From e27738308cfb45d34e9a91335e65b12d7d6dde2e Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 21 May 2024 16:05:52 +0000 Subject: [PATCH] Merge mbedtls_mpi_core_sub() constant time testing and functional testing Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_bignum_core.function | 53 ++++++++----------- tests/suites/test_suite_bignum_core.misc.data | 6 --- 2 files changed, 23 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 61eeaf5451..1bb1ab06a4 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -660,31 +660,54 @@ void mpi_core_sub(char *input_A, char *input_B, memcpy(b, B.p, B.n * sizeof(mbedtls_mpi_uint)); memcpy(x, X.p, X.n * sizeof(mbedtls_mpi_uint)); + TEST_CF_SECRET(a, bytes); + TEST_CF_SECRET(b, bytes); + /* 1a) r = a - b => we should get the correct carry */ TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, b, limbs)); + TEST_CF_PUBLIC(a, bytes); + TEST_CF_PUBLIC(b, bytes); + TEST_CF_PUBLIC(r, bytes); + /* 1b) r = a - b => we should get the correct result */ TEST_MEMORY_COMPARE(r, bytes, x, bytes); /* 2 and 3 test "r may be aliased to a or b" */ /* 2a) r = a; r -= b => we should get the correct carry (use r to avoid clobbering a) */ memcpy(r, a, bytes); + + TEST_CF_SECRET(r, bytes); + TEST_CF_SECRET(b, bytes); + TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, b, limbs)); + TEST_CF_PUBLIC(r, bytes); + TEST_CF_PUBLIC(b, bytes); + /* 2b) r -= b => we should get the correct result */ TEST_MEMORY_COMPARE(r, bytes, x, bytes); /* 3a) r = b; r = a - r => we should get the correct carry (use r to avoid clobbering b) */ memcpy(r, b, bytes); + + TEST_CF_SECRET(r, bytes); + TEST_CF_SECRET(a, bytes); + TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, r, limbs)); + TEST_CF_PUBLIC(r, bytes); + TEST_CF_PUBLIC(a, bytes); + /* 3b) r = a - b => we should get the correct result */ TEST_MEMORY_COMPARE(r, bytes, x, bytes); /* 4 tests "r may be aliased to [...] both" */ if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) { memcpy(r, b, bytes); + TEST_CF_SECRET(r, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, r, limbs)); + TEST_CF_PUBLIC(r, bytes); TEST_MEMORY_COMPARE(r, bytes, x, bytes); } @@ -1317,33 +1340,3 @@ exit: mbedtls_free(X); } /* END_CASE */ - -/* BEGIN_CASE */ -void mpi_core_check_sub_ct(char *input_A, char *input_B, int exp_ret) -{ - mbedtls_mpi_uint *A = NULL; - mbedtls_mpi_uint *B = NULL; - mbedtls_mpi_uint *X = NULL; - size_t A_limbs, B_limbs; - int ret; - - TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &A_limbs, input_A)); - TEST_EQUAL(0, mbedtls_test_read_mpi_core(&B, &B_limbs, input_B)); - - TEST_EQUAL(A_limbs, B_limbs); - - size_t limbs = A_limbs; - TEST_CALLOC(X, limbs); - - TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint)); - TEST_CF_SECRET(B, B_limbs * sizeof(mbedtls_mpi_uint)); - - ret = mbedtls_mpi_core_sub(X, A, B, limbs); - TEST_EQUAL(ret, exp_ret); - -exit: - mbedtls_free(A); - mbedtls_free(B); - mbedtls_free(X); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_bignum_core.misc.data b/tests/suites/test_suite_bignum_core.misc.data index ccf375052e..ba86029977 100644 --- a/tests/suites/test_suite_bignum_core.misc.data +++ b/tests/suites/test_suite_bignum_core.misc.data @@ -523,9 +523,3 @@ mpi_core_clz:64:0 CLZ: 100000 0: skip overly long input mpi_core_clz:100000:0 - -Constant time Subtraction -mpi_core_check_sub_ct:"1234567890abcdef0":"10000000000000000":0 - -Constant time Subtraction #2 -mpi_core_check_sub_ct:"10000000000000000":"1234567890abcdef0":1