Make muladd_restartable() actually restartable

This commit is contained in:
Manuel Pégourié-Gonnard 2017-04-20 14:48:56 +02:00
parent 54dd6527f0
commit 1631d63d0c
2 changed files with 85 additions and 16 deletions

View file

@ -153,7 +153,14 @@ static void ecp_restart_mul_free( mbedtls_ecp_restart_mul_ctx *ctx )
*/
struct mbedtls_ecp_restart_muladd
{
int state; /* dummy for now */
mbedtls_ecp_point mP; /* mP value */
mbedtls_ecp_point R; /* R intermediate result */
enum { /* what should we do next? */
ecp_rsma_mul1 = 0, /* first multiplication */
ecp_rsma_mul2, /* second multiplication */
ecp_rsma_add, /* addition */
ecp_rsma_norm, /* normalization */
} state;
};
/*
@ -172,6 +179,9 @@ static void ecp_restart_muladd_free( mbedtls_ecp_restart_muladd_ctx *ctx )
if( ctx == NULL )
return;
mbedtls_ecp_point_free( &ctx->mP );
mbedtls_ecp_point_free( &ctx->R );
memset( ctx, 0, sizeof( *ctx ) );
}
@ -197,6 +207,10 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
ecp_restart_mul_free( ctx->rsm );
mbedtls_free( ctx->rsm );
ctx->rsm = NULL;
ecp_restart_muladd_free( ctx->ma );
mbedtls_free( ctx->ma );
ctx->ma = NULL;
}
/*
@ -2252,7 +2266,8 @@ cleanup:
static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
mbedtls_ecp_point *R,
const mbedtls_mpi *m,
const mbedtls_ecp_point *P )
const mbedtls_ecp_point *P,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
@ -2268,7 +2283,8 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
}
else
{
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P,
NULL, NULL, rs_ctx ) );
}
cleanup:
@ -2290,6 +2306,8 @@ int mbedtls_ecp_muladd_restartable(
{
int ret;
mbedtls_ecp_point mP;
mbedtls_ecp_point *pmP = &mP;
mbedtls_ecp_point *pR = R;
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
@ -2301,6 +2319,16 @@ int mbedtls_ecp_muladd_restartable(
if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
mbedtls_ecp_point_init( &mP );
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
{
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
}
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if defined(MBEDTLS_ECP_EARLY_RETURN)
/* reset ops count for this call if top-level */
if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
@ -2315,25 +2343,54 @@ int mbedtls_ecp_muladd_restartable(
ecp_restart_muladd_init( rs_ctx->ma );
}
if( rs_ctx != NULL && rs_ctx->ma != NULL )
{
/* redirect intermediate results to restart context */
pmP = &rs_ctx->ma->mP;
pR = &rs_ctx->ma->R;
/* jump to next operation */
if( rs_ctx->ma->state == ecp_rsma_mul2 )
goto mul2;
if( rs_ctx->ma->state == ecp_rsma_add )
goto add;
if( rs_ctx->ma->state == ecp_rsma_norm )
goto norm;
}
#endif /* MBEDTLS_ECP_EARLY_RETURN */
mbedtls_ecp_point_init( &mP );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN)
if( rs_ctx != NULL && rs_ctx->ma != NULL )
rs_ctx->ma->state++;
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) );
mul2:
#endif
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN)
if( rs_ctx != NULL && rs_ctx->ma != NULL )
rs_ctx->ma->state++;
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
{
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
}
add:
#endif
ECP_BUDGET( ECP_OPS_ADD );
MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN)
if( rs_ctx != NULL && rs_ctx->ma != NULL )
rs_ctx->ma->state++;
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
norm:
#endif
ECP_BUDGET( ECP_OPS_INV );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) );
#if defined(MBEDTLS_ECP_EARLY_RETURN)
if( rs_ctx != NULL && rs_ctx->ma != NULL )
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) );
#endif
cleanup:
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
if ( is_grp_capable )
{
@ -2341,6 +2398,7 @@ cleanup:
}
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
mbedtls_ecp_point_free( &mP );
#if defined(MBEDTLS_ECP_EARLY_RETURN)
@ -2351,7 +2409,6 @@ cleanup:
rs_ctx->ma = NULL;
}
if( rs_ctx != NULL )
rs_ctx->depth--;
#endif /* MBEDTLS_ECP_EARLY_RETURN */

View file

@ -364,3 +364,15 @@ ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A128499
ECP early return muladd secp256r1 restart disabled
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":0:0:0
ECP early return muladd secp256r1 restart max_ops=1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":1:1:10000
ECP early return muladd secp256r1 restart max_ops=10000
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":10000:0:0
ECP early return muladd secp256r1 restart max_ops=250
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":250:4:64