From e1d31c4aadac5f354a88117fd7d08412de60765f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 12 Sep 2022 16:25:24 +0200 Subject: [PATCH 01/39] Add conditional swap and assign function for MPI core Signed-off-by: Gabor Mezei --- library/bignum_core.c | 56 +++++++++++++++++++++++++++++++++++++ library/bignum_core.h | 64 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+) diff --git a/library/bignum_core.c b/library/bignum_core.c index c47292eec..6aa1e0006 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -25,6 +25,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" +#include "constant_time_internal.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -161,6 +162,61 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, } } +int mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, + size_t X_limbs, + const mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char assign ) +{ + if( X_limbs < Y_limbs ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + + if( X != NULL && Y != NULL ) + { + /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ + mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign ); + + mbedtls_ct_mpi_uint_cond_assign( X_limbs, X, Y, assign ); + + for( size_t i = Y_limbs; i < X_limbs; i++ ) + X[i] &= ~limb_mask; + + return( 0 ); + } + + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); +} + +int mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, + size_t X_limbs, + mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char swap ) +{ + if( X == Y ) + return( 0 ); + + if( X_limbs != Y_limbs ) + return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + + if( X != NULL && Y != NULL ) + { + /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ + mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( swap ); + + for( size_t i = 0; i < X_limbs; i++ ) + { + mbedtls_mpi_uint tmp = X[i]; + X[i] = ( X[i] & ~limb_mask ) | ( Y[i] & limb_mask ); + Y[i] = ( Y[i] & ~limb_mask ) | ( tmp & limb_mask ); + } + + return( 0 ); + } + + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); +} + int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, size_t X_limbs, const unsigned char *input, diff --git a/library/bignum_core.h b/library/bignum_core.h index 8e227f8d8..24650fe4c 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -74,6 +74,70 @@ size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t A_limbs ); void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, size_t A_limbs ); +/** + * \brief Perform a safe conditional copy of MPI which doesn't reveal whether + * the condition was true or not. + * + * \param[OUT] X The address of the first MPI. This must be initialized. + * \param X_limbs The number of limbs of \p X. + * \param[IN] Y The address of the second MPI. This must be initialized. + * \param Y_limbs The number of limbs of \p Y. + * \param assign The condition deciding whether to perform the + * assignment or not. Must be either 0 or 1: + * * \c 1: Perform the assignment `X = Y`. + * * \c 0: Keep the original value of \p X. + * + * \note This function avoids leaking any information about whether + * the assignment was done or not. + * + * \warning If \p assign is neither 0 nor 1, the result of this function + * is indeterminate, and the resulting value in \p X might be + * neither its original value nor the value in \p Y. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't + * large enough to hold the value in \p Y. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. + */ +int mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, + size_t X_limbs, + const mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char assign ); + +/** + * \brief Perform a safe conditional copy of MPI which doesn't reveal whether + * the condition was true or not. + * + * \param[IN,OUT] X The address of the first MPI. + * This must be initialized. + * \param X_limbs The number of limbs of \p X. + * \param[IN,OUT] Y The address of the second MPI. + * This must be initialized. + * \param Y_limbs The number of limbs of \p Y. + * \param swap The condition deciding whether to perform + * the swap or not. Must be either 0 or 1: + * * \c 1: Swap the values of \p X and \p Y. + * * \c 0: Keep the original values of \p X and \p Y. + * + * \note This function avoids leaking any information about whether + * the swap was done or not. + * + * \warning If \p swap is neither 0 nor 1, the result of this function + * is indeterminate, and both \p X and \p Y might end up with + * values different to either of the original ones. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the size of + * \p X and \p Y is differ. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. + */ +int mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, + size_t X_limbs, + mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char swap ); + /** Import X from unsigned binary data, little-endian. * * The MPI needs to have enough limbs to store the full value (including any From 12071d440309a2756cef2498d61b50eb5b9dcba1 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 12 Sep 2022 16:35:58 +0200 Subject: [PATCH 02/39] Add conditional assign and swap function for MPI modulus Signed-off-by: Gabor Mezei --- library/bignum_mod_raw.c | 18 +++++++++++++ library/bignum_mod_raw.h | 57 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 8c89b2cdf..f04354d4c 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -41,6 +41,24 @@ #include "bignum_mod.h" #include "constant_time_internal.h" +int mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char assign ) +{ + return mbedtls_mpi_core_cond_assign( X, m->limbs, + Y, m->limbs, assign ); +} + +int mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char swap ) +{ + return mbedtls_mpi_core_cond_swap( X, m->limbs, + Y, m->limbs, swap ); +} + int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, const unsigned char *input, diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 7b3a0c177..00ec921e6 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -33,6 +33,63 @@ #include "bignum_mod.h" +/** + * \brief Perform a safe conditional copy of MPI which doesn't reveal whether + * the condition was true or not. + * + * \param[OUT] X The address of the first MPI. This must be initialized. + * \param[IN] Y The address of the second MPI. This must be initialized. + * \param[IN] m The address of the modulus related to \p X and \p Y. + * \param assign The condition deciding whether to perform the + * assignment or not. Must be either 0 or 1: + * * \c 1: Perform the assignment `X = Y`. + * * \c 0: Keep the original value of \p X. + * + * \note This function avoids leaking any information about whether + * the assignment was done or not. + * + * \warning If \p assign is neither 0 nor 1, the result of this function + * is indeterminate, and the resulting value in \p X might be + * neither its original value nor the value in \p Y. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't + * large enough to hold the value in \p Y. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. + */ +int mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char assign ); + +/** + * \brief Perform a safe conditional copy of MPI which doesn't reveal whether + * the condition was true or not. + * + * \param[IN,OUT] X The address of the first MPI. This must be initialized. + * \param[IN,OUT] Y The address of the second MPI. This must be initialized. + * \param[IN] m The address of the modulus related to \p X and \p Y. + * \param swap The condition deciding whether to perform + * the swap or not. Must be either 0 or 1: + * * \c 1: Swap the values of \p X and \p Y. + * * \c 0: Keep the original values of \p X and \p Y. + * + * \note This function avoids leaking any information about whether + * the swap was done or not. + * + * \warning If \p swap is neither 0 nor 1, the result of this function + * is indeterminate, and both \p X and \p Y might end up with + * values different to either of the original ones. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the size of + * \p X and \p Y is differ. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. + */int mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char swap ); + /** Import X from unsigned binary data. * * The MPI needs to have enough limbs to store the full value (including any From b27b1c5db0536496541d28b84c52de2a2852774b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 12 Sep 2022 16:36:48 +0200 Subject: [PATCH 03/39] Add tests for conditional assign and swap functions Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 102 +++++++++ tests/suites/test_suite_mpi.function | 320 +++++++++++++++++++++++++++ 2 files changed, 422 insertions(+) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 85812f508..124c8519b 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -681,6 +681,108 @@ mpi_core_lt_ct:"11FFFFFFFFFFFFFFFF":"FF1111111111111111":1 mbedtls_mpi_core_lt_ct: x>y (alternating limbs) mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 +mbedtls_mpi_core_cond_assign: same size, true condition +mpi_core_cond_assign:"FFFFFFFF":"11111111":1:0 + +mbedtls_mpi_core_cond_assign: same size, false condition +mpi_core_cond_assign:"FFFFFFFF":"11111111":0:0 + +mbedtls_mpi_core_cond_assign: target larger, true condition +mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":1:0 + +mbedtls_mpi_core_cond_assign: target larger, false condition +mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":0:0 + +#mbedtls_mpi_core_cond_assign: target smaller, true condition +#mpi_core_cond_assign:"FFFFFFFF":"111111112222222233333333":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +#mbedtls_mpi_core_cond_assign: target smaller, false condition +#mpi_core_cond_assign:"FFFFFFFF":"111111112222222233333333":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +#mbedtls_mpi_core_cond_assign: target invalid, true condition +#mpi_core_cond_assign:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_core_cond_assign: target invalid, false condition +#mpi_core_cond_assign:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_core_cond_assign: source invalid, true condition +#mpi_core_cond_assign:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_core_cond_assign: source invalid, false condition +#mpi_core_cond_assign:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_core_cond_swap: same value, true condition +mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":1:0 + +mbedtls_mpi_core_cond_swap: same size, true condition +mpi_core_cond_swap:"FFFFFFFF":"11111111":1:0 + +mbedtls_mpi_core_cond_swap: same size, false condition +mpi_core_cond_swap:"FFFFFFFF":"11111111":0:0 + +#mbedtls_mpi_core_cond_swap: first larger, true condition +#mpi_core_cond_swap:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +#mbedtls_mpi_core_cond_swap: first larger, false condition +#mpi_core_cond_swap:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +#mbedtls_mpi_core_cond_swap: first smaller, true condition +#mpi_core_cond_swap:"FFFFFFFF":"111111112222222233333333":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +#mbedtls_mpi_core_cond_swap: first smaller, false condition +#mpi_core_cond_swap:"FFFFFFFF":"111111112222222233333333":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +#mbedtls_mpi_core_cond_swap: first invalid, true condition +#mpi_core_cond_swap:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_core_cond_swap: first invalid, false condition +#mpi_core_cond_swap:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_core_cond_swap: second invalid, true condition +#mpi_core_cond_swap:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_core_cond_swap: second invalid, false condition +#mpi_core_cond_swap:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_raw_cond_assign: same size, true condition +mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":1:0 + +mbedtls_mpi_mod_raw_cond_assign: same size, false condition +mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":0:0 + +#mbedtls_mpi_mod_raw_cond_assign: target invalid, true condition +#mpi_mod_raw_cond_assign:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_mod_raw_cond_assign: target invalid, false condition +#mpi_mod_raw_cond_assign:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_mod_raw_cond_assign: source invalid, true condition +#mpi_mod_raw_cond_assign:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_mod_raw_cond_assign: source invalid, false condition +#mpi_mod_raw_cond_assign:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_raw_cond_swap: same value, true condition +mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":1:0 + +mbedtls_mpi_mod_raw_cond_swap: same size, true condition +mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":1:0 + +mbedtls_mpi_mod_raw_cond_swap: same size, false condition +mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":0:0 + +#mbedtls_mpi_mod_raw_cond_swap: first invalid, true condition +#mpi_mod_raw_cond_swap:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_mod_raw_cond_swap: first invalid, false condition +#mpi_mod_raw_cond_swap:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_mod_raw_cond_swap: second invalid, true condition +#mpi_mod_raw_cond_swap:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +#mbedtls_mpi_mod_raw_cond_swap: second invalid, false condition +#mpi_mod_raw_cond_swap:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Base test mbedtls_mpi_lt_mpi_ct #1 mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index ff2eaac4b..b8c786424 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -763,6 +763,326 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mpi_core_cond_assign( data_t * input_X, + data_t * input_Y, + int cond, + int input_ret ) +{ + #define MAX_LEN 64 + mbedtls_mpi_uint buff_X[MAX_LEN]; + mbedtls_mpi_uint buff_Y[MAX_LEN]; + mbedtls_mpi_uint *X = buff_X; + mbedtls_mpi_uint *Y = buff_Y; + unsigned exp_ret = input_ret; + unsigned ret; + size_t len_X = CHARS_TO_LIMBS( input_X->len ); + size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + + TEST_ASSERT( len_X <= MAX_LEN ); + TEST_ASSERT( len_Y <= MAX_LEN ); + + if( len_X == 0 ) + { + X = NULL; + len_X = len_Y; + } + else + TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, input_X->x, input_X->len ) + == 0 ); + + if( len_Y == 0 ) + { + Y = NULL; + len_Y = len_X; + } + else + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, input_Y->x, input_Y->len ) + == 0 ); + + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ret = mbedtls_mpi_core_cond_assign( X, len_X, Y, len_Y, cond ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( &ret, sizeof( ret ) ); + + TEST_EQUAL( ret, exp_ret ); + + if( !ret ) + { + if( cond ) + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + else + TEST_ASSERT( memcmp( X, Y, len_X * sizeof( mbedtls_mpi_uint ) ) != 0 ); + } + +exit: + ; + + #undef MAX_LEN +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mpi_core_cond_swap( data_t * input_X, + data_t * input_Y, + int cond, + int input_ret ) +{ + #define MAX_LEN 64 + mbedtls_mpi_uint tmp_X[MAX_LEN]; + mbedtls_mpi_uint tmp_Y[MAX_LEN]; + mbedtls_mpi_uint buff_X[MAX_LEN]; + mbedtls_mpi_uint buff_Y[MAX_LEN]; + mbedtls_mpi_uint *X = buff_X; + mbedtls_mpi_uint *Y = buff_Y; + unsigned exp_ret = input_ret; + unsigned ret; + size_t len_X = CHARS_TO_LIMBS( input_X->len ); + size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + + TEST_ASSERT( len_X <= MAX_LEN ); + TEST_ASSERT( len_Y <= MAX_LEN ); + + if( len_X == 0 ) + { + X = NULL; + len_X = len_Y; + } + else + { + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, + input_X->x, input_X->len ) + == 0 ); + memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + } + + if( len_Y == 0 ) + { + Y = NULL; + len_Y = len_X; + } + else + { + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, + input_Y->x, input_Y->len ) + == 0 ); + memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + } + + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ret = mbedtls_mpi_core_cond_swap( X, len_X, Y, len_Y, cond ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( &ret, sizeof( ret ) ); + + TEST_EQUAL( ret, exp_ret ); + + if( !ret ) + { + if( cond ) + { + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + } + + else + { + ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + } + } + +exit: + ; + + #undef MAX_LEN +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mpi_mod_raw_cond_assign( data_t * input_X, + data_t * input_Y, + int cond, + int input_ret ) +{ + #define MAX_LEN 64 + mbedtls_mpi_uint buff_X[MAX_LEN]; + mbedtls_mpi_uint buff_Y[MAX_LEN]; + mbedtls_mpi_uint buff_m[MAX_LEN]; + mbedtls_mpi_uint *X = buff_X; + mbedtls_mpi_uint *Y = buff_Y; + mbedtls_mpi_mod_modulus m; + unsigned exp_ret = input_ret; + unsigned ret; + size_t len_X = CHARS_TO_LIMBS( input_X->len ); + size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + + TEST_ASSERT( len_X <= MAX_LEN ); + TEST_ASSERT( len_Y <= MAX_LEN ); + + memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); + mbedtls_mpi_mod_modulus_init( &m ); + TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( + &m, buff_m, + len_X <= len_Y ? len_X : len_Y, + MBEDTLS_MPI_MOD_EXT_REP_BE, + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) + == 0 ); + + if( len_X == 0 ) + { + X = NULL; + len_X = len_Y; + } + else + TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, + input_X->x, input_X->len ) + == 0 ); + + if( len_Y == 0 ) + { + Y = NULL; + len_Y = len_X; + } + else + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, + input_Y->x, input_Y->len ) + == 0 ); + + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ret = mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, cond ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( &ret, sizeof( ret ) ); + + TEST_EQUAL( ret, exp_ret ); + + if( !ret ) + { + if( cond ) + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + else + TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); + } + +exit: + ; + + #undef MAX_LEN +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mpi_mod_raw_cond_swap( data_t * input_X, + data_t * input_Y, + int cond, + int input_ret ) +{ + #define MAX_LEN 64 + mbedtls_mpi_uint tmp_X[MAX_LEN]; + mbedtls_mpi_uint tmp_Y[MAX_LEN]; + mbedtls_mpi_uint buff_X[MAX_LEN]; + mbedtls_mpi_uint buff_Y[MAX_LEN]; + mbedtls_mpi_uint buff_m[MAX_LEN]; + mbedtls_mpi_uint *X = buff_X; + mbedtls_mpi_uint *Y = buff_Y; + mbedtls_mpi_mod_modulus m; + unsigned exp_ret = input_ret; + unsigned ret; + size_t len_X = CHARS_TO_LIMBS( input_X->len ); + size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + + TEST_ASSERT( len_X <= MAX_LEN ); + TEST_ASSERT( len_Y <= MAX_LEN ); + + memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); + mbedtls_mpi_mod_modulus_init( &m ); + TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( + &m, buff_m, + len_X <= len_Y ? len_X : len_Y, + MBEDTLS_MPI_MOD_EXT_REP_BE, + MBEDTLS_MPI_MOD_REP_MONTGOMERY ) + == 0 ); + + if( len_X == 0 ) + { + X = NULL; + len_X = len_Y; + } + else + { + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, input_X->x, input_X->len ) + == 0 ); + memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + } + + if( len_Y == 0 ) + { + Y = NULL; + len_Y = len_X; + } + else + { + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, input_Y->x, input_Y->len ) + == 0 ); + memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + } + + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ret = mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, cond ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( &ret, sizeof( ret ) ); + + TEST_EQUAL( ret, exp_ret ); + + if( !ret ) + { + if( cond ) + { + ASSERT_COMPARE( X, m.limbs * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, m.limbs * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + } + + else + { + ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, m.limbs * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, m.limbs * sizeof( mbedtls_mpi_uint ) ); + } + } + +exit: + ; + + #undef MAX_LEN +} +/* END_CASE */ + /* BEGIN_CASE */ void mpi_lt_mpi_ct( int size_X, char * input_X, int size_Y, char * input_Y, From 9f6615f146fd94c0b140649255ed797f5845c528 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 15 Sep 2022 19:12:06 +0200 Subject: [PATCH 04/39] Remove argument checking from constant time functions Signed-off-by: Gabor Mezei --- library/bignum_core.c | 65 ++++++++++++++----------------------------- library/bignum_core.h | 30 +++++++------------- 2 files changed, 31 insertions(+), 64 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 6aa1e0006..9adc4effb 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -162,59 +162,36 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, } } -int mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - size_t X_limbs, - const mbedtls_mpi_uint *Y, - size_t Y_limbs, - unsigned char assign ) +void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, + size_t X_limbs, + const mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char assign ) { - if( X_limbs < Y_limbs ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ + mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign ); - if( X != NULL && Y != NULL ) - { - /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign ); + mbedtls_ct_mpi_uint_cond_assign( Y_limbs, X, Y, assign ); - mbedtls_ct_mpi_uint_cond_assign( X_limbs, X, Y, assign ); - - for( size_t i = Y_limbs; i < X_limbs; i++ ) - X[i] &= ~limb_mask; - - return( 0 ); - } - - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + for( size_t i = Y_limbs; i < X_limbs; i++ ) + X[i] &= ~limb_mask; } -int mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, - size_t X_limbs, - mbedtls_mpi_uint *Y, - size_t Y_limbs, - unsigned char swap ) +void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, + size_t X_limbs, + mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char swap ) { - if( X == Y ) - return( 0 ); + /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ + mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( swap ); - if( X_limbs != Y_limbs ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - - if( X != NULL && Y != NULL ) + for( size_t i = 0; i < X_limbs; i++ ) { - /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ - mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( swap ); - - for( size_t i = 0; i < X_limbs; i++ ) - { - mbedtls_mpi_uint tmp = X[i]; - X[i] = ( X[i] & ~limb_mask ) | ( Y[i] & limb_mask ); - Y[i] = ( Y[i] & ~limb_mask ) | ( tmp & limb_mask ); - } - - return( 0 ); + mbedtls_mpi_uint tmp = X[i]; + X[i] = ( X[i] & ~limb_mask ) | ( Y[i] & limb_mask ); + Y[i] = ( Y[i] & ~limb_mask ) | ( tmp & limb_mask ); } - - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); } int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X, diff --git a/library/bignum_core.h b/library/bignum_core.h index 24650fe4c..a538ece0f 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -93,17 +93,12 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * \warning If \p assign is neither 0 nor 1, the result of this function * is indeterminate, and the resulting value in \p X might be * neither its original value nor the value in \p Y. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't - * large enough to hold the value in \p Y. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. */ -int mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - size_t X_limbs, - const mbedtls_mpi_uint *Y, - size_t Y_limbs, - unsigned char assign ); +void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, + size_t X_limbs, + const mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char assign ); /** * \brief Perform a safe conditional copy of MPI which doesn't reveal whether @@ -126,17 +121,12 @@ int mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, * \warning If \p swap is neither 0 nor 1, the result of this function * is indeterminate, and both \p X and \p Y might end up with * values different to either of the original ones. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the size of - * \p X and \p Y is differ. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. */ -int mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, - size_t X_limbs, - mbedtls_mpi_uint *Y, - size_t Y_limbs, - unsigned char swap ); +void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, + size_t X_limbs, + mbedtls_mpi_uint *Y, + size_t Y_limbs, + unsigned char swap ); /** Import X from unsigned binary data, little-endian. * From 24d183aa0017956427f9f4e7e96d38dd7b514520 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 15 Sep 2022 19:15:38 +0200 Subject: [PATCH 05/39] Use the new swap and assign function in the old interface Signed-off-by: Gabor Mezei --- library/constant_time.c | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 8980701e5..3f324ec01 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -678,22 +678,14 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, unsigned char assign ) { int ret = 0; - size_t i; - mbedtls_mpi_uint limb_mask; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( Y != NULL ); - /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - limb_mask = mbedtls_ct_mpi_uint_mask( assign );; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s ); - mbedtls_ct_mpi_uint_cond_assign( Y->n, X->p, Y->p, assign ); - - for( i = Y->n; i < X->n; i++ ) - X->p[i] &= ~limb_mask; + mbedtls_mpi_core_cond_assign( X->p, X->n, Y->p, Y->n, assign ); cleanup: return( ret ); @@ -710,18 +702,12 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, unsigned char swap ) { int ret, s; - size_t i; - mbedtls_mpi_uint limb_mask; - mbedtls_mpi_uint tmp; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( Y != NULL ); if( X == Y ) return( 0 ); - /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ - limb_mask = mbedtls_ct_mpi_uint_mask( swap ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) ); @@ -729,13 +715,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, X->s = mbedtls_ct_cond_select_sign( swap, Y->s, X->s ); Y->s = mbedtls_ct_cond_select_sign( swap, s, Y->s ); - - for( i = 0; i < X->n; i++ ) - { - tmp = X->p[i]; - X->p[i] = ( X->p[i] & ~limb_mask ) | ( Y->p[i] & limb_mask ); - Y->p[i] = ( Y->p[i] & ~limb_mask ) | ( tmp & limb_mask ); - } + mbedtls_mpi_core_cond_swap( X->p, X->n, Y->p, Y->n, swap ); cleanup: return( ret ); From 63c3282ec473a76fa7d3d65bc8d57e1fe9022873 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 15 Sep 2022 20:01:31 +0200 Subject: [PATCH 06/39] Remove retrun code from mod_raw_cond_assign/swap Signed-off-by: Gabor Mezei --- library/bignum_mod_raw.c | 24 ++++++++++++------------ library/bignum_mod_raw.h | 27 +++++++++------------------ 2 files changed, 21 insertions(+), 30 deletions(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index f04354d4c..60ff9bbed 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -41,22 +41,22 @@ #include "bignum_mod.h" #include "constant_time_internal.h" -int mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, - const mbedtls_mpi_mod_modulus *m, - unsigned char assign ) +void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char assign ) { - return mbedtls_mpi_core_cond_assign( X, m->limbs, - Y, m->limbs, assign ); + mbedtls_mpi_core_cond_assign( X, m->limbs, + Y, m->limbs, assign ); } -int mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, - const mbedtls_mpi_mod_modulus *m, - unsigned char swap ) +void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char swap ) { - return mbedtls_mpi_core_cond_swap( X, m->limbs, - Y, m->limbs, swap ); + mbedtls_mpi_core_cond_swap( X, m->limbs, + Y, m->limbs, swap ); } int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 00ec921e6..bdd2eada9 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -51,16 +51,11 @@ * \warning If \p assign is neither 0 nor 1, the result of this function * is indeterminate, and the resulting value in \p X might be * neither its original value nor the value in \p Y. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't - * large enough to hold the value in \p Y. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. */ -int mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, - const mbedtls_mpi_mod_modulus *m, - unsigned char assign ); +void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char assign ); /** * \brief Perform a safe conditional copy of MPI which doesn't reveal whether @@ -80,15 +75,11 @@ int mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, * \warning If \p swap is neither 0 nor 1, the result of this function * is indeterminate, and both \p X and \p Y might end up with * values different to either of the original ones. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the size of - * \p X and \p Y is differ. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid. - */int mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, - const mbedtls_mpi_mod_modulus *m, - unsigned char swap ); + */ +void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *m, + unsigned char swap ); /** Import X from unsigned binary data. * From 87638a9eadec3b768cce3d78bf00fadf4a7498c3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 15 Sep 2022 20:02:36 +0200 Subject: [PATCH 07/39] Add missing include Signed-off-by: Gabor Mezei --- library/constant_time.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/constant_time.c b/library/constant_time.c index 3f324ec01..09a86cdf2 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -30,6 +30,7 @@ #if defined(MBEDTLS_BIGNUM_C) #include "mbedtls/bignum.h" +#include "bignum_core.h" #endif #if defined(MBEDTLS_SSL_TLS_C) From 53e455db7b052082bb325a670a4b9bd3f57f07bd Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 15 Sep 2022 20:13:53 +0200 Subject: [PATCH 08/39] Remove return value checking from test functions of assign and swap Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 90 +++----------------- tests/suites/test_suite_mpi.function | 120 ++++++++++----------------- 2 files changed, 54 insertions(+), 156 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 124c8519b..a4cd07a23 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -682,106 +682,40 @@ mbedtls_mpi_core_lt_ct: x>y (alternating limbs) mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 mbedtls_mpi_core_cond_assign: same size, true condition -mpi_core_cond_assign:"FFFFFFFF":"11111111":1:0 +mpi_core_cond_assign:"FFFFFFFF":"11111111":1 mbedtls_mpi_core_cond_assign: same size, false condition -mpi_core_cond_assign:"FFFFFFFF":"11111111":0:0 +mpi_core_cond_assign:"FFFFFFFF":"11111111":0 mbedtls_mpi_core_cond_assign: target larger, true condition -mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":1:0 +mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":1 mbedtls_mpi_core_cond_assign: target larger, false condition -mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":0:0 - -#mbedtls_mpi_core_cond_assign: target smaller, true condition -#mpi_core_cond_assign:"FFFFFFFF":"111111112222222233333333":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL - -#mbedtls_mpi_core_cond_assign: target smaller, false condition -#mpi_core_cond_assign:"FFFFFFFF":"111111112222222233333333":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL - -#mbedtls_mpi_core_cond_assign: target invalid, true condition -#mpi_core_cond_assign:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_core_cond_assign: target invalid, false condition -#mpi_core_cond_assign:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_core_cond_assign: source invalid, true condition -#mpi_core_cond_assign:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_core_cond_assign: source invalid, false condition -#mpi_core_cond_assign:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":0 mbedtls_mpi_core_cond_swap: same value, true condition -mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":1:0 +mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":1 mbedtls_mpi_core_cond_swap: same size, true condition -mpi_core_cond_swap:"FFFFFFFF":"11111111":1:0 +mpi_core_cond_swap:"FFFFFFFF":"11111111":1 mbedtls_mpi_core_cond_swap: same size, false condition -mpi_core_cond_swap:"FFFFFFFF":"11111111":0:0 - -#mbedtls_mpi_core_cond_swap: first larger, true condition -#mpi_core_cond_swap:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL - -#mbedtls_mpi_core_cond_swap: first larger, false condition -#mpi_core_cond_swap:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL - -#mbedtls_mpi_core_cond_swap: first smaller, true condition -#mpi_core_cond_swap:"FFFFFFFF":"111111112222222233333333":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL - -#mbedtls_mpi_core_cond_swap: first smaller, false condition -#mpi_core_cond_swap:"FFFFFFFF":"111111112222222233333333":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL - -#mbedtls_mpi_core_cond_swap: first invalid, true condition -#mpi_core_cond_swap:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_core_cond_swap: first invalid, false condition -#mpi_core_cond_swap:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_core_cond_swap: second invalid, true condition -#mpi_core_cond_swap:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_core_cond_swap: second invalid, false condition -#mpi_core_cond_swap:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mpi_core_cond_swap:"FFFFFFFF":"11111111":0 mbedtls_mpi_mod_raw_cond_assign: same size, true condition -mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":1:0 +mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":1 mbedtls_mpi_mod_raw_cond_assign: same size, false condition -mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":0:0 - -#mbedtls_mpi_mod_raw_cond_assign: target invalid, true condition -#mpi_mod_raw_cond_assign:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_mod_raw_cond_assign: target invalid, false condition -#mpi_mod_raw_cond_assign:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_mod_raw_cond_assign: source invalid, true condition -#mpi_mod_raw_cond_assign:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_mod_raw_cond_assign: source invalid, false condition -#mpi_mod_raw_cond_assign:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":0 mbedtls_mpi_mod_raw_cond_swap: same value, true condition -mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":1:0 +mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":1 mbedtls_mpi_mod_raw_cond_swap: same size, true condition -mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":1:0 +mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":1 mbedtls_mpi_mod_raw_cond_swap: same size, false condition -mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":0:0 - -#mbedtls_mpi_mod_raw_cond_swap: first invalid, true condition -#mpi_mod_raw_cond_swap:"":"11111111":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_mod_raw_cond_swap: first invalid, false condition -#mpi_mod_raw_cond_swap:"":"11111111":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_mod_raw_cond_swap: second invalid, true condition -#mpi_mod_raw_cond_swap:"FFFFFFFF":"":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - -#mbedtls_mpi_mod_raw_cond_swap: second invalid, false condition -#mpi_mod_raw_cond_swap:"FFFFFFFF":"":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":0 Base test mbedtls_mpi_lt_mpi_ct #1 mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index b8c786424..d6769de5b 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -766,16 +766,13 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_assign( data_t * input_X, data_t * input_Y, - int cond, - int input_ret ) + int cond ) { #define MAX_LEN 64 mbedtls_mpi_uint buff_X[MAX_LEN]; mbedtls_mpi_uint buff_Y[MAX_LEN]; mbedtls_mpi_uint *X = buff_X; mbedtls_mpi_uint *Y = buff_Y; - unsigned exp_ret = input_ret; - unsigned ret; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); @@ -803,23 +800,17 @@ void mpi_core_cond_assign( data_t * input_X, TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ret = mbedtls_mpi_core_cond_assign( X, len_X, Y, len_Y, cond ); + mbedtls_mpi_core_cond_assign( X, len_X, Y, len_Y, cond ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( &ret, sizeof( ret ) ); - TEST_EQUAL( ret, exp_ret ); + if( cond ) + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - if( !ret ) - { - if( cond ) - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - - else - TEST_ASSERT( memcmp( X, Y, len_X * sizeof( mbedtls_mpi_uint ) ) != 0 ); - } + else + TEST_ASSERT( memcmp( X, Y, len_X * sizeof( mbedtls_mpi_uint ) ) != 0 ); exit: ; @@ -831,8 +822,7 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_swap( data_t * input_X, data_t * input_Y, - int cond, - int input_ret ) + int cond ) { #define MAX_LEN 64 mbedtls_mpi_uint tmp_X[MAX_LEN]; @@ -841,8 +831,6 @@ void mpi_core_cond_swap( data_t * input_X, mbedtls_mpi_uint buff_Y[MAX_LEN]; mbedtls_mpi_uint *X = buff_X; mbedtls_mpi_uint *Y = buff_Y; - unsigned exp_ret = input_ret; - unsigned ret; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); @@ -878,31 +866,25 @@ void mpi_core_cond_swap( data_t * input_X, TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ret = mbedtls_mpi_core_cond_swap( X, len_X, Y, len_Y, cond ); + mbedtls_mpi_core_cond_swap( X, len_X, Y, len_Y, cond ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( &ret, sizeof( ret ) ); - TEST_EQUAL( ret, exp_ret ); - - if( !ret ) + if( cond ) { - if( cond ) - { - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - } + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + } - else - { - ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - } + else + { + ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); } exit: @@ -915,8 +897,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_assign( data_t * input_X, data_t * input_Y, - int cond, - int input_ret ) + int cond ) { #define MAX_LEN 64 mbedtls_mpi_uint buff_X[MAX_LEN]; @@ -925,8 +906,6 @@ void mpi_mod_raw_cond_assign( data_t * input_X, mbedtls_mpi_uint *X = buff_X; mbedtls_mpi_uint *Y = buff_Y; mbedtls_mpi_mod_modulus m; - unsigned exp_ret = input_ret; - unsigned ret; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); @@ -965,23 +944,17 @@ void mpi_mod_raw_cond_assign( data_t * input_X, TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ret = mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, cond ); + mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, cond ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( &ret, sizeof( ret ) ); - TEST_EQUAL( ret, exp_ret ); + if( cond ) + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - if( !ret ) - { - if( cond ) - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - - else - TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); - } + else + TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); exit: ; @@ -993,8 +966,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_swap( data_t * input_X, data_t * input_Y, - int cond, - int input_ret ) + int cond ) { #define MAX_LEN 64 mbedtls_mpi_uint tmp_X[MAX_LEN]; @@ -1005,8 +977,6 @@ void mpi_mod_raw_cond_swap( data_t * input_X, mbedtls_mpi_uint *X = buff_X; mbedtls_mpi_uint *Y = buff_Y; mbedtls_mpi_mod_modulus m; - unsigned exp_ret = input_ret; - unsigned ret; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); @@ -1049,31 +1019,25 @@ void mpi_mod_raw_cond_swap( data_t * input_X, TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ret = mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, cond ); + mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, cond ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( &ret, sizeof( ret ) ); - TEST_EQUAL( ret, exp_ret ); - - if( !ret ) + if( cond ) { - if( cond ) - { - ASSERT_COMPARE( X, m.limbs * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, m.limbs * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - } + ASSERT_COMPARE( X, m.limbs * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, m.limbs * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + } - else - { - ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, m.limbs * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, m.limbs * sizeof( mbedtls_mpi_uint ) ); - } + else + { + ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, m.limbs * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, m.limbs * sizeof( mbedtls_mpi_uint ) ); } exit: From cfc0eb8d22b1df506dfeda5d5c3f0433b3c67c3a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 15 Sep 2022 20:15:34 +0200 Subject: [PATCH 09/39] Remove unused parameter Signed-off-by: Gabor Mezei --- library/bignum_core.c | 5 ++--- library/bignum_core.h | 3 +-- library/bignum_mod_raw.c | 3 +-- library/constant_time.c | 2 +- tests/suites/test_suite_mpi.function | 2 +- 5 files changed, 6 insertions(+), 9 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 9adc4effb..7074a0962 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -178,15 +178,14 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, } void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, - size_t X_limbs, mbedtls_mpi_uint *Y, - size_t Y_limbs, + size_t limbs, unsigned char swap ) { /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( swap ); - for( size_t i = 0; i < X_limbs; i++ ) + for( size_t i = 0; i < limbs; i++ ) { mbedtls_mpi_uint tmp = X[i]; X[i] = ( X[i] & ~limb_mask ) | ( Y[i] & limb_mask ); diff --git a/library/bignum_core.h b/library/bignum_core.h index a538ece0f..779fb08d9 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -123,9 +123,8 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, * values different to either of the original ones. */ void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, - size_t X_limbs, mbedtls_mpi_uint *Y, - size_t Y_limbs, + size_t limbs, unsigned char swap ); /** Import X from unsigned binary data, little-endian. diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 60ff9bbed..bb4a37a1a 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -55,8 +55,7 @@ void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, unsigned char swap ) { - mbedtls_mpi_core_cond_swap( X, m->limbs, - Y, m->limbs, swap ); + mbedtls_mpi_core_cond_swap( X, Y, m->limbs, swap ); } int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, diff --git a/library/constant_time.c b/library/constant_time.c index 09a86cdf2..7bf67f432 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -716,7 +716,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, X->s = mbedtls_ct_cond_select_sign( swap, Y->s, X->s ); Y->s = mbedtls_ct_cond_select_sign( swap, s, Y->s ); - mbedtls_mpi_core_cond_swap( X->p, X->n, Y->p, Y->n, swap ); + mbedtls_mpi_core_cond_swap( X->p, Y->p, X->n, swap ); cleanup: return( ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index d6769de5b..4f5b69d28 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -866,7 +866,7 @@ void mpi_core_cond_swap( data_t * input_X, TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - mbedtls_mpi_core_cond_swap( X, len_X, Y, len_Y, cond ); + mbedtls_mpi_core_cond_swap( X, Y, len_X, cond ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); From f4dd3b6a6d6b86eb39c2114c25df602d1c04f846 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 16 Sep 2022 09:38:53 +0200 Subject: [PATCH 10/39] Fix documentation Signed-off-by: Gabor Mezei --- library/bignum_core.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 779fb08d9..cb932388e 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -106,10 +106,9 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, * * \param[IN,OUT] X The address of the first MPI. * This must be initialized. - * \param X_limbs The number of limbs of \p X. * \param[IN,OUT] Y The address of the second MPI. * This must be initialized. - * \param Y_limbs The number of limbs of \p Y. + * \param limbs The number of limbs of \p Y and \p X. * \param swap The condition deciding whether to perform * the swap or not. Must be either 0 or 1: * * \c 1: Swap the values of \p X and \p Y. From b2763ef50755ed454d7ffb139872aa1f11f6f736 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 16 Sep 2022 17:14:22 +0200 Subject: [PATCH 11/39] Do not read uninitialized memory Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 4f5b69d28..6b3f8318e 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -810,7 +810,8 @@ void mpi_core_cond_assign( data_t * input_X, Y, len_Y * sizeof( mbedtls_mpi_uint ) ); else - TEST_ASSERT( memcmp( X, Y, len_X * sizeof( mbedtls_mpi_uint ) ) != 0 ); + TEST_ASSERT( memcmp( X, Y, MIN( len_X, len_Y ) * + sizeof( mbedtls_mpi_uint ) ) != 0 ); exit: ; From 027d6964345c2a84ac0fe82d6b38b521b9a2610c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 16 Sep 2022 17:16:27 +0200 Subject: [PATCH 12/39] Remove unused code Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 128 +++++++-------------------- 1 file changed, 32 insertions(+), 96 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 6b3f8318e..1bb54e10c 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -769,33 +769,19 @@ void mpi_core_cond_assign( data_t * input_X, int cond ) { #define MAX_LEN 64 - mbedtls_mpi_uint buff_X[MAX_LEN]; - mbedtls_mpi_uint buff_Y[MAX_LEN]; - mbedtls_mpi_uint *X = buff_X; - mbedtls_mpi_uint *Y = buff_Y; + mbedtls_mpi_uint X[MAX_LEN]; + mbedtls_mpi_uint Y[MAX_LEN]; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); TEST_ASSERT( len_X <= MAX_LEN ); TEST_ASSERT( len_Y <= MAX_LEN ); - if( len_X == 0 ) - { - X = NULL; - len_X = len_Y; - } - else - TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, input_X->x, input_X->len ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, input_X->x, input_X->len ) + == 0 ); - if( len_Y == 0 ) - { - Y = NULL; - len_Y = len_X; - } - else - TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, input_Y->x, input_Y->len ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, input_Y->x, input_Y->len ) + == 0 ); TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); @@ -828,41 +814,23 @@ void mpi_core_cond_swap( data_t * input_X, #define MAX_LEN 64 mbedtls_mpi_uint tmp_X[MAX_LEN]; mbedtls_mpi_uint tmp_Y[MAX_LEN]; - mbedtls_mpi_uint buff_X[MAX_LEN]; - mbedtls_mpi_uint buff_Y[MAX_LEN]; - mbedtls_mpi_uint *X = buff_X; - mbedtls_mpi_uint *Y = buff_Y; + mbedtls_mpi_uint X[MAX_LEN]; + mbedtls_mpi_uint Y[MAX_LEN]; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); TEST_ASSERT( len_X <= MAX_LEN ); TEST_ASSERT( len_Y <= MAX_LEN ); - if( len_X == 0 ) - { - X = NULL; - len_X = len_Y; - } - else - { - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, - input_X->x, input_X->len ) - == 0 ); - memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - } + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, + input_X->x, input_X->len ) + == 0 ); + memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - if( len_Y == 0 ) - { - Y = NULL; - len_Y = len_X; - } - else - { - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, - input_Y->x, input_Y->len ) - == 0 ); - memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - } + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, + input_Y->x, input_Y->len ) + == 0 ); + memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); @@ -901,11 +869,9 @@ void mpi_mod_raw_cond_assign( data_t * input_X, int cond ) { #define MAX_LEN 64 - mbedtls_mpi_uint buff_X[MAX_LEN]; - mbedtls_mpi_uint buff_Y[MAX_LEN]; + mbedtls_mpi_uint X[MAX_LEN]; + mbedtls_mpi_uint Y[MAX_LEN]; mbedtls_mpi_uint buff_m[MAX_LEN]; - mbedtls_mpi_uint *X = buff_X; - mbedtls_mpi_uint *Y = buff_Y; mbedtls_mpi_mod_modulus m; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); @@ -922,25 +888,13 @@ void mpi_mod_raw_cond_assign( data_t * input_X, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); - if( len_X == 0 ) - { - X = NULL; - len_X = len_Y; - } - else - TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, - input_X->x, input_X->len ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, + input_X->x, input_X->len ) + == 0 ); - if( len_Y == 0 ) - { - Y = NULL; - len_Y = len_X; - } - else - TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, - input_Y->x, input_Y->len ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, + input_Y->x, input_Y->len ) + == 0 ); TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); @@ -972,11 +926,9 @@ void mpi_mod_raw_cond_swap( data_t * input_X, #define MAX_LEN 64 mbedtls_mpi_uint tmp_X[MAX_LEN]; mbedtls_mpi_uint tmp_Y[MAX_LEN]; - mbedtls_mpi_uint buff_X[MAX_LEN]; - mbedtls_mpi_uint buff_Y[MAX_LEN]; + mbedtls_mpi_uint X[MAX_LEN]; + mbedtls_mpi_uint Y[MAX_LEN]; mbedtls_mpi_uint buff_m[MAX_LEN]; - mbedtls_mpi_uint *X = buff_X; - mbedtls_mpi_uint *Y = buff_Y; mbedtls_mpi_mod_modulus m; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); @@ -993,29 +945,13 @@ void mpi_mod_raw_cond_swap( data_t * input_X, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); - if( len_X == 0 ) - { - X = NULL; - len_X = len_Y; - } - else - { - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, input_X->x, input_X->len ) - == 0 ); - memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - } + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, input_X->x, input_X->len ) + == 0 ); + memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - if( len_Y == 0 ) - { - Y = NULL; - len_Y = len_X; - } - else - { - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, input_Y->x, input_Y->len ) - == 0 ); - memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - } + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, input_Y->x, input_Y->len ) + == 0 ); + memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); From 2b5bf4cec7166e126b5f68bb1c2bafa8973ea2d2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 26 Sep 2022 17:09:58 +0200 Subject: [PATCH 13/39] Fix doumentation Signed-off-by: Gabor Mezei --- library/bignum_core.h | 2 +- library/bignum_mod_raw.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index cb932388e..d8951486c 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -101,7 +101,7 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, unsigned char assign ); /** - * \brief Perform a safe conditional copy of MPI which doesn't reveal whether + * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * * \param[IN,OUT] X The address of the first MPI. diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index bdd2eada9..82a8ce851 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -58,7 +58,7 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, unsigned char assign ); /** - * \brief Perform a safe conditional copy of MPI which doesn't reveal whether + * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * * \param[IN,OUT] X The address of the first MPI. This must be initialized. From 81e57021c67a1a624fd8085ae287de50121e19bd Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 26 Sep 2022 17:13:33 +0200 Subject: [PATCH 14/39] Change the input parameters to be const Signed-off-by: Gabor Mezei --- library/bignum_mod_raw.c | 2 +- library/bignum_mod_raw.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index bb4a37a1a..98994ab36 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -42,7 +42,7 @@ #include "constant_time_internal.h" void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, + const mbedtls_mpi_uint *Y, const mbedtls_mpi_mod_modulus *m, unsigned char assign ) { diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 82a8ce851..60c8d8acf 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -53,7 +53,7 @@ * neither its original value nor the value in \p Y. */ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, + const mbedtls_mpi_uint *Y, const mbedtls_mpi_mod_modulus *m, unsigned char assign ); From 3eff425b1ae1a3f65fefbf47afcb1e868ced007a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 26 Sep 2022 17:26:42 +0200 Subject: [PATCH 15/39] Use only one limb parameter for assign Signed-off-by: Gabor Mezei --- library/bignum_core.c | 11 ++--------- library/bignum_core.h | 7 +++---- library/bignum_mod_raw.c | 3 +-- library/constant_time.c | 8 +++++++- tests/suites/test_suite_mpi.function | 2 +- 5 files changed, 14 insertions(+), 17 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 7074a0962..83c115e11 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -163,18 +163,11 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, } void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - size_t X_limbs, const mbedtls_mpi_uint *Y, - size_t Y_limbs, + size_t limbs, unsigned char assign ) { - /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign ); - - mbedtls_ct_mpi_uint_cond_assign( Y_limbs, X, Y, assign ); - - for( size_t i = Y_limbs; i < X_limbs; i++ ) - X[i] &= ~limb_mask; + mbedtls_ct_mpi_uint_cond_assign( limbs, X, Y, assign ); } void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, diff --git a/library/bignum_core.h b/library/bignum_core.h index d8951486c..cf7688d17 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -79,9 +79,9 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * the condition was true or not. * * \param[OUT] X The address of the first MPI. This must be initialized. - * \param X_limbs The number of limbs of \p X. + * It must have at least \p limbs limbs. * \param[IN] Y The address of the second MPI. This must be initialized. - * \param Y_limbs The number of limbs of \p Y. + * \param limbs The number of limbs of \p Y. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: * * \c 1: Perform the assignment `X = Y`. @@ -95,9 +95,8 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * neither its original value nor the value in \p Y. */ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - size_t X_limbs, const mbedtls_mpi_uint *Y, - size_t Y_limbs, + size_t limbs, unsigned char assign ); /** diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 98994ab36..3c7f88966 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -46,8 +46,7 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, unsigned char assign ) { - mbedtls_mpi_core_cond_assign( X, m->limbs, - Y, m->limbs, assign ); + mbedtls_mpi_core_cond_assign( X, Y, m->limbs, assign ); } void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, diff --git a/library/constant_time.c b/library/constant_time.c index 7bf67f432..d01998bd7 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -682,11 +682,17 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( Y != NULL ); + /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ + mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s ); - mbedtls_mpi_core_cond_assign( X->p, X->n, Y->p, Y->n, assign ); + mbedtls_mpi_core_cond_assign( X->p, Y->p, Y->n, assign ); + + for( size_t i = Y->n; i < X->n; i++ ) + X->p[i] &= ~limb_mask; cleanup: return( ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 1bb54e10c..9cb2d9096 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -786,7 +786,7 @@ void mpi_core_cond_assign( data_t * input_X, TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - mbedtls_mpi_core_cond_assign( X, len_X, Y, len_Y, cond ); + mbedtls_mpi_core_cond_assign( X, Y, len_Y, cond ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); From 1c628d57006fb43718c0a60db9fa129db6bfe0b3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 27 Sep 2022 12:13:51 +0200 Subject: [PATCH 16/39] Follow parameter naming comvention Signed-off-by: Gabor Mezei --- library/bignum_core.c | 14 +++++++------- library/bignum_core.h | 24 ++++++++++++------------ library/bignum_mod_raw.c | 10 +++++----- library/bignum_mod_raw.h | 26 +++++++++++++------------- 4 files changed, 37 insertions(+), 37 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 83c115e11..473ef1ae2 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -163,15 +163,15 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, } void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *Y, + const mbedtls_mpi_uint *A, size_t limbs, unsigned char assign ) { - mbedtls_ct_mpi_uint_cond_assign( limbs, X, Y, assign ); + mbedtls_ct_mpi_uint_cond_assign( limbs, X, A, assign ); } -void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, +void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *A, + mbedtls_mpi_uint *B, size_t limbs, unsigned char swap ) { @@ -180,9 +180,9 @@ void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, for( size_t i = 0; i < limbs; i++ ) { - mbedtls_mpi_uint tmp = X[i]; - X[i] = ( X[i] & ~limb_mask ) | ( Y[i] & limb_mask ); - Y[i] = ( Y[i] & ~limb_mask ) | ( tmp & limb_mask ); + mbedtls_mpi_uint tmp = A[i]; + A[i] = ( A[i] & ~limb_mask ) | ( B[i] & limb_mask ); + B[i] = ( B[i] & ~limb_mask ) | ( tmp & limb_mask ); } } diff --git a/library/bignum_core.h b/library/bignum_core.h index cf7688d17..86180d3eb 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -80,11 +80,11 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * * \param[OUT] X The address of the first MPI. This must be initialized. * It must have at least \p limbs limbs. - * \param[IN] Y The address of the second MPI. This must be initialized. - * \param limbs The number of limbs of \p Y. + * \param[IN] A The address of the second MPI. This must be initialized. + * \param limbs The number of limbs of \p A. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: - * * \c 1: Perform the assignment `X = Y`. + * * \c 1: Perform the assignment `X = A`. * * \c 0: Keep the original value of \p X. * * \note This function avoids leaking any information about whether @@ -95,7 +95,7 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * neither its original value nor the value in \p Y. */ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *Y, + const mbedtls_mpi_uint *A, size_t limbs, unsigned char assign ); @@ -103,25 +103,25 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * - * \param[IN,OUT] X The address of the first MPI. + * \param[IN,OUT] A The address of the first MPI. * This must be initialized. - * \param[IN,OUT] Y The address of the second MPI. + * \param[IN,OUT] B The address of the second MPI. * This must be initialized. - * \param limbs The number of limbs of \p Y and \p X. + * \param limbs The number of limbs of \p A and \p B. * \param swap The condition deciding whether to perform * the swap or not. Must be either 0 or 1: - * * \c 1: Swap the values of \p X and \p Y. - * * \c 0: Keep the original values of \p X and \p Y. + * * \c 1: Swap the values of \p A and \p B. + * * \c 0: Keep the original values of \p A and \p B. * * \note This function avoids leaking any information about whether * the swap was done or not. * * \warning If \p swap is neither 0 nor 1, the result of this function - * is indeterminate, and both \p X and \p Y might end up with + * is indeterminate, and both \p A and \p B might end up with * values different to either of the original ones. */ -void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, +void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *A, + mbedtls_mpi_uint *B, size_t limbs, unsigned char swap ); diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 3c7f88966..82ef645f0 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -42,19 +42,19 @@ #include "constant_time_internal.h" void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *Y, + const mbedtls_mpi_uint *A, const mbedtls_mpi_mod_modulus *m, unsigned char assign ) { - mbedtls_mpi_core_cond_assign( X, Y, m->limbs, assign ); + mbedtls_mpi_core_cond_assign( X, A, m->limbs, assign ); } -void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, +void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *A, + mbedtls_mpi_uint *B, const mbedtls_mpi_mod_modulus *m, unsigned char swap ) { - mbedtls_mpi_core_cond_swap( X, Y, m->limbs, swap ); + mbedtls_mpi_core_cond_swap( A, B, m->limbs, swap ); } int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 60c8d8acf..edd356ce2 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -38,11 +38,11 @@ * the condition was true or not. * * \param[OUT] X The address of the first MPI. This must be initialized. - * \param[IN] Y The address of the second MPI. This must be initialized. - * \param[IN] m The address of the modulus related to \p X and \p Y. + * \param[IN] A The address of the second MPI. This must be initialized. + * \param[IN] m The address of the modulus related to \p X and \p A. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: - * * \c 1: Perform the assignment `X = Y`. + * * \c 1: Perform the assignment `X = A`. * * \c 0: Keep the original value of \p X. * * \note This function avoids leaking any information about whether @@ -50,10 +50,10 @@ * * \warning If \p assign is neither 0 nor 1, the result of this function * is indeterminate, and the resulting value in \p X might be - * neither its original value nor the value in \p Y. + * neither its original value nor the value in \p B. */ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *Y, + const mbedtls_mpi_uint *A, const mbedtls_mpi_mod_modulus *m, unsigned char assign ); @@ -61,23 +61,23 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * - * \param[IN,OUT] X The address of the first MPI. This must be initialized. - * \param[IN,OUT] Y The address of the second MPI. This must be initialized. - * \param[IN] m The address of the modulus related to \p X and \p Y. + * \param[IN,OUT] A The address of the first MPI. This must be initialized. + * \param[IN,OUT] B The address of the second MPI. This must be initialized. + * \param[IN] m The address of the modulus related to \p A and \p B. * \param swap The condition deciding whether to perform * the swap or not. Must be either 0 or 1: - * * \c 1: Swap the values of \p X and \p Y. - * * \c 0: Keep the original values of \p X and \p Y. + * * \c 1: Swap the values of \p A and \p B. + * * \c 0: Keep the original values of \p A and \p B. * * \note This function avoids leaking any information about whether * the swap was done or not. * * \warning If \p swap is neither 0 nor 1, the result of this function - * is indeterminate, and both \p X and \p Y might end up with + * is indeterminate, and both \p A and \p B might end up with * values different to either of the original ones. */ -void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, - mbedtls_mpi_uint *Y, +void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *A, + mbedtls_mpi_uint *B, const mbedtls_mpi_mod_modulus *m, unsigned char swap ); From 821d15107b47580040bed176315fa34bd43ebaad Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 27 Sep 2022 12:41:28 +0200 Subject: [PATCH 17/39] Check true and false condition in the same test case Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 42 +++------ tests/suites/test_suite_mpi.function | 122 ++++++++++++++++----------- 2 files changed, 83 insertions(+), 81 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index a4cd07a23..7868a24f8 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -681,41 +681,23 @@ mpi_core_lt_ct:"11FFFFFFFFFFFFFFFF":"FF1111111111111111":1 mbedtls_mpi_core_lt_ct: x>y (alternating limbs) mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 -mbedtls_mpi_core_cond_assign: same size, true condition -mpi_core_cond_assign:"FFFFFFFF":"11111111":1 +mbedtls_mpi_core_cond_assign +mpi_core_cond_assign:"FFFFFFFF":"11111111" -mbedtls_mpi_core_cond_assign: same size, false condition -mpi_core_cond_assign:"FFFFFFFF":"11111111":0 +mbedtls_mpi_core_cond_swap: same value +mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF" -mbedtls_mpi_core_cond_assign: target larger, true condition -mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":1 +mbedtls_mpi_core_cond_swap: different value +mpi_core_cond_swap:"FFFFFFFF":"11111111" -mbedtls_mpi_core_cond_assign: target larger, false condition -mpi_core_cond_assign:"FFFFFFFFEEEEEEEEDDDDDDDD":"11111111":0 +mbedtls_mpi_mod_raw_cond_assign +mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111" -mbedtls_mpi_core_cond_swap: same value, true condition -mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":1 +mbedtls_mpi_mod_raw_cond_swap: same value +mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF" -mbedtls_mpi_core_cond_swap: same size, true condition -mpi_core_cond_swap:"FFFFFFFF":"11111111":1 - -mbedtls_mpi_core_cond_swap: same size, false condition -mpi_core_cond_swap:"FFFFFFFF":"11111111":0 - -mbedtls_mpi_mod_raw_cond_assign: same size, true condition -mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":1 - -mbedtls_mpi_mod_raw_cond_assign: same size, false condition -mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":0 - -mbedtls_mpi_mod_raw_cond_swap: same value, true condition -mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":1 - -mbedtls_mpi_mod_raw_cond_swap: same size, true condition -mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":1 - -mbedtls_mpi_mod_raw_cond_swap: same size, false condition -mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":0 +mbedtls_mpi_mod_raw_cond_swap: different value +mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111" Base test mbedtls_mpi_lt_mpi_ct #1 mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 9cb2d9096..7a87c0738 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -765,8 +765,7 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_assign( data_t * input_X, - data_t * input_Y, - int cond ) + data_t * input_Y ) { #define MAX_LEN 64 mbedtls_mpi_uint X[MAX_LEN]; @@ -783,21 +782,29 @@ void mpi_core_cond_assign( data_t * input_X, TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, input_Y->x, input_Y->len ) == 0 ); + /* condition is false */ TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - mbedtls_mpi_core_cond_assign( X, Y, len_Y, cond ); + mbedtls_mpi_core_cond_assign( X, Y, len_Y, 0 ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - if( cond ) - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_ASSERT( memcmp( X, Y, MIN( len_X, len_Y ) * + sizeof( mbedtls_mpi_uint ) ) != 0 ); - else - TEST_ASSERT( memcmp( X, Y, MIN( len_X, len_Y ) * - sizeof( mbedtls_mpi_uint ) ) != 0 ); + /* condition is true */ + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + mbedtls_mpi_core_cond_assign( X, Y, len_Y, 1 ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + Y, len_Y * sizeof( mbedtls_mpi_uint ) ); exit: ; @@ -808,8 +815,7 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_swap( data_t * input_X, - data_t * input_Y, - int cond ) + data_t * input_Y ) { #define MAX_LEN 64 mbedtls_mpi_uint tmp_X[MAX_LEN]; @@ -832,29 +838,33 @@ void mpi_core_cond_swap( data_t * input_X, == 0 ); memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + /* condition is false */ TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - mbedtls_mpi_core_cond_swap( X, Y, len_X, cond ); + mbedtls_mpi_core_cond_swap( X, Y, len_X, 0 ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - if( cond ) - { - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - } + ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - else - { - ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - } + /* condition is true */ + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + mbedtls_mpi_core_cond_swap( X, Y, len_X, 1 ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); exit: ; @@ -865,8 +875,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_assign( data_t * input_X, - data_t * input_Y, - int cond ) + data_t * input_Y ) { #define MAX_LEN 64 mbedtls_mpi_uint X[MAX_LEN]; @@ -896,20 +905,28 @@ void mpi_mod_raw_cond_assign( data_t * input_X, input_Y->x, input_Y->len ) == 0 ); + /* condition is false */ TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, cond ); + mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 0 ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - if( cond ) - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); - else - TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); + /* condition is true */ + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 1 ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), + Y, len_Y * sizeof( mbedtls_mpi_uint ) ); exit: ; @@ -920,8 +937,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_swap( data_t * input_X, - data_t * input_Y, - int cond ) + data_t * input_Y ) { #define MAX_LEN 64 mbedtls_mpi_uint tmp_X[MAX_LEN]; @@ -953,29 +969,33 @@ void mpi_mod_raw_cond_swap( data_t * input_X, == 0 ); memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + /* condition is false */ TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, cond ); + mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 0 ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - if( cond ) - { - ASSERT_COMPARE( X, m.limbs * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, m.limbs * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - } + ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), + tmp_X, m.limbs * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), + tmp_Y, m.limbs * sizeof( mbedtls_mpi_uint ) ); - else - { - ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, m.limbs * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, m.limbs * sizeof( mbedtls_mpi_uint ) ); - } + /* condition is true */ + TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 1 ); + + TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + + ASSERT_COMPARE( X, m.limbs * sizeof( mbedtls_mpi_uint ), + tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( Y, m.limbs * sizeof( mbedtls_mpi_uint ), + tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); exit: ; From a7584888da70802d757dfa662afaff5eef9cf5cf Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 27 Sep 2022 13:18:02 +0200 Subject: [PATCH 18/39] Use exact-size buffers for inputs and outputs to library functions in tests Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 160 ++++++++++++++------------- 1 file changed, 86 insertions(+), 74 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 7a87c0738..6118efc58 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -768,14 +768,19 @@ void mpi_core_cond_assign( data_t * input_X, data_t * input_Y ) { #define MAX_LEN 64 - mbedtls_mpi_uint X[MAX_LEN]; - mbedtls_mpi_uint Y[MAX_LEN]; + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *Y = NULL; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); TEST_ASSERT( len_X <= MAX_LEN ); TEST_ASSERT( len_Y <= MAX_LEN ); + ASSERT_ALLOC( X, len_X_byte ); + ASSERT_ALLOC( Y, len_Y_byte ); + TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, input_X->x, input_X->len ) == 0 ); @@ -783,28 +788,26 @@ void mpi_core_cond_assign( data_t * input_X, == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_core_cond_assign( X, Y, len_Y, 0 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); - TEST_ASSERT( memcmp( X, Y, MIN( len_X, len_Y ) * - sizeof( mbedtls_mpi_uint ) ) != 0 ); + TEST_ASSERT( memcmp( X, Y, MIN( len_X_byte, len_Y_byte ) ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_core_cond_assign( X, Y, len_Y, 1 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( X, len_Y_byte, Y, len_Y_byte ); exit: ; @@ -818,53 +821,56 @@ void mpi_core_cond_swap( data_t * input_X, data_t * input_Y ) { #define MAX_LEN 64 - mbedtls_mpi_uint tmp_X[MAX_LEN]; - mbedtls_mpi_uint tmp_Y[MAX_LEN]; - mbedtls_mpi_uint X[MAX_LEN]; - mbedtls_mpi_uint Y[MAX_LEN]; + mbedtls_mpi_uint *tmp_X = NULL; + mbedtls_mpi_uint *tmp_Y = NULL; + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *Y = NULL; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); TEST_ASSERT( len_X <= MAX_LEN ); TEST_ASSERT( len_Y <= MAX_LEN ); + ASSERT_ALLOC( tmp_X, len_X_byte ); + ASSERT_ALLOC( tmp_Y, len_Y_byte ); + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, input_X->x, input_X->len ) == 0 ); - memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + ASSERT_ALLOC( X, len_X_byte ); + memcpy( X, tmp_X, len_X_byte ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, input_Y->x, input_Y->len ) == 0 ); - memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_ALLOC( Y, len_Y_byte ); + memcpy( Y, tmp_Y, len_Y_byte ); /* condition is false */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_core_cond_swap( X, Y, len_X, 0 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); - ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( X, len_X_byte, tmp_X, len_X_byte ); + ASSERT_COMPARE( Y, len_Y_byte, tmp_Y, len_Y_byte ); /* condition is true */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_core_cond_swap( X, Y, len_X, 1 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( X, len_Y_byte, tmp_Y, len_Y_byte ); + ASSERT_COMPARE( Y, len_X_byte, tmp_X, len_X_byte ); exit: ; @@ -878,21 +884,25 @@ void mpi_mod_raw_cond_assign( data_t * input_X, data_t * input_Y ) { #define MAX_LEN 64 - mbedtls_mpi_uint X[MAX_LEN]; - mbedtls_mpi_uint Y[MAX_LEN]; + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *Y = NULL; mbedtls_mpi_uint buff_m[MAX_LEN]; mbedtls_mpi_mod_modulus m; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); TEST_ASSERT( len_X <= MAX_LEN ); TEST_ASSERT( len_Y <= MAX_LEN ); + ASSERT_ALLOC( X, len_X_byte ); + ASSERT_ALLOC( Y, len_Y_byte ); + memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, - len_X <= len_Y ? len_X : len_Y, + &m, buff_m, len_Y, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); @@ -906,27 +916,26 @@ void mpi_mod_raw_cond_assign( data_t * input_X, == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); - ASSERT_COMPARE( X, len_Y * sizeof( mbedtls_mpi_uint ), - Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( X, len_Y_byte, Y, len_Y_byte ); exit: ; @@ -940,62 +949,65 @@ void mpi_mod_raw_cond_swap( data_t * input_X, data_t * input_Y ) { #define MAX_LEN 64 - mbedtls_mpi_uint tmp_X[MAX_LEN]; - mbedtls_mpi_uint tmp_Y[MAX_LEN]; - mbedtls_mpi_uint X[MAX_LEN]; - mbedtls_mpi_uint Y[MAX_LEN]; + mbedtls_mpi_uint *tmp_X = NULL; + mbedtls_mpi_uint *tmp_Y = NULL; + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *Y = NULL; mbedtls_mpi_uint buff_m[MAX_LEN]; mbedtls_mpi_mod_modulus m; size_t len_X = CHARS_TO_LIMBS( input_X->len ); size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); + size_t len_m_byte = len_X_byte; TEST_ASSERT( len_X <= MAX_LEN ); TEST_ASSERT( len_Y <= MAX_LEN ); + ASSERT_ALLOC( tmp_X, len_X_byte ); + ASSERT_ALLOC( tmp_Y, len_Y_byte ); + memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, - len_X <= len_Y ? len_X : len_Y, + &m, buff_m, len_X, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, input_X->x, input_X->len ) == 0 ); - memcpy( X, tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + ASSERT_ALLOC( X, len_X_byte ); + memcpy( X, tmp_X, len_X_byte ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, input_Y->x, input_Y->len ) == 0 ); - memcpy( Y, tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + ASSERT_ALLOC( Y, len_Y_byte ); + memcpy( Y, tmp_Y, len_Y_byte ); /* condition is false */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); - ASSERT_COMPARE( X, len_X * sizeof( mbedtls_mpi_uint ), - tmp_X, m.limbs * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, len_Y * sizeof( mbedtls_mpi_uint ), - tmp_Y, m.limbs * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( X, len_X_byte, tmp_X, len_X_byte ); + ASSERT_COMPARE( Y, len_Y_byte, tmp_Y, len_Y_byte ); /* condition is true */ - TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_SECRET( X, len_X_byte ); + TEST_CF_SECRET( Y, len_Y_byte ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); - TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); + TEST_CF_PUBLIC( X, len_X_byte ); + TEST_CF_PUBLIC( Y, len_Y_byte ); - ASSERT_COMPARE( X, m.limbs * sizeof( mbedtls_mpi_uint ), - tmp_Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - ASSERT_COMPARE( Y, m.limbs * sizeof( mbedtls_mpi_uint ), - tmp_X, len_X * sizeof( mbedtls_mpi_uint ) ); + ASSERT_COMPARE( X, len_m_byte, tmp_Y, len_Y_byte ); + ASSERT_COMPARE( Y, len_m_byte, tmp_X, len_X_byte ); exit: ; From 8b05e3b148a99be05e05f884b546480baa958ac3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 28 Sep 2022 12:37:02 +0200 Subject: [PATCH 19/39] Add memory freeing Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 6118efc58..6dda5ef1e 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -810,7 +810,8 @@ void mpi_core_cond_assign( data_t * input_X, ASSERT_COMPARE( X, len_Y_byte, Y, len_Y_byte ); exit: - ; + mbedtls_free( X ); + mbedtls_free( Y ); #undef MAX_LEN } @@ -873,7 +874,10 @@ void mpi_core_cond_swap( data_t * input_X, ASSERT_COMPARE( Y, len_X_byte, tmp_X, len_X_byte ); exit: - ; + mbedtls_free( tmp_X ); + mbedtls_free( tmp_Y ); + mbedtls_free( X ); + mbedtls_free( Y ); #undef MAX_LEN } @@ -938,7 +942,10 @@ void mpi_mod_raw_cond_assign( data_t * input_X, ASSERT_COMPARE( X, len_Y_byte, Y, len_Y_byte ); exit: - ; + mbedtls_free( X ); + mbedtls_free( Y ); + + mbedtls_mpi_mod_modulus_free( &m ); #undef MAX_LEN } @@ -1010,7 +1017,12 @@ void mpi_mod_raw_cond_swap( data_t * input_X, ASSERT_COMPARE( Y, len_m_byte, tmp_X, len_X_byte ); exit: - ; + mbedtls_free( tmp_X ); + mbedtls_free( tmp_Y ); + mbedtls_free( X ); + mbedtls_free( Y ); + + mbedtls_mpi_mod_modulus_free( &m ); #undef MAX_LEN } From e5b8585f1eeff116f599102da614af8be2a641ab Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 30 Sep 2022 13:54:02 +0200 Subject: [PATCH 20/39] Follow parameter naming convention Signed-off-by: Gabor Mezei --- library/bignum_core.c | 10 +++++----- library/bignum_core.h | 16 ++++++++-------- library/bignum_mod_raw.c | 12 ++++++------ library/bignum_mod_raw.h | 22 +++++++++++----------- 4 files changed, 30 insertions(+), 30 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 473ef1ae2..233b22ded 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -170,8 +170,8 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, mbedtls_ct_mpi_uint_cond_assign( limbs, X, A, assign ); } -void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *A, - mbedtls_mpi_uint *B, +void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, size_t limbs, unsigned char swap ) { @@ -180,9 +180,9 @@ void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *A, for( size_t i = 0; i < limbs; i++ ) { - mbedtls_mpi_uint tmp = A[i]; - A[i] = ( A[i] & ~limb_mask ) | ( B[i] & limb_mask ); - B[i] = ( B[i] & ~limb_mask ) | ( tmp & limb_mask ); + mbedtls_mpi_uint tmp = X[i]; + X[i] = ( X[i] & ~limb_mask ) | ( Y[i] & limb_mask ); + Y[i] = ( Y[i] & ~limb_mask ) | ( tmp & limb_mask ); } } diff --git a/library/bignum_core.h b/library/bignum_core.h index 86180d3eb..0dd507a3e 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -103,25 +103,25 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * - * \param[IN,OUT] A The address of the first MPI. + * \param[IN,OUT] X The address of the first MPI. * This must be initialized. - * \param[IN,OUT] B The address of the second MPI. + * \param[IN,OUT] Y The address of the second MPI. * This must be initialized. - * \param limbs The number of limbs of \p A and \p B. + * \param limbs The number of limbs of \p X and \p Y. * \param swap The condition deciding whether to perform * the swap or not. Must be either 0 or 1: - * * \c 1: Swap the values of \p A and \p B. - * * \c 0: Keep the original values of \p A and \p B. + * * \c 1: Swap the values of \p X and \p Y. + * * \c 0: Keep the original values of \p X and \p Y. * * \note This function avoids leaking any information about whether * the swap was done or not. * * \warning If \p swap is neither 0 nor 1, the result of this function - * is indeterminate, and both \p A and \p B might end up with + * is indeterminate, and both \p X and \p Y might end up with * values different to either of the original ones. */ -void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *A, - mbedtls_mpi_uint *B, +void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, size_t limbs, unsigned char swap ); diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 82ef645f0..7200f003c 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -43,18 +43,18 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, - const mbedtls_mpi_mod_modulus *m, + const mbedtls_mpi_mod_modulus *N, unsigned char assign ) { - mbedtls_mpi_core_cond_assign( X, A, m->limbs, assign ); + mbedtls_mpi_core_cond_assign( X, A, N->limbs, assign ); } -void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *A, - mbedtls_mpi_uint *B, - const mbedtls_mpi_mod_modulus *m, +void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *N, unsigned char swap ) { - mbedtls_mpi_core_cond_swap( A, B, m->limbs, swap ); + mbedtls_mpi_core_cond_swap( X, Y, N->limbs, swap ); } int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X, diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index edd356ce2..b2f333ee4 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -39,7 +39,7 @@ * * \param[OUT] X The address of the first MPI. This must be initialized. * \param[IN] A The address of the second MPI. This must be initialized. - * \param[IN] m The address of the modulus related to \p X and \p A. + * \param[IN] N The address of the modulus related to \p X and \p A. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: * * \c 1: Perform the assignment `X = A`. @@ -54,31 +54,31 @@ */ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, - const mbedtls_mpi_mod_modulus *m, + const mbedtls_mpi_mod_modulus *N, unsigned char assign ); /** * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * - * \param[IN,OUT] A The address of the first MPI. This must be initialized. - * \param[IN,OUT] B The address of the second MPI. This must be initialized. - * \param[IN] m The address of the modulus related to \p A and \p B. + * \param[IN,OUT] X The address of the first MPI. This must be initialized. + * \param[IN,OUT] Y The address of the second MPI. This must be initialized. + * \param[IN] N The address of the modulus related to \p X and \p Y. * \param swap The condition deciding whether to perform * the swap or not. Must be either 0 or 1: - * * \c 1: Swap the values of \p A and \p B. - * * \c 0: Keep the original values of \p A and \p B. + * * \c 1: Swap the values of \p X and \p Y. + * * \c 0: Keep the original values of \p X and \p Y. * * \note This function avoids leaking any information about whether * the swap was done or not. * * \warning If \p swap is neither 0 nor 1, the result of this function - * is indeterminate, and both \p A and \p B might end up with + * is indeterminate, and both \p X and \p Y might end up with * values different to either of the original ones. */ -void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *A, - mbedtls_mpi_uint *B, - const mbedtls_mpi_mod_modulus *m, +void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, + mbedtls_mpi_uint *Y, + const mbedtls_mpi_mod_modulus *N, unsigned char swap ); /** Import X from unsigned binary data. From 86dfe384c2b33de95e0116683bbc8b4ffc8e164d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 30 Sep 2022 14:03:04 +0200 Subject: [PATCH 21/39] Fix documentation tags to be lower case Signed-off-by: Gabor Mezei --- library/bignum_core.h | 8 ++++---- library/bignum_mod_raw.h | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 0dd507a3e..493ec12cd 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -78,9 +78,9 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * \brief Perform a safe conditional copy of MPI which doesn't reveal whether * the condition was true or not. * - * \param[OUT] X The address of the first MPI. This must be initialized. + * \param[out] X The address of the first MPI. This must be initialized. * It must have at least \p limbs limbs. - * \param[IN] A The address of the second MPI. This must be initialized. + * \param[in] A The address of the second MPI. This must be initialized. * \param limbs The number of limbs of \p A. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: @@ -103,9 +103,9 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * - * \param[IN,OUT] X The address of the first MPI. + * \param[in,out] X The address of the first MPI. * This must be initialized. - * \param[IN,OUT] Y The address of the second MPI. + * \param[in,out] Y The address of the second MPI. * This must be initialized. * \param limbs The number of limbs of \p X and \p Y. * \param swap The condition deciding whether to perform diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index b2f333ee4..231bb72d3 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -37,9 +37,9 @@ * \brief Perform a safe conditional copy of MPI which doesn't reveal whether * the condition was true or not. * - * \param[OUT] X The address of the first MPI. This must be initialized. - * \param[IN] A The address of the second MPI. This must be initialized. - * \param[IN] N The address of the modulus related to \p X and \p A. + * \param[out] X The address of the first MPI. This must be initialized. + * \param[in] A The address of the second MPI. This must be initialized. + * \param[in] N The address of the modulus related to \p X and \p A. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: * * \c 1: Perform the assignment `X = A`. @@ -61,9 +61,9 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * - * \param[IN,OUT] X The address of the first MPI. This must be initialized. - * \param[IN,OUT] Y The address of the second MPI. This must be initialized. - * \param[IN] N The address of the modulus related to \p X and \p Y. + * \param[in,out] X The address of the first MPI. This must be initialized. + * \param[in,out] Y The address of the second MPI. This must be initialized. + * \param[in] N The address of the modulus related to \p X and \p Y. * \param swap The condition deciding whether to perform * the swap or not. Must be either 0 or 1: * * \c 1: Swap the values of \p X and \p Y. From f5ca726ce1a1b0f29982c3afce2ef97ae93a1686 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 30 Sep 2022 14:28:26 +0200 Subject: [PATCH 22/39] Rename variables to match bettr to its purpose The length in bytes is used with the 'len' prefix and the length in limbs is used with the 'limbs' prefix. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 196 +++++++++++++-------------- 1 file changed, 98 insertions(+), 98 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 6dda5ef1e..f90fee311 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -770,44 +770,44 @@ void mpi_core_cond_assign( data_t * input_X, #define MAX_LEN 64 mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; - size_t len_X = CHARS_TO_LIMBS( input_X->len ); - size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); + size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); + size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( len_X <= MAX_LEN ); - TEST_ASSERT( len_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X <= MAX_LEN ); + TEST_ASSERT( limbs_Y <= MAX_LEN ); - ASSERT_ALLOC( X, len_X_byte ); - ASSERT_ALLOC( Y, len_Y_byte ); + ASSERT_ALLOC( X, len_X ); + ASSERT_ALLOC( Y, len_Y ); - TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, input_X->x, input_X->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs_X, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, input_Y->x, input_Y->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs_Y, input_Y->x, input_Y->len ) == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); - mbedtls_mpi_core_cond_assign( X, Y, len_Y, 0 ); + mbedtls_mpi_core_cond_assign( X, Y, limbs_Y, 0 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); - TEST_ASSERT( memcmp( X, Y, MIN( len_X_byte, len_Y_byte ) ) != 0 ); + TEST_ASSERT( memcmp( X, Y, MIN( len_X, len_Y ) ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); - mbedtls_mpi_core_cond_assign( X, Y, len_Y, 1 ); + mbedtls_mpi_core_cond_assign( X, Y, limbs_Y, 1 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); - ASSERT_COMPARE( X, len_Y_byte, Y, len_Y_byte ); + ASSERT_COMPARE( X, len_Y, Y, len_Y ); exit: mbedtls_free( X ); @@ -826,52 +826,52 @@ void mpi_core_cond_swap( data_t * input_X, mbedtls_mpi_uint *tmp_Y = NULL; mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; - size_t len_X = CHARS_TO_LIMBS( input_X->len ); - size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); + size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); + size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( len_X <= MAX_LEN ); - TEST_ASSERT( len_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X <= MAX_LEN ); + TEST_ASSERT( limbs_Y <= MAX_LEN ); - ASSERT_ALLOC( tmp_X, len_X_byte ); - ASSERT_ALLOC( tmp_Y, len_Y_byte ); + ASSERT_ALLOC( tmp_X, len_X ); + ASSERT_ALLOC( tmp_Y, len_Y ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs_X, input_X->x, input_X->len ) == 0 ); - ASSERT_ALLOC( X, len_X_byte ); - memcpy( X, tmp_X, len_X_byte ); + ASSERT_ALLOC( X, len_X ); + memcpy( X, tmp_X, len_X ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs_Y, input_Y->x, input_Y->len ) == 0 ); - ASSERT_ALLOC( Y, len_Y_byte ); - memcpy( Y, tmp_Y, len_Y_byte ); + ASSERT_ALLOC( Y, len_Y ); + memcpy( Y, tmp_Y, len_Y ); /* condition is false */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); - mbedtls_mpi_core_cond_swap( X, Y, len_X, 0 ); + mbedtls_mpi_core_cond_swap( X, Y, limbs_X, 0 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); - ASSERT_COMPARE( X, len_X_byte, tmp_X, len_X_byte ); - ASSERT_COMPARE( Y, len_Y_byte, tmp_Y, len_Y_byte ); + ASSERT_COMPARE( X, len_X, tmp_X, len_X ); + ASSERT_COMPARE( Y, len_Y, tmp_Y, len_Y ); /* condition is true */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); - mbedtls_mpi_core_cond_swap( X, Y, len_X, 1 ); + mbedtls_mpi_core_cond_swap( X, Y, limbs_X, 1 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); - ASSERT_COMPARE( X, len_Y_byte, tmp_Y, len_Y_byte ); - ASSERT_COMPARE( Y, len_X_byte, tmp_X, len_X_byte ); + ASSERT_COMPARE( X, len_Y, tmp_Y, len_Y ); + ASSERT_COMPARE( Y, len_X, tmp_X, len_X ); exit: mbedtls_free( tmp_X ); @@ -892,54 +892,54 @@ void mpi_mod_raw_cond_assign( data_t * input_X, mbedtls_mpi_uint *Y = NULL; mbedtls_mpi_uint buff_m[MAX_LEN]; mbedtls_mpi_mod_modulus m; - size_t len_X = CHARS_TO_LIMBS( input_X->len ); - size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); + size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); + size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( len_X <= MAX_LEN ); - TEST_ASSERT( len_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X <= MAX_LEN ); + TEST_ASSERT( limbs_Y <= MAX_LEN ); - ASSERT_ALLOC( X, len_X_byte ); - ASSERT_ALLOC( Y, len_Y_byte ); + ASSERT_ALLOC( X, len_X ); + ASSERT_ALLOC( Y, len_Y ); memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, len_Y, + &m, buff_m, limbs_Y, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( X, len_X, + TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs_X, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( Y, len_Y, + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs_Y, input_Y->x, input_Y->len ) == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); - ASSERT_COMPARE( X, len_Y_byte, Y, len_Y_byte ); + ASSERT_COMPARE( X, len_Y, Y, len_Y ); exit: mbedtls_free( X ); @@ -962,59 +962,59 @@ void mpi_mod_raw_cond_swap( data_t * input_X, mbedtls_mpi_uint *Y = NULL; mbedtls_mpi_uint buff_m[MAX_LEN]; mbedtls_mpi_mod_modulus m; - size_t len_X = CHARS_TO_LIMBS( input_X->len ); - size_t len_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X_byte = len_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y_byte = len_Y * sizeof( mbedtls_mpi_uint ); - size_t len_m_byte = len_X_byte; + size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); + size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); + size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); + size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); + size_t len_m = len_X; - TEST_ASSERT( len_X <= MAX_LEN ); - TEST_ASSERT( len_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X <= MAX_LEN ); + TEST_ASSERT( limbs_Y <= MAX_LEN ); - ASSERT_ALLOC( tmp_X, len_X_byte ); - ASSERT_ALLOC( tmp_Y, len_Y_byte ); + ASSERT_ALLOC( tmp_X, len_X ); + ASSERT_ALLOC( tmp_Y, len_Y ); memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, len_X, + &m, buff_m, limbs_X, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, len_X, input_X->x, input_X->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs_X, input_X->x, input_X->len ) == 0 ); - ASSERT_ALLOC( X, len_X_byte ); - memcpy( X, tmp_X, len_X_byte ); + ASSERT_ALLOC( X, len_X ); + memcpy( X, tmp_X, len_X ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, len_Y, input_Y->x, input_Y->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs_Y, input_Y->x, input_Y->len ) == 0 ); - ASSERT_ALLOC( Y, len_Y_byte ); - memcpy( Y, tmp_Y, len_Y_byte ); + ASSERT_ALLOC( Y, len_Y ); + memcpy( Y, tmp_Y, len_Y ); /* condition is false */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); - ASSERT_COMPARE( X, len_X_byte, tmp_X, len_X_byte ); - ASSERT_COMPARE( Y, len_Y_byte, tmp_Y, len_Y_byte ); + ASSERT_COMPARE( X, len_X, tmp_X, len_X ); + ASSERT_COMPARE( Y, len_Y, tmp_Y, len_Y ); /* condition is true */ - TEST_CF_SECRET( X, len_X_byte ); - TEST_CF_SECRET( Y, len_Y_byte ); + TEST_CF_SECRET( X, len_X ); + TEST_CF_SECRET( Y, len_Y ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len_X_byte ); - TEST_CF_PUBLIC( Y, len_Y_byte ); + TEST_CF_PUBLIC( X, len_X ); + TEST_CF_PUBLIC( Y, len_Y ); - ASSERT_COMPARE( X, len_m_byte, tmp_Y, len_Y_byte ); - ASSERT_COMPARE( Y, len_m_byte, tmp_X, len_X_byte ); + ASSERT_COMPARE( X, len_m, tmp_Y, len_Y ); + ASSERT_COMPARE( Y, len_m, tmp_X, len_X ); exit: mbedtls_free( tmp_X ); From ec5685f1ee4a284ceda566da101bf0d0e84b8486 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 30 Sep 2022 14:41:13 +0200 Subject: [PATCH 23/39] Use exact-size buffers for inputs and outputs to library functions in tests Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index f90fee311..cf22e3736 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -890,12 +890,13 @@ void mpi_mod_raw_cond_assign( data_t * input_X, #define MAX_LEN 64 mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; - mbedtls_mpi_uint buff_m[MAX_LEN]; + mbedtls_mpi_uint *buff_m = NULL; mbedtls_mpi_mod_modulus m; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); + size_t len_m = len_Y; TEST_ASSERT( limbs_X <= MAX_LEN ); TEST_ASSERT( limbs_Y <= MAX_LEN ); @@ -903,7 +904,8 @@ void mpi_mod_raw_cond_assign( data_t * input_X, ASSERT_ALLOC( X, len_X ); ASSERT_ALLOC( Y, len_Y ); - memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); + ASSERT_ALLOC( buff_m, len_m ); + memset( buff_m, 0, len_m ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( &m, buff_m, limbs_Y, @@ -946,6 +948,7 @@ exit: mbedtls_free( Y ); mbedtls_mpi_mod_modulus_free( &m ); + mbedtls_free( buff_m ); #undef MAX_LEN } @@ -960,7 +963,7 @@ void mpi_mod_raw_cond_swap( data_t * input_X, mbedtls_mpi_uint *tmp_Y = NULL; mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; - mbedtls_mpi_uint buff_m[MAX_LEN]; + mbedtls_mpi_uint *buff_m = NULL; mbedtls_mpi_mod_modulus m; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); @@ -974,7 +977,8 @@ void mpi_mod_raw_cond_swap( data_t * input_X, ASSERT_ALLOC( tmp_X, len_X ); ASSERT_ALLOC( tmp_Y, len_Y ); - memset( buff_m, 0, MAX_LEN * sizeof( mbedtls_mpi_uint ) ); + ASSERT_ALLOC( buff_m, len_m ); + memset( buff_m, 0, len_m ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( &m, buff_m, limbs_X, @@ -1023,6 +1027,7 @@ exit: mbedtls_free( Y ); mbedtls_mpi_mod_modulus_free( &m ); + mbedtls_free( buff_m ); #undef MAX_LEN } From 6546a6cc03235e51e02c9162fd4ffb52a884a9e8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 30 Sep 2022 14:55:16 +0200 Subject: [PATCH 24/39] Rewrite tests for cond_assign/swap The cond_swap and cond_assign test functions now requires the same limb size for the MPI parameters. