbedtls_mpi structure in the new bignum modules. (The function mbedtls_mpi_set_montgomery_constant_unsafe() is an exception that we are accepting for now, but mbedtls_mpis will eventually will be removed from there too.)
We should be using raw pointers (mbedtls_mpi_uint *) here instead.
There was a problem hiding this comment.
mbedtls_mpi T is only used as temporary storage. The method has been updated to initialise and zeroise that space. The required space shold be limbs_m *2 +1
The only argument for using mpi strucutres, is that the same could achieved by mbedtls_mpi_init( &T ); && mbedtls_mpi_grow( &T, m->limbs* 2 + 1 ) without the need to replicate the size/boundary checks.
Should add an minimal inline checking method in the new api?
library/bignum_mod_raw.c
Outdated
| { | ||
| mbedtls_mpi_uint one = 1; | ||
| mbedtls_mpi T; | ||
| mbedtls_mpi_init( &T ); |
There was a problem hiding this comment.
mbedtls_mpi_init() doesn't allocate any memory, it just zeroes out the structure. The old API automatically grows initialised MPIs to the size needed, but bignum_core functions don't do that.
There was a problem hiding this comment.
This has been addressed as part of the work for the previous item.
library/bignum_mod_raw.c
Outdated
| { | ||
| mbedtls_mpi T; | ||
| mbedtls_mpi_init( &T ); | ||
| mbedtls_mpi_core_montmul( X, X, m->rep.mont.rr, 1, m->p, m->limbs, |
There was a problem hiding this comment.
I think that the length of m->rep.mont.rr is m->limbs and not 1.
There was a problem hiding this comment.
You are indeed correct that this 1 needs to be updated.
Since we brought this subject, the actual limb size needed to represent RR is not always the same always m->limbs We can have an 8 limbs modulo and RR == 0x1 which would need just one limb.
The implicit assumption is that limbs_RR <= limbs_N. It shouldn't affect our operations, but it may be worth to look into for optimisation?
There was a problem hiding this comment.
In theory yes, however unless the modulus has some peculiar structure, I would expect RR to need limbs_N in most cases.
This patch updates the method to fail when limb size is invalid. The size limitation of `MBEDTLS_MPI_MAX_LIMBS / 2) - 2` is imposed by R^2 and modular division requirements. Signed-off-by: Minos Galanakis <[email protected]>
This patch removes the dependency on the legaly bignum interface. `mbedtls_mpi` is no longer used for temporary buffer allocation. Signed-off-by: Minos Galanakis <[email protected]>
This patch adds the test for the method calculating the RR. The input/expected
data are generated manually using the following Python3 snippet:
~~~~~
def limb_no(number):
return int(int.bit_length(number)/64) + 1
def calc_rr(number):
return '{:x}'.format(pow(pow(2, limb_no(number) * 64), 2, number))
~~~~~
Signed-off-by: Minos Galanakis <[email protected]>
minosgalanakis
force-pushed
the
minos/6017_add_Montgomery_conversion_high_lv_IO
branch
from
897d619 to
eb8aa40
Compare
This patch separates the arithmetic functionality of the method to the memory allocation and lifecycle logic. `mbedtls_mpi_get_montgomery_constant_unsafe()` has been reverted to the original protype form, and moved to bignum_core. A new static method `set_mont_const_square()` is used for the lifecycle management in the `bignum_mod` layer. Tests have been updated accordingly. Signed-off-by: Minos Galanakis <[email protected]>
|
This PR has been deprecated and was used as a refference point. The issue #6017 has been resolved so I am closing it |
Description
This pr will be rebased on top of PR 6095 and PR 6083
Because it brings all the changes forward please disregard all the files, aside from the following
Status
*IN DEVELOPMENT
Requires Backporting
NO
Additional comments
Any additional information that could be of interest
Todos