Add mbedtls_mpi_core_check_zero_ct() and tests

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-12 16:54:57 +00:00 · 2022-12-12 16:54:57 +00:00 · 30f3b4d601
commit 30f3b4d601
parent e9ffb6c8e9
4 changed files with 57 additions and 0 deletions
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@ -742,6 +742,17 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X,
    return( c );
 }

+mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
+                                                 size_t limbs )
+{
+    mbedtls_mpi_uint bits = 0;
+
+    for( size_t i = 0; i < limbs; i++ )
+        bits |= A[i];
+
+    return( bits );
+}
+
 /* END MERGE SLOT 3 */

 /* BEGIN MERGE SLOT 4 */
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@ -572,6 +572,19 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X,
                                           mbedtls_mpi_uint b,
                                           size_t limbs );

+/**
+ * \brief Determine if a given MPI has the value \c 0 in constant time with
+ *        respect to the value (but not with respect to the number of limbs).
+ *
+ * \param[in] A   The MPI to test.
+ * \param limbs   Number of limbs in \p A.
+ *
+ * \return        0 if `A == 0`
+ *                non-0 (may be any value) if `A != 0`.
+ */
+mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
+                                                 size_t limbs );
+
 /* END MERGE SLOT 3 */

 /* BEGIN MERGE SLOT 4 */
--- a/scripts/mbedtls_dev/bignum_core.py
+++ b/scripts/mbedtls_dev/bignum_core.py
@ -818,6 +818,20 @@ class BignumCoreSubInt(BignumCoreTarget, bignum_common.OperationCommon):
            str(-borrow)
        ]

+class BignumCoreZeroCheckCT(BignumCoreTarget, bignum_common.OperationCommon):
+    """Test cases for bignum core zero check (constant flow)."""
+    count = 0
+    symbol = "== 0"
+    test_function = "mpi_core_check_zero_ct"
+    test_name = "mpi_core_check_zero_ct"
+    input_style = "variable"
+    arity = 1
+    suffix = True
+
+    def result(self) -> List[str]:
+        result = 1 if self.int_a == 0 else 0
+        return [str(result)]
+
 # END MERGE SLOT 3

 # BEGIN MERGE SLOT 4
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@ -1162,6 +1162,25 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE */
+void mpi_core_check_zero_ct( char *input_X, int expected_is_zero )
+{
+    mbedtls_mpi_uint *X = NULL;
+    size_t X_limbs;
+
+    TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &X, &X_limbs, input_X ) );
+
+    TEST_CF_SECRET( X, X_limbs * sizeof( mbedtls_mpi_uint ) );
+
+    mbedtls_mpi_uint check = mbedtls_mpi_core_check_zero_ct( X, X_limbs );
+    int is_zero = (check == 0);
+    TEST_EQUAL( is_zero, expected_is_zero );
+
+exit:
+    mbedtls_free( X );
+}
+/* END_CASE */
+
 /* END MERGE SLOT 3 */

 /* BEGIN MERGE SLOT 4 */