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 195 ++++++++++++--------------- 1 file changed, 89 insertions(+), 106 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index cf22e3736..a74136bcc 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -767,53 +767,49 @@ exit: void mpi_core_cond_assign( data_t * input_X, data_t * input_Y ) { - #define MAX_LEN 64 mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); + size_t limbs = limbs_X; + size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X <= MAX_LEN ); - TEST_ASSERT( limbs_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X == limbs_Y ); - ASSERT_ALLOC( X, len_X ); - ASSERT_ALLOC( Y, len_Y ); + ASSERT_ALLOC( X, len ); + ASSERT_ALLOC( Y, len ); - TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs_X, input_X->x, input_X->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs_Y, input_Y->x, input_Y->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs, input_Y->x, input_Y->len ) == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_assign( X, Y, limbs_Y, 0 ); + mbedtls_mpi_core_cond_assign( X, Y, limbs, 0 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); - TEST_ASSERT( memcmp( X, Y, MIN( len_X, len_Y ) ) != 0 ); + TEST_ASSERT( memcmp( X, Y, len ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_assign( X, Y, limbs_Y, 1 ); + mbedtls_mpi_core_cond_assign( X, Y, limbs, 1 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len_Y, Y, len_Y ); + ASSERT_COMPARE( X, len, Y, len ); exit: mbedtls_free( X ); mbedtls_free( Y ); - - #undef MAX_LEN } /* END_CASE */ @@ -821,65 +817,61 @@ exit: void mpi_core_cond_swap( data_t * input_X, data_t * input_Y ) { - #define MAX_LEN 64 mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); + size_t limbs = limbs_X; + size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X <= MAX_LEN ); - TEST_ASSERT( limbs_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X == limbs_Y ); - ASSERT_ALLOC( tmp_X, len_X ); - ASSERT_ALLOC( tmp_Y, len_Y ); + ASSERT_ALLOC( tmp_X, len ); + ASSERT_ALLOC( tmp_Y, len ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs_X, + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len ) == 0 ); - ASSERT_ALLOC( X, len_X ); - memcpy( X, tmp_X, len_X ); + ASSERT_ALLOC( X, len ); + memcpy( X, tmp_X, len ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs_Y, + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len ) == 0 ); - ASSERT_ALLOC( Y, len_Y ); - memcpy( Y, tmp_Y, len_Y ); + ASSERT_ALLOC( Y, len ); + memcpy( Y, tmp_Y, len ); /* condition is false */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_swap( X, Y, limbs_X, 0 ); + mbedtls_mpi_core_cond_swap( X, Y, limbs, 0 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len_X, tmp_X, len_X ); - ASSERT_COMPARE( Y, len_Y, tmp_Y, len_Y ); + ASSERT_COMPARE( X, len, tmp_X, len ); + ASSERT_COMPARE( Y, len, tmp_Y, len ); /* condition is true */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_swap( X, Y, limbs_X, 1 ); + mbedtls_mpi_core_cond_swap( X, Y, limbs, 1 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len_Y, tmp_Y, len_Y ); - ASSERT_COMPARE( Y, len_X, tmp_X, len_X ); + ASSERT_COMPARE( X, len, tmp_Y, len ); + ASSERT_COMPARE( Y, len, tmp_X, len ); exit: mbedtls_free( tmp_X ); mbedtls_free( tmp_Y ); mbedtls_free( X ); mbedtls_free( Y ); - - #undef MAX_LEN } /* END_CASE */ @@ -894,54 +886,52 @@ void mpi_mod_raw_cond_assign( data_t * input_X, mbedtls_mpi_mod_modulus m; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); - size_t len_m = len_Y; + size_t limbs = limbs_X; + size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X <= MAX_LEN ); - TEST_ASSERT( limbs_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X == limbs_Y ); - ASSERT_ALLOC( X, len_X ); - ASSERT_ALLOC( Y, len_Y ); + ASSERT_ALLOC( X, len ); + ASSERT_ALLOC( Y, len ); - ASSERT_ALLOC( buff_m, len_m ); - memset( buff_m, 0, len_m ); + ASSERT_ALLOC( buff_m, len ); + memset( buff_m, 0, len ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, limbs_Y, + &m, buff_m, limbs, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs_X, + TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs_Y, + TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs, input_Y->x, input_Y->len ) == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len_Y, Y, len_Y ); + ASSERT_COMPARE( X, len, Y, len ); exit: mbedtls_free( X ); @@ -949,8 +939,6 @@ exit: mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( buff_m ); - - #undef MAX_LEN } /* END_CASE */ @@ -958,7 +946,6 @@ exit: void mpi_mod_raw_cond_swap( data_t * input_X, data_t * input_Y ) { - #define MAX_LEN 64 mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; mbedtls_mpi_uint *X = NULL; @@ -967,58 +954,56 @@ void mpi_mod_raw_cond_swap( data_t * input_X, mbedtls_mpi_mod_modulus m; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); - size_t len_X = limbs_X * sizeof( mbedtls_mpi_uint ); - size_t len_Y = limbs_Y * sizeof( mbedtls_mpi_uint ); - size_t len_m = len_X; + size_t limbs = limbs_X; + size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X <= MAX_LEN ); - TEST_ASSERT( limbs_Y <= MAX_LEN ); + TEST_ASSERT( limbs_X == limbs_Y ); - ASSERT_ALLOC( tmp_X, len_X ); - ASSERT_ALLOC( tmp_Y, len_Y ); + ASSERT_ALLOC( tmp_X, len ); + ASSERT_ALLOC( tmp_Y, len ); - ASSERT_ALLOC( buff_m, len_m ); - memset( buff_m, 0, len_m ); + ASSERT_ALLOC( buff_m, len ); + memset( buff_m, 0, len ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, limbs_X, + &m, buff_m, limbs, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs_X, input_X->x, input_X->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len ) == 0 ); - ASSERT_ALLOC( X, len_X ); - memcpy( X, tmp_X, len_X ); + ASSERT_ALLOC( X, len ); + memcpy( X, tmp_X, len ); - TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs_Y, input_Y->x, input_Y->len ) + TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len ) == 0 ); - ASSERT_ALLOC( Y, len_Y ); - memcpy( Y, tmp_Y, len_Y ); + ASSERT_ALLOC( Y, len ); + memcpy( Y, tmp_Y, len ); /* condition is false */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len_X, tmp_X, len_X ); - ASSERT_COMPARE( Y, len_Y, tmp_Y, len_Y ); + ASSERT_COMPARE( X, len, tmp_X, len ); + ASSERT_COMPARE( Y, len, tmp_Y, len ); /* condition is true */ - TEST_CF_SECRET( X, len_X ); - TEST_CF_SECRET( Y, len_Y ); + TEST_CF_SECRET( X, len ); + TEST_CF_SECRET( Y, len ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len_X ); - TEST_CF_PUBLIC( Y, len_Y ); + TEST_CF_PUBLIC( X, len ); + TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len_m, tmp_Y, len_Y ); - ASSERT_COMPARE( Y, len_m, tmp_X, len_X ); + ASSERT_COMPARE( X, len, tmp_Y, len ); + ASSERT_COMPARE( Y, len, tmp_X, len ); exit: mbedtls_free( tmp_X ); @@ -1028,8 +1013,6 @@ exit: mbedtls_mpi_mod_modulus_free( &m ); mbedtls_free( buff_m ); - - #undef MAX_LEN } /* END_CASE */ From 02e5d439dbe81a932aacfe2ed549954a6f04c00d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 3 Oct 2022 16:45:11 +0200 Subject: [PATCH 25/39] Add more tests for cond_assign/swap functions Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 59 ++++++++++++++++---- tests/suites/test_suite_mpi.function | 80 +++++++++++++++++++++------- 2 files changed, 110 insertions(+), 29 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 7868a24f8..754652be6 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -681,23 +681,62 @@ mpi_core_lt_ct:"11FFFFFFFFFFFFFFFF":"FF1111111111111111":1 mbedtls_mpi_core_lt_ct: x>y (alternating limbs) mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 -mbedtls_mpi_core_cond_assign -mpi_core_cond_assign:"FFFFFFFF":"11111111" +mbedtls_mpi_core_cond_assign: 1 limb +mpi_core_cond_assign:"FFFFFFFF":"11111111":4:0 + +mbedtls_mpi_core_cond_assign: more limbs +mpi_core_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 + +mbedtls_mpi_core_cond_assign: copy 256 bytes of limbs +mpi_core_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"6E3173EEAC8D68A5AB53D259F32D9E9C298FD2C4FAD3BEE9151DC103EA2382F5480C7D11F451C060A1E3D887E05A620EF6395763CB7A40FC473DD0771456A018E18635EA971C36DCAD09D60E8BD0E2E0CCD1AECB8BE0ABA881DBE60163F6C45947EC0B05FDAAA3DF944627DD4FACBAD3FF2AB4B99D91E548C06A4AF320A9CA0D2FD0CB19B90B9D6A8BF59CB631DD925B6DEA621FE962099D3D0BED6B13C0C546DC6B563A7FC63B1B77D277897DD7B9DF28C4C9213A183B83D982964C6AD8192CE7354B11ED727EDEF85074C46E4E2E6C1728FB7980385CDB36512F927847C6A14A118624ABC12B09DBEE60D651B5431AAD982228C61655EABB80C263871AE1CF":256:0 + +mbedtls_mpi_core_cond_assign: copy half of the limbs +mpi_core_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 mbedtls_mpi_core_cond_swap: same value -mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF" +mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":4:0 -mbedtls_mpi_core_cond_swap: different value -mpi_core_cond_swap:"FFFFFFFF":"11111111" +mbedtls_mpi_core_cond_swap: 1 limb +mpi_core_cond_swap:"FFFFFFFF":"11111111":4:0 -mbedtls_mpi_mod_raw_cond_assign -mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111" +mbedtls_mpi_core_cond_swap: more limbs +mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 + +mbedtls_mpi_core_cond_swap: copy 256 bytes of limbs +mpi_core_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"9FBBA284460D8EAB5E0D66B634BD18FBA58C0C25417DD637526A7622C6425B46E09AEFBB8C2340AC823DFE990A62C85DB23BCDBEA734134606CEEB4BCF7444569D5EC4E32341ED09D7A5D0BB8B11D7B726BAECCF37D4FC1BEBD892CADD7BE9E093343C1A68D7A188DFE145C1EDBD8048B24E20A076F981D75ABE44318ADC40ED316C444774B6A90D3EE49557315AA6FAB162A498C0B2E2C15BD94186A665E12DDC39211583FA5F21218A3B46999FEBA4DFF454FB6ED35B8F3AE5F8EA840838BD76006DA112F85EDAA2CC07518FFC9724D5695BAF74F16C8D1A3A06029D2F5C1023D9E8A84D1267BD9AF82D1F5F77092D34BE4E8C4D1EA8C58F90B094DCFD6920":256:0 + +mbedtls_mpi_core_cond_swap: copy half of the limbs +mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 + +mbedtls_mpi_mod_raw_cond_assign: 1 limb +mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":4:0 + +mbedtls_mpi_mod_raw_cond_assign: more limbs +mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 + +mbedtls_mpi_mod_raw_cond_assign: copy 256 bytes of limbs +mpi_mod_raw_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"38AAE958A11CCE9F4B4D0EDF64D31DF6FEA451D56B3BAB3DB796739B96C5C9C619DAE2AD5394D41FC3746A4F35BA186F02D908E900A2BA5AC95D494378A6A6FC619801DA3F3B4C5BAAA49B16DD3B2EF9AFB4B82449F90628E1438405D321ACA8476EA3E7124D46D5F25CD57143F2C6A022F7D6EBF7C726AEF56D97E3944EACD627A814D2F546F5A659DD316AE57584BC46F0D976D537E78AB09D2599BB0F073366C541CEF4B6D76FE72D000A01167FCE506B805B295C12BFCAA3B768D8E6AA50D939BDB519A94000B7B18B2D36AE888EDC33DC933E9612D112BB7A95D0748F175E69F00B9D8470C64E27B4FF39551B09FF046F864E9FC22A3E1F73570DF31214":256:0 + +mbedtls_mpi_mod_raw_cond_assign: copy half of the limbs +mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 mbedtls_mpi_mod_raw_cond_swap: same value -mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF" +mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":4:0 -mbedtls_mpi_mod_raw_cond_swap: different value -mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111" +mbedtls_mpi_mod_raw_cond_swap: same value +mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":4:0 + +mbedtls_mpi_mod_raw_cond_swap: 1 limb +mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":4:0 + +mbedtls_mpi_mod_raw_cond_swap: more limbs +mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 + +mbedtls_mpi_mod_raw_cond_swap: copy 256 bytes of limbs +mpi_mod_raw_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"A6154F6146E5AE06C705EF228DB022B4C0C908D9FF11E83CB0836A37DD11D72B5AE0D053B6D0B376B015E3B09DCC04644F12CBCBD0407300DEDA1D817E99A030BA128A57494F6C6BC650A840B70B3A1CDF8A75A387184C93DEF02DD538C60E8764AD2E4600952E09D24DC5524AB34070D25D204174D23B2BFDACBC67F8973C47FAF01CE9810130934AB6A94C5E6D223EDEAE904FD18368231AC3113C2CD73E879124CE21FC379C695C41D6861F5FB957570C3E6EF61F4FBA5D9945FB42931FC8E68370177DB313BEB7AF79B1F0F872368946FF35BD059E60677342EB3A0431714044AD508CD244B7CE200C5DC75B3BC7846A4CF0436C9288F2153124C9283171":256:0 + +mbedtls_mpi_mod_raw_cond_swap: copy half of the limbs +mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 Base test mbedtls_mpi_lt_mpi_ct #1 mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index a74136bcc..1e579e99e 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -765,16 +765,20 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_assign( data_t * input_X, - data_t * input_Y ) + data_t * input_Y, + int input_len, + int is_fail ) { mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; + size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); TEST_ASSERT( limbs_X == limbs_Y ); + TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( X, len ); ASSERT_ALLOC( Y, len ); @@ -789,7 +793,7 @@ void mpi_core_cond_assign( data_t * input_X, TEST_CF_SECRET( X, len ); TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_assign( X, Y, limbs, 0 ); + mbedtls_mpi_core_cond_assign( X, Y, copy_limbs, 0 ); TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); @@ -800,12 +804,15 @@ void mpi_core_cond_assign( data_t * input_X, TEST_CF_SECRET( X, len ); TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_assign( X, Y, limbs, 1 ); + mbedtls_mpi_core_cond_assign( X, Y, copy_limbs, 1 ); TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len, Y, len ); + if( is_fail ) + TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + else + ASSERT_COMPARE( X, len, Y, len ); exit: mbedtls_free( X ); @@ -815,7 +822,9 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_swap( data_t * input_X, - data_t * input_Y ) + data_t * input_Y, + int input_len, + int is_fail ) { mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; @@ -824,9 +833,11 @@ void mpi_core_cond_swap( data_t * input_X, size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; + size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); TEST_ASSERT( limbs_X == limbs_Y ); + TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( tmp_X, len ); ASSERT_ALLOC( tmp_Y, len ); @@ -847,7 +858,7 @@ void mpi_core_cond_swap( data_t * input_X, TEST_CF_SECRET( X, len ); TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_swap( X, Y, limbs, 0 ); + mbedtls_mpi_core_cond_swap( X, Y, copy_limbs, 0 ); TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); @@ -859,13 +870,23 @@ void mpi_core_cond_swap( data_t * input_X, TEST_CF_SECRET( X, len ); TEST_CF_SECRET( Y, len ); - mbedtls_mpi_core_cond_swap( X, Y, limbs, 1 ); + mbedtls_mpi_core_cond_swap( X, Y, copy_limbs, 1 ); TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len, tmp_Y, len ); - ASSERT_COMPARE( Y, len, tmp_X, len ); + if( is_fail ) + { + TEST_ASSERT( memcmp( X, tmp_X, len ) != 0 ); + TEST_ASSERT( memcmp( X, tmp_Y, len ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_X, len ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_Y, len ) != 0 ); + } + else + { + ASSERT_COMPARE( X, len, tmp_Y, len ); + ASSERT_COMPARE( Y, len, tmp_X, len ); + } exit: mbedtls_free( tmp_X ); @@ -877,7 +898,9 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_assign( data_t * input_X, - data_t * input_Y ) + data_t * input_Y, + int input_len, + int is_fail ) { #define MAX_LEN 64 mbedtls_mpi_uint *X = NULL; @@ -887,9 +910,11 @@ void mpi_mod_raw_cond_assign( data_t * input_X, size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; + size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); TEST_ASSERT( limbs_X == limbs_Y ); + TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( X, len ); ASSERT_ALLOC( Y, len ); @@ -898,7 +923,7 @@ void mpi_mod_raw_cond_assign( data_t * input_X, memset( buff_m, 0, len ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, limbs, + &m, buff_m, copy_limbs, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); @@ -920,7 +945,7 @@ void mpi_mod_raw_cond_assign( data_t * input_X, TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - TEST_ASSERT( memcmp( X, Y, m.limbs * sizeof( mbedtls_mpi_uint ) ) != 0 ); + TEST_ASSERT( memcmp( X, Y, len ) != 0 ); /* condition is true */ TEST_CF_SECRET( X, len ); @@ -931,7 +956,10 @@ void mpi_mod_raw_cond_assign( data_t * input_X, TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len, Y, len ); + if( is_fail ) + TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + else + ASSERT_COMPARE( X, len, Y, len ); exit: mbedtls_free( X ); @@ -944,7 +972,9 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_swap( data_t * input_X, - data_t * input_Y ) + data_t * input_Y, + int input_len, + int is_fail ) { mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; @@ -955,18 +985,20 @@ void mpi_mod_raw_cond_swap( data_t * input_X, size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; + size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); TEST_ASSERT( limbs_X == limbs_Y ); + TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( tmp_X, len ); ASSERT_ALLOC( tmp_Y, len ); - ASSERT_ALLOC( buff_m, len ); - memset( buff_m, 0, len ); + ASSERT_ALLOC( buff_m, input_len ); + memset( buff_m, 0, input_len ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( - &m, buff_m, limbs, + &m, buff_m, copy_limbs, MBEDTLS_MPI_MOD_EXT_REP_BE, MBEDTLS_MPI_MOD_REP_MONTGOMERY ) == 0 ); @@ -1002,8 +1034,18 @@ void mpi_mod_raw_cond_swap( data_t * input_X, TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - ASSERT_COMPARE( X, len, tmp_Y, len ); - ASSERT_COMPARE( Y, len, tmp_X, len ); + if( is_fail ) + { + TEST_ASSERT( memcmp( X, tmp_X, len ) != 0 ); + TEST_ASSERT( memcmp( X, tmp_Y, len ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_X, len ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_Y, len ) != 0 ); + } + else + { + ASSERT_COMPARE( X, len, tmp_Y, len ); + ASSERT_COMPARE( Y, len, tmp_X, len ); + } exit: mbedtls_free( tmp_X ); From dba2677597c5aa11f7b931b0f85186ebdb06c87d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 3 Oct 2022 17:01:02 +0200 Subject: [PATCH 26/39] Update documentation Signed-off-by: Gabor Mezei --- library/bignum_core.h | 2 +- library/bignum_mod_raw.h | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 493ec12cd..bd246d5e3 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -79,7 +79,7 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * the condition was true or not. * * \param[out] X The address of the first MPI. This must be initialized. - * It must have at least \p limbs limbs. + * Must have enough limbs to store the full value of \p A. * \param[in] A The address of the second MPI. This must be initialized. * \param limbs The number of limbs of \p A. * \param assign The condition deciding whether to perform the diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 231bb72d3..845ebaa5a 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -37,7 +37,10 @@ * \brief Perform a safe conditional copy of MPI which doesn't reveal whether * the condition was true or not. * + * The size to copy is determined by \p N. + * * \param[out] X The address of the first MPI. This must be initialized. + * Must have enough limbs to store the full value of \p A. * \param[in] A The address of the second MPI. This must be initialized. * \param[in] N The address of the modulus related to \p X and \p A. * \param assign The condition deciding whether to perform the @@ -61,6 +64,8 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, * \brief Perform a safe conditional swap of MPI which doesn't reveal whether * the condition was true or not. * + * The size to swap is determined by \p N. + * * \param[in,out] X The address of the first MPI. This must be initialized. * \param[in,out] Y The address of the second MPI. This must be initialized. * \param[in] N The address of the modulus related to \p X and \p Y. From 8fcde5bb8ee4b08ddf3ebf346474568f3b952440 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 4 Oct 2022 13:53:33 +0200 Subject: [PATCH 27/39] Remove duplicate test case Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 754652be6..581f2f4d2 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -723,9 +723,6 @@ mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDC mbedtls_mpi_mod_raw_cond_swap: same value mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":4:0 -mbedtls_mpi_mod_raw_cond_swap: same value -mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":4:0 - mbedtls_mpi_mod_raw_cond_swap: 1 limb mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":4:0 From 251cb632f113814f9f089d19c4ab2771ba033cf5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Oct 2022 13:02:21 +0200 Subject: [PATCH 28/39] Remove unused macro definition Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 1e579e99e..985801b9a 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -902,7 +902,6 @@ void mpi_mod_raw_cond_assign( data_t * input_X, int input_len, int is_fail ) { - #define MAX_LEN 64 mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; mbedtls_mpi_uint *buff_m = NULL; From d6441da4c50f0c88930d3fd9158c516c99c73812 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Oct 2022 13:05:16 +0200 Subject: [PATCH 29/39] Remove redundant memory initialization When memory is allocated it is also initialized with 0. