diff options
| author | nagendra modadugu <ngm@google.com> | 2016-06-29 02:32:50 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2016-06-29 21:32:24 -0700 |
| commit | 4f975788e198a38fb5412c72b64dba25d9f5d217 (patch) | |
| tree | 7b0529ba0063bc4931b89389f6cd0266f1be8573 | |
| parent | 6b0fd886119cc1758d0b327bd53c413a39153de2 (diff) | |
| download | chrome-ec-4f975788e198a38fb5412c72b64dba25d9f5d217.tar.gz | |
CR50: hardware based mod exp may need a final reduce
The modexp implementation occasionally produces
a result larger than the modulus, in which case a
single final reduce is required. The software
based implementation already has this check.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tpmtest.py passes
Change-Id: I0a830781e2a109963394d0702cbc2ca6457c410c
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/357010
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
| -rw-r--r-- | chip/g/dcrypto/bn.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/chip/g/dcrypto/bn.c b/chip/g/dcrypto/bn.c index 788393d96f..bff4f5b996 100644 --- a/chip/g/dcrypto/bn.c +++ b/chip/g/dcrypto/bn.c @@ -343,6 +343,10 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input, if (bn_bits(N) == 2048 || bn_bits(N) == 1024) { /* TODO(ngm): add hardware support for standard key sizes. */ bn_mont_modexp_asm(output, input, exp, N); + /* Final reduce. */ + /* TODO(ngm): constant time. */ + if (bn_sub(output, N)) + bn_add(output, N); return; } @@ -380,6 +384,7 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input, *output = acc; } + /* TODO(ngm): constant time. */ if (bn_sub(output, N)) bn_add(output, N); /* Final reduce. */ output->dmax = N->dmax; |