From 30f3b4d60112ffe68cc162cc01938b84d18c9960 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 12 Dec 2022 16:54:57 +0000 Subject: [PATCH] Add mbedtls_mpi_core_check_zero_ct() and tests Signed-off-by: Tom Cosgrove --- library/bignum_core.c | 11 +++++++++++ library/bignum_core.h | 13 +++++++++++++ scripts/mbedtls_dev/bignum_core.py | 14 ++++++++++++++ tests/suites/test_suite_bignum_core.function | 19 +++++++++++++++++++ 4 files changed, 57 insertions(+) diff --git a/library/bignum_core.c b/library/bignum_core.c index 1ce84574e..75cce0577 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -742,6 +742,17 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X, return( c ); } +mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A, + size_t limbs ) +{ + mbedtls_mpi_uint bits = 0; + + for( size_t i = 0; i < limbs; i++ ) + bits |= A[i]; + + return( bits ); +} + /* END MERGE SLOT 3 */ /* BEGIN MERGE SLOT 4 */ diff --git a/library/bignum_core.h b/library/bignum_core.h index b7af4d0aa..7f5375ee1 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -572,6 +572,19 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X, mbedtls_mpi_uint b, size_t limbs ); +/** + * \brief Determine if a given MPI has the value \c 0 in constant time with + * respect to the value (but not with respect to the number of limbs). + * + * \param[in] A The MPI to test. + * \param limbs Number of limbs in \p A. + * + * \return 0 if `A == 0` + * non-0 (may be any value) if `A != 0`. + */ +mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A, + size_t limbs ); + /* END MERGE SLOT 3 */ /* BEGIN MERGE SLOT 4 */ diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 158ada99d..1a8c22bfa 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -818,6 +818,20 @@ class BignumCoreSubInt(BignumCoreTarget, bignum_common.OperationCommon): str(-borrow) ] +class BignumCoreZeroCheckCT(BignumCoreTarget, bignum_common.OperationCommon): + """Test cases for bignum core zero check (constant flow).""" + count = 0 + symbol = "== 0" + test_function = "mpi_core_check_zero_ct" + test_name = "mpi_core_check_zero_ct" + input_style = "variable" + arity = 1 + suffix = True + + def result(self) -> List[str]: + result = 1 if self.int_a == 0 else 0 + return [str(result)] + # END MERGE SLOT 3 # BEGIN MERGE SLOT 4 diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 78721158f..9392f51d5 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -1162,6 +1162,25 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mpi_core_check_zero_ct( char *input_X, int expected_is_zero ) +{ + mbedtls_mpi_uint *X = NULL; + size_t X_limbs; + + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &X, &X_limbs, input_X ) ); + + TEST_CF_SECRET( X, X_limbs * sizeof( mbedtls_mpi_uint ) ); + + mbedtls_mpi_uint check = mbedtls_mpi_core_check_zero_ct( X, X_limbs ); + int is_zero = (check == 0); + TEST_EQUAL( is_zero, expected_is_zero ); + +exit: + mbedtls_free( X ); +} +/* END_CASE */ + /* END MERGE SLOT 3 */ /* BEGIN MERGE SLOT 4 */