Add more wrappers for ECP MPI operations
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/library/ecp.c b/library/ecp.c
index 501e5cb..47ac5c0 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1239,6 +1239,17 @@
nonzero & cond ) ); \
} while( 0 )
+#define MPI_ECP_NEG( X ) MPI_ECP_COND_NEG( (X), 1 )
+
+#define MPI_ECP_VALID( X ) \
+ ( (X)->p != NULL )
+
+#define MPI_ECP_COND_ASSIGN( X, Y, cond ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( (X), (Y), (cond) ) )
+
+#define MPI_ECP_COND_SWAP( X, Y, cond ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( (X), (Y), (cond) ) )
+
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
* For curves in short Weierstrass form, we do all the internal operations in
@@ -1550,16 +1561,16 @@
/*
* Trivial cases: P == 0 or Q == 0 (case 1)
*/
- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+ if( MPI_ECP_CMP_INT( &P->Z, 0 ) == 0 )
return( mbedtls_ecp_copy( R, Q ) );
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 )
+ if( MPI_ECP_VALID( &Q->Z ) && MPI_ECP_CMP_INT( &Q->Z, 0 ) == 0 )
return( mbedtls_ecp_copy( R, P ) );
/*
* Make sure Q coordinates are normalized
*/
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 )
+ if( MPI_ECP_VALID( &Q->Z ) && MPI_ECP_CMP_INT( &Q->Z, 1 ) != 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
MPI_ECP_SQR( &tmp[0], &P->Z );
@@ -1944,8 +1955,8 @@
/* Read the whole table to thwart cache-based timing attacks */
for( j = 0; j < T_size; j++ )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
+ MPI_ECP_COND_ASSIGN( &R->X, &T[j].X, j == ii );
+ MPI_ECP_COND_ASSIGN( &R->Y, &T[j].Y, j == ii );
}
/* Safely invert result if i is "negative" */
@@ -2229,8 +2240,8 @@
/* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
- p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
+ p_eq_g = ( MPI_ECP_CMP( &P->Y, &grp->G.Y ) == 0 &&
+ MPI_ECP_CMP( &P->X, &grp->G.X ) == 0 );
#else
p_eq_g = 0;
#endif
@@ -2515,11 +2526,11 @@
* else double_add( R, RP, R, RP )
* but using safe conditional swaps to avoid leaks
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+ MPI_ECP_COND_SWAP( &R->X, &RP.X, b );
+ MPI_ECP_COND_SWAP( &R->Z, &RP.Z, b );
MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX, tmp ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+ MPI_ECP_COND_SWAP( &R->X, &RP.X, b );
+ MPI_ECP_COND_SWAP( &R->Z, &RP.Z, b );
}
/*
@@ -2711,6 +2722,8 @@
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi tmp;
+ mbedtls_mpi_init( &tmp );
if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
{
@@ -2723,8 +2736,7 @@
else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
{
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
- if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
+ MPI_ECP_NEG( &R->Y );
}
else
{
@@ -2733,6 +2745,8 @@
}
cleanup:
+ mbedtls_mpi_free( &tmp );
+
return( ret );
}