From 7b3024e7913d58e6341f42e717e5dd29d6bd5584 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 30 May 2024 16:41:47 +0000 Subject: [PATCH 1/2] Change mbedtls_mpi_core_exp_mod to constant time Signed-off-by: Waleed Elmelegy --- library/bignum_core.h | 3 +++ tests/suites/test_suite_bignum_core.function | 21 ++++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 818ca7a208..51ecca5ff7 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -621,6 +621,9 @@ size_t mbedtls_mpi_core_exp_mod_working_limbs(size_t AN_limbs, size_t E_limbs); * \p X may be aliased to \p A, but not to \p RR or \p E, even if \p E_limbs == * \p AN_limbs. * + * This function operates in constant time with respect + * to the values of \p A, \p N and \p E. + * * \param[out] X The destination MPI, as a little endian array of length * \p AN_limbs. * \param[in] A The base MPI, as a little endian array of length \p AN_limbs. diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index be947578c0..cd808030a6 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -1302,14 +1302,31 @@ void mpi_core_exp_mod(char *input_N, char *input_A, working_limbs); TEST_CALLOC(T, working_limbs); - +#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint)); + TEST_CF_SECRET(N, N_limbs * sizeof(mbedtls_mpi_uint)); + TEST_CF_SECRET(E, E_limbs * sizeof(mbedtls_mpi_uint)); +#endif mbedtls_mpi_core_exp_mod(Y, A, N, N_limbs, E, E_limbs, R2, T); +#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + TEST_CF_PUBLIC(Y, N_limbs * sizeof(mbedtls_mpi_uint)); + TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint)); + TEST_CF_PUBLIC(N, N_limbs * sizeof(mbedtls_mpi_uint)); + TEST_CF_PUBLIC(E, E_limbs * sizeof(mbedtls_mpi_uint)); +#endif TEST_EQUAL(0, memcmp(X, Y, N_limbs * sizeof(mbedtls_mpi_uint))); +#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint)); + TEST_CF_SECRET(N, N_limbs * sizeof(mbedtls_mpi_uint)); + TEST_CF_SECRET(E, E_limbs * sizeof(mbedtls_mpi_uint)); +#endif /* Check when output aliased to input */ - mbedtls_mpi_core_exp_mod(A, A, N, N_limbs, E, E_limbs, R2, T); +#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint)); +#endif TEST_EQUAL(0, memcmp(X, A, N_limbs * sizeof(mbedtls_mpi_uint))); From 7ac7f82053aa2a89084fe91420a5673177113342 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 25 Jun 2024 09:45:19 +0000 Subject: [PATCH 2/2] Change mpi_core_exp_mod() constant time testing to be clearer Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_bignum_core.function | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index cd808030a6..89c2282207 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -1302,18 +1302,16 @@ void mpi_core_exp_mod(char *input_N, char *input_A, working_limbs); TEST_CALLOC(T, working_limbs); + + /* Temporary because MEMSAN doesn't support assembly implementation see #1243 */ #if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint)); TEST_CF_SECRET(N, N_limbs * sizeof(mbedtls_mpi_uint)); TEST_CF_SECRET(E, E_limbs * sizeof(mbedtls_mpi_uint)); #endif mbedtls_mpi_core_exp_mod(Y, A, N, N_limbs, E, E_limbs, R2, T); -#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + TEST_CF_PUBLIC(Y, N_limbs * sizeof(mbedtls_mpi_uint)); - TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint)); - TEST_CF_PUBLIC(N, N_limbs * sizeof(mbedtls_mpi_uint)); - TEST_CF_PUBLIC(E, E_limbs * sizeof(mbedtls_mpi_uint)); -#endif TEST_EQUAL(0, memcmp(X, Y, N_limbs * sizeof(mbedtls_mpi_uint))); @@ -1324,10 +1322,8 @@ void mpi_core_exp_mod(char *input_N, char *input_A, #endif /* Check when output aliased to input */ mbedtls_mpi_core_exp_mod(A, A, N, N_limbs, E, E_limbs, R2, T); -#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) - TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint)); -#endif + TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint)); TEST_EQUAL(0, memcmp(X, A, N_limbs * sizeof(mbedtls_mpi_uint))); exit: