From 93b3228d42559d6cc54d5e1352fa126bdf7c642e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 21 Sep 2023 11:29:41 +0100 Subject: [PATCH] Add tests for mbedtls_ct_error_if Signed-off-by: Dave Rodgman --- tests/suites/test_suite_constant_time.data | 25 +++++++++++++++++++ .../suites/test_suite_constant_time.function | 18 +++++++++++++ 2 files changed, 43 insertions(+) diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data index 82ee869e4c..fcd168990c 100644 --- a/tests/suites/test_suite_constant_time.data +++ b/tests/suites/test_suite_constant_time.data @@ -646,6 +646,31 @@ mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffffffffffff" mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffffffffffff mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffffffffffff" +# These values exercise the case where an argument to mbedtls_ct_error_if is INT_MIN +mbedtls_ct_if 1 0x80000000 0xffffffff +mbedtls_ct_if:"1":"0x80000000":"0xffffffff" + +mbedtls_ct_if 1 0xffffffff 0x80000000 +mbedtls_ct_if:"1":"0xffffffff":"0x80000000" + +mbedtls_ct_if 0 0x80000000 0xffffffff +mbedtls_ct_if:"0":"0x80000000":"0xffffffff" + +mbedtls_ct_if 0 0xffffffff 0x80000000 +mbedtls_ct_if:"0":"0xffffffff":"0x80000000" + +mbedtls_ct_if 1 0x8000000000000000 0xffffffffffffffff +mbedtls_ct_if:"1":"0x8000000000000000":"0xffffffffffffffff" + +mbedtls_ct_if 1 0xffffffffffffffff 0x8000000000000000 +mbedtls_ct_if:"1":"0xffffffffffffffff":"0x8000000000000000" + +mbedtls_ct_if 0 0x8000000000000000 0xffffffffffffffff +mbedtls_ct_if:"0":"0x8000000000000000":"0xffffffffffffffff" + +mbedtls_ct_if 0 0xffffffffffffffff 0x8000000000000000 +mbedtls_ct_if:"0":"0xffffffffffffffff":"0x8000000000000000" + mbedtls_ct_zeroize_if 0x0 0 mbedtls_ct_zeroize_if:"0x0":0 diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 3d5fa7ff41..ffcd4d1020 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -124,9 +124,22 @@ void mbedtls_ct_if(char *c_str, char *t_str, char *f_str) mbedtls_ct_uint_t expected = c ? t : f; mbedtls_ct_uint_t expected0 = c ? t : 0; + /* Avoid UB by checking that -t will fit in an int, i.e., + * t <= abs(INT_MIN), and similar for f. + * Define ABS_INT_MIN in a way that avoids UB, then use it to + * check t and f before making them negative. + */ + #define ABS_INT_MIN (UINT_MAX - ((unsigned int)(INT_MIN)) + 1U) + int t_neg = t <= ABS_INT_MIN ? -t : INT_MIN; + int f_neg = f <= ABS_INT_MIN ? -f : INT_MIN; + int expected0_neg = c ? t_neg : 0; + int expected_neg = c ? t_neg : f_neg; + TEST_CF_SECRET(&c, sizeof(c)); TEST_CF_SECRET(&t, sizeof(t)); TEST_CF_SECRET(&f, sizeof(f)); + TEST_CF_SECRET(&t_neg, sizeof(t)); + TEST_CF_SECRET(&f_neg, sizeof(f)); TEST_EQUAL(mbedtls_ct_if(c, t, f), expected); TEST_EQUAL(mbedtls_ct_size_if(c, t, f), (size_t) expected); @@ -144,9 +157,14 @@ void mbedtls_ct_if(char *c_str, char *t_str, char *f_str) TEST_EQUAL(mbedtls_ct_mpi_uint_if_else_0(c, t), (mbedtls_mpi_uint) expected0); #endif + TEST_EQUAL(mbedtls_ct_error_if_else_0(c, t_neg), expected0_neg); + TEST_EQUAL(mbedtls_ct_error_if(c, t_neg, f_neg), expected_neg); + TEST_CF_PUBLIC(&c, sizeof(c)); TEST_CF_PUBLIC(&t, sizeof(t)); TEST_CF_PUBLIC(&f, sizeof(f)); + TEST_CF_PUBLIC(&t_neg, sizeof(t_neg)); + TEST_CF_PUBLIC(&f_neg, sizeof(f_neg)); } /* END_CASE */