TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-09 22:03:41 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,235 Commits 179 Branches 280 Tags
c2d210ea0db99bb30bfc574537b223e8573df53f
Commit Graph

32235 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
c2d210ea0d DHM: use CT modinv for blinding 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-14 09:18:52 +02:00
Manuel Pégourié-Gonnard
a56a05b015 RSA: use CT gcd-modinv in prepare_blinding() 
While at it, draw the blinding value uniformly in the permissible range.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-14 09:18:52 +02:00
Janos Follath
210f8bc4d7 Merge pull request #1408 from mpg/improve-gcd-3.6 
[3.6] Make GCD (a lot) less leaky
 2025-08-13 19:44:57 +01:00
Manuel Pégourié-Gonnard
e4ca79c04f Merge pull request #1409 from mpg/improve-inv-mod 
[3.6] Make `mpi_inv_mod()` (a lot) less leaky
 2025-08-13 14:17:49 +02:00
Manuel Pégourié-Gonnard
30f0732369 bignum: gcd: improve comments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-13 09:01:55 +02:00
Manuel Pégourié-Gonnard
87e77d6516 bignum: fix memory leak in GCD with 0 as an input 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-13 09:01:55 +02:00
Manuel Pégourié-Gonnard
381d4ba03b Make mbedtls_mpi_gcd() more consistent 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-13 09:01:45 +02:00
Manuel Pégourié-Gonnard
c6a9d84555 bignum: use CT gcd for mbedtls_mpi_gcd() 
The overall function is still not constant-time, but it just got a lot
less leaky.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-13 09:01:45 +02:00
Manuel Pégourié-Gonnard
a08faf9070 bignum: follow customs for ret initialisation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-12 11:55:22 +02:00
Manuel Pégourié-Gonnard
7a5447ff65 Fix a few typos 
Co-authored-by: Felix Conway <felix.conway@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-12 11:55:15 +02:00
Manuel Pégourié-Gonnard
65b8011f7e bignum: make mbedtls_mpi_lsb() less leaky 
The path using builtin should be OK, as it should be using dedicated CPU
instructions which are constant time.

This fixes the no-builing path.

GCC gained support for __has_builtin in version 10. We're still testing
with older GCC on the CI, so the non-builtin path is tested on the CI.

https://gcc.gnu.org/gcc-10/changes.html

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-11 09:36:26 +02:00
Manuel Pégourié-Gonnard
40dfc811ef bignum: remove dead variable-time inv_mod code 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-11 09:35:28 +02:00
Manuel Pégourié-Gonnard
1ac0a1e071 bignum: use CT modinv when A is odd (any range) 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-11 09:35:28 +02:00
Manuel Pégourié-Gonnard
e41709c17e bignum: use CT modinv when A is odd and in [2, N) 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-11 09:35:28 +02:00
Manuel Pégourié-Gonnard
cdfd1c9c7d bignum: use CT modinv when N is odd 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-11 09:35:28 +02:00
Manuel Pégourié-Gonnard
00076b4907 Expand testing for mbedtls_mpi_inv_mod() again 
In the next refactoring we'll have:
- pretty different paths for N odd or even,
- possibly different paths for A <= 0, in [0, N) or above,
- possibly special cases when A % N is 0 or 1.

