mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-26 21:11:06 +00:00
Fix bound issues
This commit is contained in:
parent
101a39f55f
commit
c30200e4ce
|
@ -157,16 +157,16 @@ ecp_keypair;
|
||||||
#define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 )
|
#define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Maximum window size (actually, NAF width) used for point multipliation.
|
* Maximum "window" size used for point multiplication.
|
||||||
* Default: 8.
|
* Default: 6.
|
||||||
* Minimum value: 2. Maximum value: 8.
|
* Minimum value: 2. Maximum value: 7.
|
||||||
*
|
*
|
||||||
* Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
|
* Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
|
||||||
* points used for point multiplication.
|
* points used for point multiplication.
|
||||||
*
|
*
|
||||||
* Reduction in size may reduce speed for big curves.
|
* Reduction in size may reduce speed for big curves.
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_ECP_WINDOW_SIZE 8 /**< Maximum NAF width used. */
|
#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used. */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Point formats, from RFC 4492's enum ECPointFormat
|
* Point formats, from RFC 4492's enum ECPointFormat
|
||||||
|
|
|
@ -1512,13 +1512,26 @@ cleanup:
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute the representation of m that will be used with the comb method.
|
* Check and define parameters used by the comb method (see below for details)
|
||||||
|
*/
|
||||||
|
#if POLARSSL_ECP_WINDOW_SIZE < 2 || POLARSSL_ECP_WINDOW_SIZE > 7
|
||||||
|
#error "POLARSSL_ECP_WINDOW_SIZE out of bounds"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* d = ceil( n / w ) */
|
||||||
|
#define COMB_MAX_D ( POLARSSL_ECP_MAX_BITS + 1 ) / 2
|
||||||
|
|
||||||
|
/* number of precomputed points */
|
||||||
|
#define COMB_MAX_PRE ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Compute the representation of m that will be used with our comb method.
|
||||||
*
|
*
|
||||||
* The basic comb method is described in GECC 3.44 for example. We use a
|
* The basic comb method is described in GECC 3.44 for example. We use a
|
||||||
* modified version that provides resistance to SPA by avoiding zero
|
* modified version that provides resistance to SPA by avoiding zero
|
||||||
* digits in the representation as in [3]. We modify the method further by
|
* digits in the representation as in [3]. We modify the method further by
|
||||||
* requiring that all K_i be odd, which has the small cost that our
|
* requiring that all K_i be odd, which has the small cost that our
|
||||||
* representation uses on more K, due to carries.
|
* representation uses one more K_i, due to carries.
|
||||||
*
|
*
|
||||||
* Also, for the sake of compactness, only the seven low-order bits of x[i]
|
* Also, for the sake of compactness, only the seven low-order bits of x[i]
|
||||||
* are used to represent K_i, and the msb of x[i] encodes the the sign (s_i in
|
* are used to represent K_i, and the msb of x[i] encodes the the sign (s_i in
|
||||||
|
@ -1526,7 +1539,8 @@ cleanup:
|
||||||
*
|
*
|
||||||
* Calling conventions:
|
* Calling conventions:
|
||||||
* - x is an array of size d + 1
|
* - x is an array of size d + 1
|
||||||
* - w is the size, ie number of teeth, of the comb
|
* - w is the size, ie number of teeth, of the comb, and must be between
|
||||||
|
* 2 and 7 (in practice, between 2 and POLARSSL_ECP_WINDOW_SIZE)
|
||||||
* - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
|
* - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
|
||||||
* (the result will be incorrect if these assumptions are not satisfied)
|
* (the result will be incorrect if these assumptions are not satisfied)
|
||||||
*/
|
*/
|
||||||
|
@ -1582,8 +1596,9 @@ static int ecp_precompute_comb( const ecp_group *grp,
|
||||||
unsigned char w, size_t d )
|
unsigned char w, size_t d )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char i, j, k;
|
unsigned char i, k;
|
||||||
ecp_point *cur, *TT[200]; // TODO
|
size_t j;
|
||||||
|
ecp_point *cur, *TT[COMB_MAX_PRE - 1];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set T[0] = P and
|
* Set T[0] = P and
|
||||||
|
@ -1689,7 +1704,7 @@ int ecp_mul_comb( ecp_group *grp, ecp_point *R,
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char w, m_is_odd, p_eq_g;
|
unsigned char w, m_is_odd, p_eq_g;
|
||||||
size_t pre_len, d, i;
|
size_t pre_len, d, i;
|
||||||
unsigned char k[200]; // TODO
|
unsigned char k[COMB_MAX_D + 1];
|
||||||
ecp_point Q, *T = NULL, S[2];
|
ecp_point Q, *T = NULL, S[2];
|
||||||
mpi M;
|
mpi M;
|
||||||
|
|
||||||
|
@ -1714,7 +1729,7 @@ int ecp_mul_comb( ecp_group *grp, ecp_point *R,
|
||||||
/* TODO: adjust exact value */
|
/* TODO: adjust exact value */
|
||||||
w = grp->nbits >= 192 ? 5 : 2;
|
w = grp->nbits >= 192 ? 5 : 2;
|
||||||
|
|
||||||
pre_len = 1U << w;
|
pre_len = 1U << ( w - 1 );
|
||||||
d = ( grp->nbits + w - 1 ) / w;
|
d = ( grp->nbits + w - 1 ) / w;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in a new issue