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 985801b9a..bfadde9d3 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -919,7 +919,6 @@ void mpi_mod_raw_cond_assign( data_t * input_X, ASSERT_ALLOC( Y, len ); ASSERT_ALLOC( buff_m, len ); - memset( buff_m, 0, len ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs, @@ -994,7 +993,6 @@ void mpi_mod_raw_cond_swap( data_t * input_X, ASSERT_ALLOC( tmp_Y, len ); ASSERT_ALLOC( buff_m, input_len ); - memset( buff_m, 0, input_len ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs, From d71eb0c3ac1295f70506e97ef73b612e8e526cb6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Oct 2022 13:09:04 +0200 Subject: [PATCH 30/39] Use better test macro Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index bfadde9d3..f1673814f 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -777,7 +777,7 @@ void mpi_core_cond_assign( data_t * input_X, size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X == limbs_Y ); + TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( X, len ); @@ -836,7 +836,7 @@ void mpi_core_cond_swap( data_t * input_X, size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X == limbs_Y ); + TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( tmp_X, len ); @@ -912,7 +912,7 @@ void mpi_mod_raw_cond_assign( data_t * input_X, size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X == limbs_Y ); + TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( X, len ); @@ -986,7 +986,7 @@ void mpi_mod_raw_cond_swap( data_t * input_X, size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_X == limbs_Y ); + TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); ASSERT_ALLOC( tmp_X, len ); From e9c013c22218981a79d98fe7a472786b68c5fc41 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Oct 2022 14:26:57 +0200 Subject: [PATCH 31/39] Handle if parameters are alised Signed-off-by: Gabor Mezei --- library/bignum_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/bignum_core.c b/library/bignum_core.c index 233b22ded..847ed6eb0 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -167,6 +167,9 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, size_t limbs, unsigned char assign ) { + if( X == A ) + return; + mbedtls_ct_mpi_uint_cond_assign( limbs, X, A, assign ); } @@ -175,6 +178,9 @@ void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, size_t limbs, unsigned char swap ) { + if( X == Y ) + return; + /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( swap ); From d7edb1d22569dd7b92593983a158f3876883873e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Oct 2022 14:32:09 +0200 Subject: [PATCH 32/39] Initialize variable Signed-off-by: Gabor Mezei --- library/constant_time.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/constant_time.c b/library/constant_time.c index d01998bd7..2b62bc176 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -708,7 +708,8 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap ) { - int ret, s; + int ret = 0; + int s; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( Y != NULL ); From a67a1a3ebc170a4d4dbe0d054159103a75698d07 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Oct 2022 15:25:59 +0200 Subject: [PATCH 33/39] Remove the 'is_fail' parameter from the test functions Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 36 ++++++++++++------------ tests/suites/test_suite_mpi.function | 42 ++++++++++++++++++++-------- 2 files changed, 48 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 581f2f4d2..e7d0665e9 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -682,58 +682,58 @@ mbedtls_mpi_core_lt_ct: x>y (alternating limbs) mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 mbedtls_mpi_core_cond_assign: 1 limb -mpi_core_cond_assign:"FFFFFFFF":"11111111":4:0 +mpi_core_cond_assign:"FFFFFFFF":"11111111":4 mbedtls_mpi_core_cond_assign: more limbs -mpi_core_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 +mpi_core_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 mbedtls_mpi_core_cond_assign: copy 256 bytes of limbs -mpi_core_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"6E3173EEAC8D68A5AB53D259F32D9E9C298FD2C4FAD3BEE9151DC103EA2382F5480C7D11F451C060A1E3D887E05A620EF6395763CB7A40FC473DD0771456A018E18635EA971C36DCAD09D60E8BD0E2E0CCD1AECB8BE0ABA881DBE60163F6C45947EC0B05FDAAA3DF944627DD4FACBAD3FF2AB4B99D91E548C06A4AF320A9CA0D2FD0CB19B90B9D6A8BF59CB631DD925B6DEA621FE962099D3D0BED6B13C0C546DC6B563A7FC63B1B77D277897DD7B9DF28C4C9213A183B83D982964C6AD8192CE7354B11ED727EDEF85074C46E4E2E6C1728FB7980385CDB36512F927847C6A14A118624ABC12B09DBEE60D651B5431AAD982228C61655EABB80C263871AE1CF":256:0 +mpi_core_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"6E3173EEAC8D68A5AB53D259F32D9E9C298FD2C4FAD3BEE9151DC103EA2382F5480C7D11F451C060A1E3D887E05A620EF6395763CB7A40FC473DD0771456A018E18635EA971C36DCAD09D60E8BD0E2E0CCD1AECB8BE0ABA881DBE60163F6C45947EC0B05FDAAA3DF944627DD4FACBAD3FF2AB4B99D91E548C06A4AF320A9CA0D2FD0CB19B90B9D6A8BF59CB631DD925B6DEA621FE962099D3D0BED6B13C0C546DC6B563A7FC63B1B77D277897DD7B9DF28C4C9213A183B83D982964C6AD8192CE7354B11ED727EDEF85074C46E4E2E6C1728FB7980385CDB36512F927847C6A14A118624ABC12B09DBEE60D651B5431AAD982228C61655EABB80C263871AE1CF":256 mbedtls_mpi_core_cond_assign: copy half of the limbs -mpi_core_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 +mpi_core_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8 mbedtls_mpi_core_cond_swap: same value -mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":4:0 +mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":4 mbedtls_mpi_core_cond_swap: 1 limb -mpi_core_cond_swap:"FFFFFFFF":"11111111":4:0 +mpi_core_cond_swap:"FFFFFFFF":"11111111":4 mbedtls_mpi_core_cond_swap: more limbs -mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 +mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 mbedtls_mpi_core_cond_swap: copy 256 bytes of limbs -mpi_core_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"9FBBA284460D8EAB5E0D66B634BD18FBA58C0C25417DD637526A7622C6425B46E09AEFBB8C2340AC823DFE990A62C85DB23BCDBEA734134606CEEB4BCF7444569D5EC4E32341ED09D7A5D0BB8B11D7B726BAECCF37D4FC1BEBD892CADD7BE9E093343C1A68D7A188DFE145C1EDBD8048B24E20A076F981D75ABE44318ADC40ED316C444774B6A90D3EE49557315AA6FAB162A498C0B2E2C15BD94186A665E12DDC39211583FA5F21218A3B46999FEBA4DFF454FB6ED35B8F3AE5F8EA840838BD76006DA112F85EDAA2CC07518FFC9724D5695BAF74F16C8D1A3A06029D2F5C1023D9E8A84D1267BD9AF82D1F5F77092D34BE4E8C4D1EA8C58F90B094DCFD6920":256:0 +mpi_core_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"9FBBA284460D8EAB5E0D66B634BD18FBA58C0C25417DD637526A7622C6425B46E09AEFBB8C2340AC823DFE990A62C85DB23BCDBEA734134606CEEB4BCF7444569D5EC4E32341ED09D7A5D0BB8B11D7B726BAECCF37D4FC1BEBD892CADD7BE9E093343C1A68D7A188DFE145C1EDBD8048B24E20A076F981D75ABE44318ADC40ED316C444774B6A90D3EE49557315AA6FAB162A498C0B2E2C15BD94186A665E12DDC39211583FA5F21218A3B46999FEBA4DFF454FB6ED35B8F3AE5F8EA840838BD76006DA112F85EDAA2CC07518FFC9724D5695BAF74F16C8D1A3A06029D2F5C1023D9E8A84D1267BD9AF82D1F5F77092D34BE4E8C4D1EA8C58F90B094DCFD6920":256 mbedtls_mpi_core_cond_swap: copy half of the limbs -mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 +mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8 mbedtls_mpi_mod_raw_cond_assign: 1 limb -mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":4:0 +mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":4 mbedtls_mpi_mod_raw_cond_assign: more limbs -mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 +mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 mbedtls_mpi_mod_raw_cond_assign: copy 256 bytes of limbs -mpi_mod_raw_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"38AAE958A11CCE9F4B4D0EDF64D31DF6FEA451D56B3BAB3DB796739B96C5C9C619DAE2AD5394D41FC3746A4F35BA186F02D908E900A2BA5AC95D494378A6A6FC619801DA3F3B4C5BAAA49B16DD3B2EF9AFB4B82449F90628E1438405D321ACA8476EA3E7124D46D5F25CD57143F2C6A022F7D6EBF7C726AEF56D97E3944EACD627A814D2F546F5A659DD316AE57584BC46F0D976D537E78AB09D2599BB0F073366C541CEF4B6D76FE72D000A01167FCE506B805B295C12BFCAA3B768D8E6AA50D939BDB519A94000B7B18B2D36AE888EDC33DC933E9612D112BB7A95D0748F175E69F00B9D8470C64E27B4FF39551B09FF046F864E9FC22A3E1F73570DF31214":256:0 +mpi_mod_raw_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"38AAE958A11CCE9F4B4D0EDF64D31DF6FEA451D56B3BAB3DB796739B96C5C9C619DAE2AD5394D41FC3746A4F35BA186F02D908E900A2BA5AC95D494378A6A6FC619801DA3F3B4C5BAAA49B16DD3B2EF9AFB4B82449F90628E1438405D321ACA8476EA3E7124D46D5F25CD57143F2C6A022F7D6EBF7C726AEF56D97E3944EACD627A814D2F546F5A659DD316AE57584BC46F0D976D537E78AB09D2599BB0F073366C541CEF4B6D76FE72D000A01167FCE506B805B295C12BFCAA3B768D8E6AA50D939BDB519A94000B7B18B2D36AE888EDC33DC933E9612D112BB7A95D0748F175E69F00B9D8470C64E27B4FF39551B09FF046F864E9FC22A3E1F73570DF31214":256 mbedtls_mpi_mod_raw_cond_assign: copy half of the limbs -mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 +mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8 mbedtls_mpi_mod_raw_cond_swap: same value -mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":4:0 +mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":4 mbedtls_mpi_mod_raw_cond_swap: 1 limb -mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":4:0 +mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":4 mbedtls_mpi_mod_raw_cond_swap: more limbs -mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16:0 +mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 mbedtls_mpi_mod_raw_cond_swap: copy 256 bytes of limbs -mpi_mod_raw_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"A6154F6146E5AE06C705EF228DB022B4C0C908D9FF11E83CB0836A37DD11D72B5AE0D053B6D0B376B015E3B09DCC04644F12CBCBD0407300DEDA1D817E99A030BA128A57494F6C6BC650A840B70B3A1CDF8A75A387184C93DEF02DD538C60E8764AD2E4600952E09D24DC5524AB34070D25D204174D23B2BFDACBC67F8973C47FAF01CE9810130934AB6A94C5E6D223EDEAE904FD18368231AC3113C2CD73E879124CE21FC379C695C41D6861F5FB957570C3E6EF61F4FBA5D9945FB42931FC8E68370177DB313BEB7AF79B1F0F872368946FF35BD059E60677342EB3A0431714044AD508CD244B7CE200C5DC75B3BC7846A4CF0436C9288F2153124C9283171":256:0 +mpi_mod_raw_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"A6154F6146E5AE06C705EF228DB022B4C0C908D9FF11E83CB0836A37DD11D72B5AE0D053B6D0B376B015E3B09DCC04644F12CBCBD0407300DEDA1D817E99A030BA128A57494F6C6BC650A840B70B3A1CDF8A75A387184C93DEF02DD538C60E8764AD2E4600952E09D24DC5524AB34070D25D204174D23B2BFDACBC67F8973C47FAF01CE9810130934AB6A94C5E6D223EDEAE904FD18368231AC3113C2CD73E879124CE21FC379C695C41D6861F5FB957570C3E6EF61F4FBA5D9945FB42931FC8E68370177DB313BEB7AF79B1F0F872368946FF35BD059E60677342EB3A0431714044AD508CD244B7CE200C5DC75B3BC7846A4CF0436C9288F2153124C9283171":256 mbedtls_mpi_mod_raw_cond_swap: copy half of the limbs -mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8:1 +mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8 Base test mbedtls_mpi_lt_mpi_ct #1 mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index f1673814f..6ac36c40a 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -766,8 +766,7 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_assign( data_t * input_X, data_t * input_Y, - int input_len, - int is_fail ) + int input_len ) { mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; @@ -776,6 +775,7 @@ void mpi_core_cond_assign( data_t * input_X, size_t limbs = limbs_X; size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -809,8 +809,13 @@ void mpi_core_cond_assign( data_t * input_X, TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - if( is_fail ) + /* Check if the given length is copied even it is smaller + than the length of the given MPIs. */ + if( copy_limbs != limbs ) + { + ASSERT_COMPARE( X, copy_len, Y, copy_len ); TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + } else ASSERT_COMPARE( X, len, Y, len ); @@ -823,8 +828,7 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_swap( data_t * input_X, data_t * input_Y, - int input_len, - int is_fail ) + int input_len ) { mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; @@ -835,6 +839,7 @@ void mpi_core_cond_swap( data_t * input_X, size_t limbs = limbs_X; size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -875,8 +880,12 @@ void mpi_core_cond_swap( data_t * input_X, TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - if( is_fail ) + /* Check if the given length is copied even it is smaller + than the length of the given MPIs. */ + if( copy_limbs != limbs ) { + ASSERT_COMPARE( X, copy_len, tmp_Y, copy_len ); + ASSERT_COMPARE( Y, copy_len, tmp_X, copy_len ); TEST_ASSERT( memcmp( X, tmp_X, len ) != 0 ); TEST_ASSERT( memcmp( X, tmp_Y, len ) != 0 ); TEST_ASSERT( memcmp( Y, tmp_X, len ) != 0 ); @@ -899,8 +908,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_assign( data_t * input_X, data_t * input_Y, - int input_len, - int is_fail ) + int input_len ) { mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; @@ -911,6 +919,7 @@ void mpi_mod_raw_cond_assign( data_t * input_X, size_t limbs = limbs_X; size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -954,8 +963,13 @@ void mpi_mod_raw_cond_assign( data_t * input_X, TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - if( is_fail ) + /* Check if the given length is copied even it is smaller + than the length of the given MPIs. */ + if( copy_limbs != limbs ) + { + ASSERT_COMPARE( X, copy_len, Y, copy_len ); TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + } else ASSERT_COMPARE( X, len, Y, len ); @@ -971,8 +985,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_swap( data_t * input_X, data_t * input_Y, - int input_len, - int is_fail ) + int input_len ) { mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; @@ -985,6 +998,7 @@ void mpi_mod_raw_cond_swap( data_t * input_X, size_t limbs = limbs_X; size_t copy_limbs = CHARS_TO_LIMBS( input_len ); size_t len = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -1031,8 +1045,12 @@ void mpi_mod_raw_cond_swap( data_t * input_X, TEST_CF_PUBLIC( X, len ); TEST_CF_PUBLIC( Y, len ); - if( is_fail ) + /* Check if the given length is copied even it is smaller + than the length of the given MPIs. */ + if( copy_limbs != limbs ) { + ASSERT_COMPARE( X, copy_len, tmp_Y, copy_len ); + ASSERT_COMPARE( Y, copy_len, tmp_X, copy_len ); TEST_ASSERT( memcmp( X, tmp_X, len ) != 0 ); TEST_ASSERT( memcmp( X, tmp_Y, len ) != 0 ); TEST_ASSERT( memcmp( Y, tmp_X, len ) != 0 ); From 44ba2f6db919fc0e7008e4eb2c9b546e9c6b78c6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Oct 2022 15:32:12 +0200 Subject: [PATCH 34/39] Add more test cases Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.data | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index e7d0665e9..860546edd 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -684,9 +684,15 @@ mpi_core_lt_ct:"FF1111111111111111":"11FFFFFFFFFFFFFFFF":0 mbedtls_mpi_core_cond_assign: 1 limb mpi_core_cond_assign:"FFFFFFFF":"11111111":4 -mbedtls_mpi_core_cond_assign: more limbs +mbedtls_mpi_core_cond_assign: more limbs #1 mpi_core_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 +mbedtls_mpi_core_cond_assign: more limbs #2 +mpi_core_cond_assign:"11111111EEEEEEEE77777777CCCCCCCC":"FEDCBA9876543210FEDCBA9876543210":16 + +mbedtls_mpi_core_cond_assign: more limbs #3 +mpi_core_cond_assign:"562D2B7E83BDC6FF783CEC0D6F46EAE7":"4C314E3B5CEB009C25F3300D5ECF670A":16 + mbedtls_mpi_core_cond_assign: copy 256 bytes of limbs mpi_core_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"6E3173EEAC8D68A5AB53D259F32D9E9C298FD2C4FAD3BEE9151DC103EA2382F5480C7D11F451C060A1E3D887E05A620EF6395763CB7A40FC473DD0771456A018E18635EA971C36DCAD09D60E8BD0E2E0CCD1AECB8BE0ABA881DBE60163F6C45947EC0B05FDAAA3DF944627DD4FACBAD3FF2AB4B99D91E548C06A4AF320A9CA0D2FD0CB19B90B9D6A8BF59CB631DD925B6DEA621FE962099D3D0BED6B13C0C546DC6B563A7FC63B1B77D277897DD7B9DF28C4C9213A183B83D982964C6AD8192CE7354B11ED727EDEF85074C46E4E2E6C1728FB7980385CDB36512F927847C6A14A118624ABC12B09DBEE60D651B5431AAD982228C61655EABB80C263871AE1CF":256 @@ -699,9 +705,15 @@ mpi_core_cond_swap:"FFFFFFFF":"FFFFFFFF":4 mbedtls_mpi_core_cond_swap: 1 limb mpi_core_cond_swap:"FFFFFFFF":"11111111":4 -mbedtls_mpi_core_cond_swap: more limbs +mbedtls_mpi_core_cond_swap: more limbs #1 mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 +mbedtls_mpi_core_cond_swap: more limbs #2 +mpi_core_cond_swap:"11111111EEEEEEEE77777777CCCCCCCC":"FEDCBA9876543210FEDCBA9876543210":16 + +mbedtls_mpi_core_cond_swap: more limbs #3 +mpi_core_cond_swap:"562D2B7E83BDC6FF783CEC0D6F46EAE7":"4C314E3B5CEB009C25F3300D5ECF670A":16 + mbedtls_mpi_core_cond_swap: copy 256 bytes of limbs