Scale ops count for larger curves From a user's perspective, you want a "basic operation" to take approximately the same amount of time regardless of the curve size, especially since max_ops is a global setting: otherwise if you pick a limit suitable for P-384 then when you do an operation on P-256 it will return way more often than needed. Said otherwise, a user is actually interested in actual running time, and we do the API in terms of "basic ops" for practical reasons (no timers) but then we should make sure it's a good proxy for running time.

commit: e685449004eccc58f327cbde5f9808f78c38471c [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Mar 20 14:35:19 2017 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Aug 09 11:44:53 2017 +0200
tree: 4c90f67eadd888396e8e8c4122a51a02ce17d475
parent: d3a0ca850031012908fee4d7af2edd27649bb4d8 [diff] [blame]
diff --git a/library/ecp.c b/library/ecp.c
index b3bddbf..ec2e3cd 100644
--- a/library/ecp.c
+++ b/library/ecp.c

@@ -166,10 +166,18 @@
 {
     if( grp->rs != NULL )
     {
+        /* scale depending on curve size: the chosen reference is 256-bit,
+         * and multiplication is quadratic. Round to the closest integer. */
+        if( grp->pbits >= 512 )
+            ops *= 4;
+        else if( grp->pbits >= 384 )
+            ops *= 2;
+
         /* avoid infinite loops: always allow first step */
         if( grp->rs->ops_done != 0 && grp->rs->ops_done + ops > ecp_max_ops )
             return( MBEDTLS_ERR_ECP_IN_PROGRESS );
 
+        /* update running count */
         grp->rs->ops_done += ops;
     }
commit	e685449004eccc58f327cbde5f9808f78c38471c	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Mar 20 14:35:19 2017 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Aug 09 11:44:53 2017 +0200
tree	4c90f67eadd888396e8e8c4122a51a02ce17d475
parent	d3a0ca850031012908fee4d7af2edd27649bb4d8 [diff] [blame]