Merge pull request #6457 from minosgalanakis/minos/6017_update_modulus_lifecycle
Bignum: Updated the modulus lifecyle
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index f2c11a5..60c073a 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -77,7 +77,14 @@
switch( m->int_rep )
{
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- mbedtls_free( m->rep.mont );
+ if (m->rep.mont.rr != NULL)
+ {
+ mbedtls_platform_zeroize( (mbedtls_mpi_uint *) m->rep.mont.rr,
+ m->limbs );
+ mbedtls_free( (mbedtls_mpi_uint *)m->rep.mont.rr );
+ m->rep.mont.rr = NULL;
+ }
+ m->rep.mont.mm = 0;
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
mbedtls_free( m->rep.ored );
@@ -93,6 +100,41 @@
m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
}
+static int set_mont_const_square( const mbedtls_mpi_uint **X,
+ const mbedtls_mpi_uint *A,
+ size_t limbs )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi N;
+ mbedtls_mpi RR;
+ *X = NULL;
+
+ mbedtls_mpi_init( &N );
+ mbedtls_mpi_init( &RR );
+
+ if ( A == NULL || limbs == 0 || limbs >= ( MBEDTLS_MPI_MAX_LIMBS / 2 ) - 2 )
+ goto cleanup;
+
+ if ( mbedtls_mpi_grow( &N, limbs ) )
+ goto cleanup;
+
+ memcpy( N.p, A, sizeof(mbedtls_mpi_uint) * limbs );
+
+ ret = mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N);
+
+ if ( ret == 0 )
+ {
+ *X = RR.p;
+ RR.p = NULL;
+ }
+
+cleanup:
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&RR);
+ ret = ( ret != 0 ) ? MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED : 0;
+ return( ret );
+}
+
int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
const mbedtls_mpi_uint *p,
size_t p_limbs,
@@ -120,7 +162,8 @@
{
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
m->int_rep = int_rep;
- m->rep.mont = NULL;
+ m->rep.mont.mm = mbedtls_mpi_core_montmul_init( m->p );
+ ret = set_mont_const_square( &m->rep.mont.rr, m->p, m->limbs );
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
m->int_rep = int_rep;
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index c25eb87..3b3338c 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -53,7 +53,11 @@
size_t limbs;
} mbedtls_mpi_mod_residue;
-typedef void *mbedtls_mpi_mont_struct;
+typedef struct {
+ mbedtls_mpi_uint const *rr; /* The residue for 2^{2*n*biL} mod N */
+ mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
+} mbedtls_mpi_mont_struct;
+
typedef void *mbedtls_mpi_opt_red_struct;
typedef struct {
diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function
index 9f73209..ad89bdf 100644
--- a/tests/suites/test_suite_bignum_mod.function
+++ b/tests/suites/test_suite_bignum_mod.function
@@ -25,12 +25,28 @@
ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, ext_rep, int_rep );
TEST_EQUAL( ret, iret );
+ /* Only test if the constants have been set-up */
+ if ( ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+ {
+ /* Test that the consts have been calculated */
+ TEST_ASSERT( m.rep.mont.rr != NULL );
+ TEST_ASSERT( m.rep.mont.mm != 0 );
+
+ }
+
/* Address sanitiser should catch if we try to free mp */
mbedtls_mpi_mod_modulus_free( &m );
/* Make sure that the modulus doesn't have reference to mp anymore */
TEST_ASSERT( m.p != mp );
+ /* Only test if the constants have been set-up */
+ if ( ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+ {
+ /* Verify the data and pointers allocated have been properly wiped */
+ TEST_ASSERT( m.rep.mont.rr == NULL );
+ TEST_ASSERT( m.rep.mont.mm == 0 );
+ }
exit:
/* It should be safe to call an mbedtls free several times */
mbedtls_mpi_mod_modulus_free( &m );
diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function
index 88b8917..7c9d5db 100644
--- a/tests/suites/test_suite_bignum_mod_raw.function
+++ b/tests/suites/test_suite_bignum_mod_raw.function
@@ -134,6 +134,7 @@
ASSERT_ALLOC( Y, limbs );
ASSERT_ALLOC( buff_m, limbs );
+ memset( buff_m, 0xFF, copy_bytes );
TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_EXT_REP_BE,
@@ -214,6 +215,7 @@
ASSERT_ALLOC( tmp_Y, limbs );
ASSERT_ALLOC( buff_m, copy_limbs );
+ memset( buff_m, 0xFF, copy_bytes );
TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_EXT_REP_BE,