Make muladd_restartable() actually restartable

2025-01-11 02:55:30 +00:00 · 2017-04-20 14:48:56 +02:00 · 2017-04-20 14:48:56 +02:00 · 1631d63d0c
parent 54dd6527f0
commit 1631d63d0c
2 changed files with 85 additions and 16 deletions
--- a/library/ecp.c
+++ b/library/ecp.c
@ -153,7 +153,14 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx )
 */
 struct mbedtls_ecp_restart_muladd
 {
-    int state;              /* dummy for now */
+    mbedtls_ecp_point mP;       /* mP value                             */
    mbedtls_ecp_point R;        /* R intermediate result                */
    enum {                      /* what should we do next?              */
        ecp_rsma_mul1 = 0,      /* first multiplication                 */
        ecp_rsma_mul2,          /* second multiplication                */
        ecp_rsma_add,           /* addition                             */
        ecp_rsma_norm,          /* normalization                        */
    } state;
 };
 /*
@ -172,6 +179,9 @@ static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx )
    if( ctx == NULL )
        return;
    mbedtls_ecp_point_free( &ctx->mP );
    mbedtls_ecp_point_free( &ctx->R );
    memset( ctx, 0, sizeof( *ctx ) );
 }
@ -197,6 +207,10 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
    ecp_restart_mul_free( ctx->rsm );
    mbedtls_free( ctx->rsm );
    ctx->rsm = NULL;
    ecp_restart_muladd_free( ctx->ma );
    mbedtls_free( ctx->ma );
    ctx->ma = NULL;
 }
 /*
@ -2252,7 +2266,8 @@ cleanup:
 static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
                                      mbedtls_ecp_point *R,
                                      const mbedtls_mpi *m,
-                                      const mbedtls_ecp_point *P )
+                                      const mbedtls_ecp_point *P,
                                      mbedtls_ecp_restart_ctx *rs_ctx )
 {
    int ret;
@ -2268,7 +2283,8 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
    }
    else
    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
+        MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P,
                                                      NULL, NULL, rs_ctx ) );
    }
 cleanup:
@ -2290,6 +2306,8 @@ int mbedtls_ecp_muladd_restartable(
 {
    int ret;
    mbedtls_ecp_point mP;
    mbedtls_ecp_point *pmP = &mP;
    mbedtls_ecp_point *pR = R;
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
    char is_grp_capable = 0;
 #endif
@ -2301,6 +2319,16 @@ int mbedtls_ecp_muladd_restartable(
    if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
    mbedtls_ecp_point_init( &mP );
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
    if (  is_grp_capable = mbedtls_internal_ecp_grp_capable( grp )  )
    {
        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
    }
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
 #if defined(MBEDTLS_ECP_EARLY_RETURN)
    /* reset ops count for this call if top-level */
    if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
@ -2315,25 +2343,54 @@ int mbedtls_ecp_muladd_restartable(
        ecp_restart_muladd_init( rs_ctx->ma );
    }
    if( rs_ctx != NULL && rs_ctx->ma != NULL )
    {
        /* redirect intermediate results to restart context */
        pmP = &rs_ctx->ma->mP;
        pR  = &rs_ctx->ma->R;
        /* jump to next operation */
        if( rs_ctx->ma->state == ecp_rsma_mul2 )
            goto mul2;
        if( rs_ctx->ma->state == ecp_rsma_add )
            goto add;
        if( rs_ctx->ma->state == ecp_rsma_norm )
            goto norm;
    }
 #endif /* MBEDTLS_ECP_EARLY_RETURN */
-    mbedtls_ecp_point_init( &mP );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) );
 #if defined(MBEDTLS_ECP_EARLY_RETURN)
    if( rs_ctx != NULL && rs_ctx->ma != NULL )
        rs_ctx->ma->state++;
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
+mul2:
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R,   n, Q ) );
+#endif
    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR,  n, Q, rs_ctx ) );
 #if defined(MBEDTLS_ECP_EARLY_RETURN)
    if( rs_ctx != NULL && rs_ctx->ma != NULL )
        rs_ctx->ma->state++;
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+add:
-    if (  is_grp_capable = mbedtls_internal_ecp_grp_capable( grp )  )
+#endif
-    {
+    ECP_BUDGET( ECP_OPS_ADD );
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+    MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) );
-    }
+#if defined(MBEDTLS_ECP_EARLY_RETURN)
    if( rs_ctx != NULL && rs_ctx->ma != NULL )
        rs_ctx->ma->state++;
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+norm:
-    MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
+#endif
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
+    ECP_BUDGET( ECP_OPS_INV );
    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) );
 #if defined(MBEDTLS_ECP_EARLY_RETURN)
    if( rs_ctx != NULL && rs_ctx->ma != NULL )
        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) );
 #endif
 cleanup:
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
    if ( is_grp_capable )
    {
@ -2341,6 +2398,7 @@ cleanup:
    }
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
    mbedtls_ecp_point_free( &mP );
 #if defined(MBEDTLS_ECP_EARLY_RETURN)
@ -2351,7 +2409,6 @@ cleanup:
        rs_ctx->ma = NULL;
    }
    if( rs_ctx != NULL )
        rs_ctx->depth--;
 #endif /* MBEDTLS_ECP_EARLY_RETURN */
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@ -364,3 +364,15 @@ ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A128499
 ECP early return muladd secp256r1 restart disabled
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":0:0:0
 ECP early return muladd secp256r1 restart max_ops=1
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":1:1:10000
 ECP early return muladd secp256r1 restart max_ops=10000
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":10000:0:0
 ECP early return muladd secp256r1 restart max_ops=250
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":250:4:64