Pick two small moduli of different parities (3 and 4)
and go over the range [-(N+1), 2N-1] with A.
This should ensure we naturally run into all special cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-08-11 09:35:28 +02:00
Manuel Pégourié-Gonnard
246d86b941 Merge pull request #1403 from felixc-arm/bignum-invmod-wrapper 
[3.6] Add wrapper `mpi_gcd_invmod_odd()`
 2025-08-11 09:22:38 +02:00
Felix Conway
99270322ff Improve mpi_gcd_invmod_odd() tests when I/G has more limbs than N 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-06 10:20:00 +01:00
Felix Conway
a1c95e378a Adjust mpi_gcd_modinv_odd() internals 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-06 09:54:11 +01:00
Felix Conway
49a2bc4750 Add gcd_invmod_odd() tests where G/I are initialized to large numbers 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-05 14:38:20 +01:00
Felix Conway
eefdfe99a4 Change A=0 (null) handling in mpi_gcd_invmod_odd() 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-05 14:35:53 +01:00
Felix Conway
d9c4c9c441 Update mpi_gcd_invmod_odd() related comments/documentation 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-05 14:33:32 +01:00
Felix Conway
f4df43b6c4 Fix gcd_invmod_odd wrapper when A is 0 (null) 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-04 17:00:10 +01:00
Felix Conway
fae58c4a0c Fix memory leak 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-04 13:05:34 +01:00
Felix Conway
45835d1bf2 Add handful of manual gcd_modinv_odd test cases 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-04 11:35:15 +01:00
Felix Conway
38ec046c4b Add mpi_gcd_modinv_odd test functions 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-04 11:34:45 +01:00
Felix Conway
54a94c1598 Adjust mpi_gcd_modinv_odd docs and precondition checking 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-04 11:34:19 +01:00
Felix Conway
bd7ede3f33 bignum: add mpi wrapper for gcd_modinv 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-04 11:33:48 +01:00
Manuel Pégourié-Gonnard
81a3e86a45 Merge pull request #1402 from felixc-arm/bignum-gcd-testing-followup 
Bignum gcd testing followup
 2025-08-04 10:20:29 +02:00
Felix Conway
014d9d16fd Update framework pointer 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-01 13:57:42 +01:00
Felix Conway
1e89301a2d Add GCD tests for (0, negative) inputs 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-01 13:57:26 +01:00
Manuel Pégourié-Gonnard
847697cee2 Merge pull request #1398 from felixc-arm/bignum-improve-gcd-invmod-testing 
[3.6] Improve testing of mbedtls_mpi_gcd() and mbedtls_mpi_inv_mod()
 2025-07-30 21:58:26 +02:00
Felix Conway
7758aa340a Add GCD tests that return negative when b=0 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-30 09:59:42 +01:00
Felix Conway
e28bb8cbe6 Revert "Remove manual GCD tests that are now generated" 
This reverts commit bb50b5ab0e.

Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-30 09:59:08 +01:00
Felix Conway
c51168039b Clarify mpi_gdc() documentation when B is 0 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-29 15:50:05 +01:00
Felix Conway
bb50b5ab0e Remove manual GCD tests that are now generated 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-29 15:36:19 +01:00
Felix Conway
fca43c79fb Rework misleading comment 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-29 15:34:28 +01:00
Felix Conway
4c7c5c3f17 Add more manual inv_mod tests 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-29 12:10:03 +01:00
Felix Conway
8951916ac7 Fix pointer aliasing in bignum tests 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-29 11:03:08 +01:00
Manuel Pégourié-Gonnard
9b54f93458 Merge pull request #1387 from mpg/ct-gcd-modinv 
bignum_core: Add mbedtls_mpi_core_gcd_modinv_odd()
 2025-07-28 23:25:35 +02:00
Felix Conway
f6d883c928 Improve invmod and gcd handwritten tests 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-28 16:32:14 +01:00
Felix Conway
1527b69c7f Clarify parameter documentation 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-28 16:31:44 +01:00
Manuel Pégourié-Gonnard
eb34680126 Use more meaningful names in test function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-07-25 09:49:30 +02:00
Manuel Pégourié-Gonnard
be8983d394 Use precise sizes for temporaries in test 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-07-25 09:46:52 +02:00
Manuel Pégourié-Gonnard
0904a74235 Remove tests for 0 limbs 
That rule is common to the whole module and not a likely mistake to
make. Also, the test was not really precise as G, I, T were oversized.
Better remove it than give a false sense of security.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-07-25 09:33:20 +02:00
Felix Conway
9646537e94 Improve testing of mbedtls_mpi_gcd() and mbedtls_mpi_inv_mod() 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-07-24 15:25:00 +01:00
Manuel Pégourié-Gonnard
ec35382a51 Try again to clarify connection with the paper 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-07-24 12:22:16 +02:00
Manuel Pégourié-Gonnard
efd242a0e5 Gracefully handle A_limbs > N_limbs and test it 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-07-24 11:10:59 +02:00
Manuel Pégourié-Gonnard
9361550c45 Tune comment about paper vs our code again 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-07-23 13:21:07 +02:00
Manuel Pégourié-Gonnard
dbda872369 Expand comment about adaptations from the paper 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-07-22 09:21:53 +02:00