Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix order value for curve x448 #5811

Merged
merged 7 commits into from
Jun 27, 2022
Merged

Fix order value for curve x448 #5811

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
aa68d36
Fix order value for curve x448.
polhenarejos May 5, 2022
030e802
Added Changelog entry.
polhenarejos May 5, 2022
f72803d
Removing tabs.
polhenarejos May 5, 2022
b101cb6
Since the group is unloaded for all curves, it is better to initializ…
polhenarejos May 6, 2022
5708046
Add test-case for checking curve order
daverodgman Jun 17, 2022
5cab9da
fix whitespace
daverodgman Jun 17, 2022
eb8570f
Fix missing newline
daverodgman Jun 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions ChangeLog.d/bug_order_x448.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Bugfix
* Fix order value of curve x448.
2 changes: 2 additions & 0 deletions library/ecp_curves.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4737,6 +4737,8 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
ECP_VALIDATE_RET( grp != NULL );
mbedtls_ecp_group_free( grp );

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please explain to me how it can be right to free the grp and then init it right after that?
https://os.mbed.com/teams/sandbox/code/mbedtls/docs/tip/ecp_8c_source.html#l00321

Clearly shows everything gets freed after that.
What am I missing here?

As far as I can understand this will essentially set the already freed memory region to zero.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version you point to is 2.2.0. There's a different behaviour in current development:

mbedtls/library/ecp.c

Line 538 in f5b7082

void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )

Please see #5810 (comment) for more details.

mbedtls_ecp_group_init( grp );

grp->id = id;

switch( id )
Expand Down
53 changes: 53 additions & 0 deletions tests/suites/test_suite_ecp.data
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -890,3 +890,56 @@ ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf906917
ECP export key parameters #2 (invalid group)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:1

ECP check order for SECP192R1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"

ECP check order for SECP224R1
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP224R1:"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"

ECP check order for SECP256R1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP256R1:"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"

ECP check order for SECP384R1
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP384R1:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"

ECP check order for SECP521R1
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP521R1:"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"

ECP check order for BP256R1
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_BP256R1:"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"

ECP check order for BP384R1
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_BP384R1:"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565"

ECP check order for BP512R1
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_BP512R1:"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"

ECP check order for CURVE25519
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_CURVE25519:"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"

ECP check order for SECP192K1
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP192K1:"fffffffffffffffffffffffe26f2fc170f69466a74defd8d"

ECP check order for SECP224K1
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP224K1:"10000000000000000000000000001dce8d2ec6184caf0a971769fb1f7"

ECP check order for SECP256K1
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_SECP256K1:"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"

ECP check order for CURVE448
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_CURVE448:"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3"

24 changes: 24 additions & 0 deletions tests/suites/test_suite_ecp.function
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1063,3 +1063,27 @@ exit:
mbedtls_ecp_point_free( &export_Q );
}
/* END_CASE */

/* BEGIN_CASE */
void ecp_check_order( int id, char * expected_order_hex )
{
mbedtls_ecp_group grp;
mbedtls_mpi expected_n;

mbedtls_ecp_group_init( &grp );
mbedtls_mpi_init( &expected_n );

TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &expected_n, 16, expected_order_hex ) == 0);

// check sign bits are well-formed (i.e. 1 or -1) - see #5810
TEST_ASSERT( grp.N.s == -1 || grp.N.s == 1);
TEST_ASSERT( expected_n.s == -1 || expected_n.s == 1);

TEST_ASSERT( mbedtls_mpi_cmp_mpi( &grp.N, &expected_n ) == 0 );

exit:
mbedtls_ecp_group_free( &grp );
mbedtls_mpi_free( &expected_n );
}
/* END_CASE */