mpi_core_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"9FBBA284460D8EAB5E0D66B634BD18FBA58C0C25417DD637526A7622C6425B46E09AEFBB8C2340AC823DFE990A62C85DB23BCDBEA734134606CEEB4BCF7444569D5EC4E32341ED09D7A5D0BB8B11D7B726BAECCF37D4FC1BEBD892CADD7BE9E093343C1A68D7A188DFE145C1EDBD8048B24E20A076F981D75ABE44318ADC40ED316C444774B6A90D3EE49557315AA6FAB162A498C0B2E2C15BD94186A665E12DDC39211583FA5F21218A3B46999FEBA4DFF454FB6ED35B8F3AE5F8EA840838BD76006DA112F85EDAA2CC07518FFC9724D5695BAF74F16C8D1A3A06029D2F5C1023D9E8A84D1267BD9AF82D1F5F77092D34BE4E8C4D1EA8C58F90B094DCFD6920":256 @@ -711,9 +723,15 @@ mpi_core_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA987 mbedtls_mpi_mod_raw_cond_assign: 1 limb mpi_mod_raw_cond_assign:"FFFFFFFF":"11111111":4 -mbedtls_mpi_mod_raw_cond_assign: more limbs +mbedtls_mpi_mod_raw_cond_assign: more limbs #1 mpi_mod_raw_cond_assign:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 +mbedtls_mpi_mod_raw_cond_assign: more limbs #2 +mpi_mod_raw_cond_assign:"11111111EEEEEEEE77777777CCCCCCCC":"FEDCBA9876543210FEDCBA9876543210":16 + +mbedtls_mpi_mod_raw_cond_assign: more limbs #3 +mpi_mod_raw_cond_assign:"562D2B7E83BDC6FF783CEC0D6F46EAE7":"4C314E3B5CEB009C25F3300D5ECF670A":16 + mbedtls_mpi_mod_raw_cond_assign: copy 256 bytes of limbs mpi_mod_raw_cond_assign:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"38AAE958A11CCE9F4B4D0EDF64D31DF6FEA451D56B3BAB3DB796739B96C5C9C619DAE2AD5394D41FC3746A4F35BA186F02D908E900A2BA5AC95D494378A6A6FC619801DA3F3B4C5BAAA49B16DD3B2EF9AFB4B82449F90628E1438405D321ACA8476EA3E7124D46D5F25CD57143F2C6A022F7D6EBF7C726AEF56D97E3944EACD627A814D2F546F5A659DD316AE57584BC46F0D976D537E78AB09D2599BB0F073366C541CEF4B6D76FE72D000A01167FCE506B805B295C12BFCAA3B768D8E6AA50D939BDB519A94000B7B18B2D36AE888EDC33DC933E9612D112BB7A95D0748F175E69F00B9D8470C64E27B4FF39551B09FF046F864E9FC22A3E1F73570DF31214":256 @@ -726,9 +744,15 @@ mpi_mod_raw_cond_swap:"FFFFFFFF":"FFFFFFFF":4 mbedtls_mpi_mod_raw_cond_swap: 1 limb mpi_mod_raw_cond_swap:"FFFFFFFF":"11111111":4 -mbedtls_mpi_mod_raw_cond_swap: more limbs +mbedtls_mpi_mod_raw_cond_swap: more limbs #1 mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"0123456789ABCDEF0123456789ABCDEF":16 +mbedtls_mpi_mod_raw_cond_swap: more limbs #2 +mpi_mod_raw_cond_swap:"11111111EEEEEEEE77777777CCCCCCCC":"FEDCBA9876543210FEDCBA9876543210":16 + +mbedtls_mpi_mod_raw_cond_swap: more limbs #3 +mpi_mod_raw_cond_swap:"562D2B7E83BDC6FF783CEC0D6F46EAE7":"4C314E3B5CEB009C25F3300D5ECF670A":16 + mbedtls_mpi_mod_raw_cond_swap: copy 256 bytes of limbs mpi_mod_raw_cond_swap:"00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF00000000111111112222222233333333444444445555555566666666777777778888888899999999AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF":"A6154F6146E5AE06C705EF228DB022B4C0C908D9FF11E83CB0836A37DD11D72B5AE0D053B6D0B376B015E3B09DCC04644F12CBCBD0407300DEDA1D817E99A030BA128A57494F6C6BC650A840B70B3A1CDF8A75A387184C93DEF02DD538C60E8764AD2E4600952E09D24DC5524AB34070D25D204174D23B2BFDACBC67F8973C47FAF01CE9810130934AB6A94C5E6D223EDEAE904FD18368231AC3113C2CD73E879124CE21FC379C695C41D6861F5FB957570C3E6EF61F4FBA5D9945FB42931FC8E68370177DB313BEB7AF79B1F0F872368946FF35BD059E60677342EB3A0431714044AD508CD244B7CE200C5DC75B3BC7846A4CF0436C9288F2153124C9283171":256 From 8bcd7cca94f9b7549cf0780d030582d16959a02b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 14 Oct 2022 16:18:10 +0200 Subject: [PATCH 35/39] Use count instead of bytes in ASSERT_ALLOC argument Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 6ac36c40a..18525ed81 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -780,8 +780,8 @@ void mpi_core_cond_assign( data_t * input_X, TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); - ASSERT_ALLOC( X, len ); - ASSERT_ALLOC( Y, len ); + ASSERT_ALLOC( X, limbs ); + ASSERT_ALLOC( Y, limbs ); TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs, input_X->x, input_X->len ) == 0 ); @@ -844,19 +844,19 @@ void mpi_core_cond_swap( data_t * input_X, TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); - ASSERT_ALLOC( tmp_X, len ); - ASSERT_ALLOC( tmp_Y, len ); + ASSERT_ALLOC( tmp_X, limbs ); + ASSERT_ALLOC( tmp_Y, limbs ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len ) == 0 ); - ASSERT_ALLOC( X, len ); + ASSERT_ALLOC( X, limbs ); memcpy( X, tmp_X, len ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len ) == 0 ); - ASSERT_ALLOC( Y, len ); + ASSERT_ALLOC( Y, limbs ); memcpy( Y, tmp_Y, len ); /* condition is false */ @@ -924,10 +924,10 @@ void mpi_mod_raw_cond_assign( data_t * input_X, TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); - ASSERT_ALLOC( X, len ); - ASSERT_ALLOC( Y, len ); + ASSERT_ALLOC( X, limbs ); + ASSERT_ALLOC( Y, limbs ); - ASSERT_ALLOC( buff_m, len ); + ASSERT_ALLOC( buff_m, limbs ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs, @@ -1003,10 +1003,10 @@ void mpi_mod_raw_cond_swap( data_t * input_X, TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); - ASSERT_ALLOC( tmp_X, len ); - ASSERT_ALLOC( tmp_Y, len ); + ASSERT_ALLOC( tmp_X, limbs ); + ASSERT_ALLOC( tmp_Y, limbs ); - ASSERT_ALLOC( buff_m, input_len ); + ASSERT_ALLOC( buff_m, copy_limbs ); mbedtls_mpi_mod_modulus_init( &m ); TEST_ASSERT( mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs, @@ -1016,7 +1016,7 @@ void mpi_mod_raw_cond_swap( data_t * input_X, TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len ) == 0 ); - ASSERT_ALLOC( X, len ); + ASSERT_ALLOC( X, limbs ); memcpy( X, tmp_X, len ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len ) From 4086de667d1f6e091f068bbad1d3582c2946f33a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 14 Oct 2022 16:29:42 +0200 Subject: [PATCH 36/39] Fix documentation Signed-off-by: Gabor Mezei --- library/bignum_core.h | 17 +++++++++-------- library/bignum_mod_raw.h | 17 +++++++++-------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index bd246d5e3..b626fab6e 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -75,12 +75,13 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, size_t A_limbs ); /** - * \brief Perform a safe conditional copy of MPI which doesn't reveal whether - * the condition was true or not. + * \brief Perform a safe conditional copy of an MPI which doesn't reveal + * whether assignment was done or not. * - * \param[out] X The address of the first MPI. This must be initialized. - * Must have enough limbs to store the full value of \p A. - * \param[in] A The address of the second MPI. This must be initialized. + * \param[out] X The address of the destination MPI. + * This must be initialized. Must have enough limbs to + * store the full value of \p A. + * \param[in] A The address of the source MPI. This must be initialized. * \param limbs The number of limbs of \p A. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: @@ -92,7 +93,7 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * * \warning If \p assign is neither 0 nor 1, the result of this function * is indeterminate, and the resulting value in \p X might be - * neither its original value nor the value in \p Y. + * neither its original value nor the value in \p A. */ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, @@ -100,8 +101,8 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, unsigned char assign ); /** - * \brief Perform a safe conditional swap of MPI which doesn't reveal whether - * the condition was true or not. + * \brief Perform a safe conditional swap of two MPIs which doesn't reveal + * whether the swap was done or not. * * \param[in,out] X The address of the first MPI. * This must be initialized. diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 845ebaa5a..f698a9a62 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -34,14 +34,15 @@ #include "bignum_mod.h" /** - * \brief Perform a safe conditional copy of MPI which doesn't reveal whether - * the condition was true or not. + * \brief Perform a safe conditional copy of an MPI which doesn't reveal + * whether the assignment was done or not. * * The size to copy is determined by \p N. * - * \param[out] X The address of the first MPI. This must be initialized. - * Must have enough limbs to store the full value of \p A. - * \param[in] A The address of the second MPI. This must be initialized. + * \param[out] X The address of the destination MPI. + * This must be initialized. Must have enough limbs to + * store the full value of \p A. + * \param[in] A The address of the source MPI. This must be initialized. * \param[in] N The address of the modulus related to \p X and \p A. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: @@ -53,7 +54,7 @@ * * \warning If \p assign is neither 0 nor 1, the result of this function * is indeterminate, and the resulting value in \p X might be - * neither its original value nor the value in \p B. + * neither its original value nor the value in \p A. */ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, @@ -61,8 +62,8 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, unsigned char assign ); /** - * \brief Perform a safe conditional swap of MPI which doesn't reveal whether - * the condition was true or not. + * \brief Perform a safe conditional swap of two MPIs which doesn't reveal + * whether the swap was done or not. * * The size to swap is determined by \p N. * From ffb4aa0ddc7b8d47af24516356a91ea5c09bc33b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 14 Oct 2022 16:39:04 +0200 Subject: [PATCH 37/39] Rename variables to have unambiguous names Use bytes instead of len in the variable names. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 164 +++++++++++++-------------- 1 file changed, 82 insertions(+), 82 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 18525ed81..dcfa75d45 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -766,16 +766,16 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_assign( data_t * input_X, data_t * input_Y, - int input_len ) + int input_bytes ) { mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; - size_t copy_limbs = CHARS_TO_LIMBS( input_len ); - size_t len = limbs * sizeof( mbedtls_mpi_uint ); - size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_limbs = CHARS_TO_LIMBS( input_bytes ); + size_t bytes = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -790,34 +790,34 @@ void mpi_core_cond_assign( data_t * input_X, == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_core_cond_assign( X, Y, copy_limbs, 0 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); - TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + TEST_ASSERT( memcmp( X, Y, bytes ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_core_cond_assign( X, Y, copy_limbs, 1 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); /* Check if the given length is copied even it is smaller - than the length of the given MPIs. */ + than the bytesgth of the given MPIs. */ if( copy_limbs != limbs ) { - ASSERT_COMPARE( X, copy_len, Y, copy_len ); - TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes ); + TEST_ASSERT( memcmp( X, Y, bytes ) != 0 ); } else - ASSERT_COMPARE( X, len, Y, len ); + ASSERT_COMPARE( X, bytes, Y, bytes ); exit: mbedtls_free( X ); @@ -828,7 +828,7 @@ exit: /* BEGIN_CASE */ void mpi_core_cond_swap( data_t * input_X, data_t * input_Y, - int input_len ) + int input_bytes ) { mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; @@ -837,9 +837,9 @@ void mpi_core_cond_swap( data_t * input_X, size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; - size_t copy_limbs = CHARS_TO_LIMBS( input_len ); - size_t len = limbs * sizeof( mbedtls_mpi_uint ); - size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_limbs = CHARS_TO_LIMBS( input_bytes ); + size_t bytes = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -851,50 +851,50 @@ void mpi_core_cond_swap( data_t * input_X, input_X->x, input_X->len ) == 0 ); ASSERT_ALLOC( X, limbs ); - memcpy( X, tmp_X, len ); + memcpy( X, tmp_X, bytes ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len ) == 0 ); ASSERT_ALLOC( Y, limbs ); - memcpy( Y, tmp_Y, len ); + memcpy( Y, tmp_Y, bytes ); /* condition is false */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_core_cond_swap( X, Y, copy_limbs, 0 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); - ASSERT_COMPARE( X, len, tmp_X, len ); - ASSERT_COMPARE( Y, len, tmp_Y, len ); + ASSERT_COMPARE( X, bytes, tmp_X, bytes ); + ASSERT_COMPARE( Y, bytes, tmp_Y, bytes ); /* condition is true */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_core_cond_swap( X, Y, copy_limbs, 1 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if( copy_limbs != limbs ) { - ASSERT_COMPARE( X, copy_len, tmp_Y, copy_len ); - ASSERT_COMPARE( Y, copy_len, tmp_X, copy_len ); - TEST_ASSERT( memcmp( X, tmp_X, len ) != 0 ); - TEST_ASSERT( memcmp( X, tmp_Y, len ) != 0 ); - TEST_ASSERT( memcmp( Y, tmp_X, len ) != 0 ); - TEST_ASSERT( memcmp( Y, tmp_Y, len ) != 0 ); + ASSERT_COMPARE( X, copy_bytes, tmp_Y, copy_bytes ); + ASSERT_COMPARE( Y, copy_bytes, tmp_X, copy_bytes ); + TEST_ASSERT( memcmp( X, tmp_X, bytes ) != 0 ); + TEST_ASSERT( memcmp( X, tmp_Y, bytes ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_X, bytes ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_Y, bytes ) != 0 ); } else { - ASSERT_COMPARE( X, len, tmp_Y, len ); - ASSERT_COMPARE( Y, len, tmp_X, len ); + ASSERT_COMPARE( X, bytes, tmp_Y, bytes ); + ASSERT_COMPARE( Y, bytes, tmp_X, bytes ); } exit: @@ -908,7 +908,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_assign( data_t * input_X, data_t * input_Y, - int input_len ) + int input_bytes ) { mbedtls_mpi_uint *X = NULL; mbedtls_mpi_uint *Y = NULL; @@ -917,9 +917,9 @@ void mpi_mod_raw_cond_assign( data_t * input_X, size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; - size_t copy_limbs = CHARS_TO_LIMBS( input_len ); - size_t len = limbs * sizeof( mbedtls_mpi_uint ); - size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_limbs = CHARS_TO_LIMBS( input_bytes ); + size_t bytes = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -944,34 +944,34 @@ void mpi_mod_raw_cond_assign( data_t * input_X, == 0 ); /* condition is false */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); - TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + TEST_ASSERT( memcmp( X, Y, bytes ) != 0 ); /* condition is true */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if( copy_limbs != limbs ) { - ASSERT_COMPARE( X, copy_len, Y, copy_len ); - TEST_ASSERT( memcmp( X, Y, len ) != 0 ); + ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes ); + TEST_ASSERT( memcmp( X, Y, bytes ) != 0 ); } else - ASSERT_COMPARE( X, len, Y, len ); + ASSERT_COMPARE( X, bytes, Y, bytes ); exit: mbedtls_free( X ); @@ -985,7 +985,7 @@ exit: /* BEGIN_CASE */ void mpi_mod_raw_cond_swap( data_t * input_X, data_t * input_Y, - int input_len ) + int input_bytes ) { mbedtls_mpi_uint *tmp_X = NULL; mbedtls_mpi_uint *tmp_Y = NULL; @@ -996,9 +996,9 @@ void mpi_mod_raw_cond_swap( data_t * input_X, size_t limbs_X = CHARS_TO_LIMBS( input_X->len ); size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len ); size_t limbs = limbs_X; - size_t copy_limbs = CHARS_TO_LIMBS( input_len ); - size_t len = limbs * sizeof( mbedtls_mpi_uint ); - size_t copy_len = copy_limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_limbs = CHARS_TO_LIMBS( input_bytes ); + size_t bytes = limbs * sizeof( mbedtls_mpi_uint ); + size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint ); TEST_EQUAL( limbs_X, limbs_Y ); TEST_ASSERT( copy_limbs <= limbs ); @@ -1017,49 +1017,49 @@ void mpi_mod_raw_cond_swap( data_t * input_X, TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len ) == 0 ); ASSERT_ALLOC( X, limbs ); - memcpy( X, tmp_X, len ); + memcpy( X, tmp_X, bytes ); TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len ) == 0 ); - ASSERT_ALLOC( Y, len ); - memcpy( Y, tmp_Y, len ); + ASSERT_ALLOC( Y, bytes ); + memcpy( Y, tmp_Y, bytes ); /* condition is false */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 0 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); - ASSERT_COMPARE( X, len, tmp_X, len ); - ASSERT_COMPARE( Y, len, tmp_Y, len ); + ASSERT_COMPARE( X, bytes, tmp_X, bytes ); + ASSERT_COMPARE( Y, bytes, tmp_Y, bytes ); /* condition is true */ - TEST_CF_SECRET( X, len ); - TEST_CF_SECRET( Y, len ); + TEST_CF_SECRET( X, bytes ); + TEST_CF_SECRET( Y, bytes ); mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 1 ); - TEST_CF_PUBLIC( X, len ); - TEST_CF_PUBLIC( Y, len ); + TEST_CF_PUBLIC( X, bytes ); + TEST_CF_PUBLIC( Y, bytes ); /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if( copy_limbs != limbs ) { - ASSERT_COMPARE( X, copy_len, tmp_Y, copy_len ); - ASSERT_COMPARE( Y, copy_len, tmp_X, copy_len ); - TEST_ASSERT( memcmp( X, tmp_X, len ) != 0 ); - TEST_ASSERT( memcmp( X, tmp_Y, len ) != 0 ); - TEST_ASSERT( memcmp( Y, tmp_X, len ) != 0 ); - TEST_ASSERT( memcmp( Y, tmp_Y, len ) != 0 ); + ASSERT_COMPARE( X, copy_bytes, tmp_Y, copy_bytes ); + ASSERT_COMPARE( Y, copy_bytes, tmp_X, copy_bytes ); + TEST_ASSERT( memcmp( X, tmp_X, bytes ) != 0 ); + TEST_ASSERT( memcmp( X, tmp_Y, bytes ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_X, bytes ) != 0 ); + TEST_ASSERT( memcmp( Y, tmp_Y, bytes ) != 0 ); } else { - ASSERT_COMPARE( X, len, tmp_Y, len ); - ASSERT_COMPARE( Y, len, tmp_X, len ); + ASSERT_COMPARE( X, bytes, tmp_Y, bytes ); + ASSERT_COMPARE( Y, bytes, tmp_X, bytes ); } exit: From 0c74e084d5ed82407071c437ed0ecd7faa4b176b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 17 Oct 2022 16:09:58 +0200 Subject: [PATCH 38/39] Fix condition Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index dcfa75d45..833b0108c 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -811,7 +811,7 @@ void mpi_core_cond_assign( data_t * input_X, /* Check if the given length is copied even it is smaller than the bytesgth of the given MPIs. */ - if( copy_limbs != limbs ) + if( copy_limbs < limbs ) { ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes ); TEST_ASSERT( memcmp( X, Y, bytes ) != 0 ); @@ -882,7 +882,7 @@ void mpi_core_cond_swap( data_t * input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ - if( copy_limbs != limbs ) + if( copy_limbs < limbs ) { ASSERT_COMPARE( X, copy_bytes, tmp_Y, copy_bytes ); ASSERT_COMPARE( Y, copy_bytes, tmp_X, copy_bytes ); @@ -965,7 +965,7 @@ void mpi_mod_raw_cond_assign( data_t * input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ - if( copy_limbs != limbs ) + if( copy_limbs Date: Tue, 18 Oct 2022 16:44:17 +0200 Subject: [PATCH 39/39] Fix overly replacement in the documentation Signed-off-by: Gabor Mezei --- tests/suites/test_suite_mpi.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 833b0108c..71aa3608b 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -810,7 +810,7 @@ void mpi_core_cond_assign( data_t * input_X, TEST_CF_PUBLIC( Y, bytes ); /* Check if the given length is copied even it is smaller - than the bytesgth of the given MPIs. */ + than the length of the given MPIs. */ if( copy_limbs < limbs ) { ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes );