From 22b0d1adbfb0270ac4c244449f40252dda2112d3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 21 Jan 2023 10:29:00 +0000 Subject: [PATCH] Test memcmp with differences starting after the first byte Signed-off-by: Dave Rodgman --- tests/suites/test_suite_constant_time.data | 74 ++++++++++++------- .../suites/test_suite_constant_time.function | 12 ++- 2 files changed, 56 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data index 2ea3e3e964..91a25faccb 100644 --- a/tests/suites/test_suite_constant_time.data +++ b/tests/suites/test_suite_constant_time.data @@ -14,25 +14,25 @@ mbedtls_ct_memcmp NULL mbedtls_ct_memcmp_null mbedtls_ct_memcmp len 1 -mbedtls_ct_memcmp:1:1:0 +mbedtls_ct_memcmp:-1:1:0 mbedtls_ct_memcmp len 3 -mbedtls_ct_memcmp:1:3:0 +mbedtls_ct_memcmp:-1:3:0 mbedtls_ct_memcmp len 4 -mbedtls_ct_memcmp:1:4:0 +mbedtls_ct_memcmp:-1:4:0 mbedtls_ct_memcmp len 5 -mbedtls_ct_memcmp:1:5:0 +mbedtls_ct_memcmp:-1:5:0 mbedtls_ct_memcmp len 15 -mbedtls_ct_memcmp:1:15:0 +mbedtls_ct_memcmp:-1:15:0 mbedtls_ct_memcmp len 16 -mbedtls_ct_memcmp:1:16:0 +mbedtls_ct_memcmp:-1:16:0 mbedtls_ct_memcmp len 17 -mbedtls_ct_memcmp:1:17:0 +mbedtls_ct_memcmp:-1:17:0 mbedtls_ct_memcmp len 1 different mbedtls_ct_memcmp:0:1:0 @@ -40,38 +40,56 @@ mbedtls_ct_memcmp:0:1:0 mbedtls_ct_memcmp len 17 different mbedtls_ct_memcmp:0:17:0 +mbedtls_ct_memcmp len 17 different 1 +mbedtls_ct_memcmp:1:17:0 + +mbedtls_ct_memcmp len 17 different 4 +mbedtls_ct_memcmp:4:17:0 + +mbedtls_ct_memcmp len 17 different 10 +mbedtls_ct_memcmp:10:17:0 + +mbedtls_ct_memcmp len 17 different 16 +mbedtls_ct_memcmp:16:17:0 + mbedtls_ct_memcmp len 1 offset 1 different mbedtls_ct_memcmp:0:1:1 mbedtls_ct_memcmp len 17 offset 1 different mbedtls_ct_memcmp:0:17:1 -mbedtls_ct_memcmp len 1 offset 1 -mbedtls_ct_memcmp:1:1:1 - -mbedtls_ct_memcmp len 1 offset 2 -mbedtls_ct_memcmp:1:1:2 - -mbedtls_ct_memcmp len 1 offset 3 -mbedtls_ct_memcmp:1:1:3 - -mbedtls_ct_memcmp len 5 offset 1 -mbedtls_ct_memcmp:1:5:1 - -mbedtls_ct_memcmp len 5 offset 2 -mbedtls_ct_memcmp:1:5:2 - -mbedtls_ct_memcmp len 5 offset 3 -mbedtls_ct_memcmp:1:5:3 - -mbedtls_ct_memcmp len 17 offset 1 +mbedtls_ct_memcmp len 17 offset 1 different 1 mbedtls_ct_memcmp:1:17:1 +mbedtls_ct_memcmp len 17 offset 1 different 5 +mbedtls_ct_memcmp:5:17:1 + +mbedtls_ct_memcmp len 1 offset 1 +mbedtls_ct_memcmp:-1:1:1 + +mbedtls_ct_memcmp len 1 offset 2 +mbedtls_ct_memcmp:-1:1:2 + +mbedtls_ct_memcmp len 1 offset 3 +mbedtls_ct_memcmp:-1:1:3 + +mbedtls_ct_memcmp len 5 offset 1 +mbedtls_ct_memcmp:-1:5:1 + +mbedtls_ct_memcmp len 5 offset 2 +mbedtls_ct_memcmp:-1:5:2 + +mbedtls_ct_memcmp len 5 offset 3 +mbedtls_ct_memcmp:-1:5:3 + +mbedtls_ct_memcmp len 17 offset 1 +mbedtls_ct_memcmp:-1:17:1 + mbedtls_ct_memcmp len 17 offset 2 -mbedtls_ct_memcmp:1:17:2 +mbedtls_ct_memcmp:-1:17:2 mbedtls_ct_memcmp len 17 offset 3 -mbedtls_ct_memcmp:1:17:3 +mbedtls_ct_memcmp:-1:17:3 mbedtls_ct_memcpy_if_eq len 1 offset 0 mbedtls_ct_memcpy_if_eq:1:1:0 diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index aa605d2fe7..167962fb4a 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -35,9 +35,17 @@ void mbedtls_ct_memcmp(int same, int size, int offset) TEST_CF_SECRET(a + offset, size); TEST_CF_SECRET(b + offset, size); + /* Construct data that matches, if same == -1, otherwise + * same gives the number of bytes (after the initial offset) + * that will match; after that it will differ. + */ for (int i = 0; i < size + offset; i++) { a[i] = i & 0xff; - b[i] = (i & 0xff) + (same ? 0 : 1); + if (same == -1 || (i - offset) < same) { + b[i] = a[i]; + } else { + b[i] = (i + 1) & 0xff; + } } int reference = memcmp(a + offset, b + offset, size); @@ -45,7 +53,7 @@ void mbedtls_ct_memcmp(int same, int size, int offset) TEST_CF_PUBLIC(a + offset, size); TEST_CF_PUBLIC(b + offset, size); - if (same != 0) { + if (same == -1 || same >= size) { TEST_ASSERT(reference == 0); TEST_ASSERT(actual == 0); } else {