yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename uint->bool operators to reflect input types

Browse source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2023-08-10 11:58:18 +01:00
parent 4dd89310e9
commit b7825ceb3e
9 changed files with 44 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
library/bignum.c
View file

@ -1728,7 +1728,7 @@ static int mpi_select(mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_
for (size_t i = 0; i < T_size; i++) {
MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i],
(unsigned char) mbedtls_ct_bool_eq(i, idx)));
(unsigned char) mbedtls_ct_uint_eq(i, idx)));
}
cleanup:
return ret;

8
library/bignum_core.c
View file

@ -149,7 +149,7 @@ mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
size_t A_limbs)
{
/* min <= least significant limb? */
mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_bool_ge(A[0], min);
mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_uint_ge(A[0], min);
/* limbs other than the least significant one are all zero? */
mbedtls_ct_condition_t msll_mask = MBEDTLS_CT_FALSE;
@ -176,7 +176,7 @@ mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
cond = mbedtls_ct_bool_lt(B[i - 1], A[i - 1]);
cond = mbedtls_ct_uint_lt(B[i - 1], A[i - 1]);
done = mbedtls_ct_bool_or(done, cond);
/*
@ -185,7 +185,7 @@ mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
cond = mbedtls_ct_bool_lt(A[i - 1], B[i - 1]);
cond = mbedtls_ct_uint_lt(A[i - 1], B[i - 1]);
ret = mbedtls_ct_bool_or(ret, mbedtls_ct_bool_and(cond, mbedtls_ct_bool_not(done)));
done = mbedtls_ct_bool_or(done, cond);
}
@ -634,7 +634,7 @@ void mbedtls_mpi_core_ct_uint_table_lookup(mbedtls_mpi_uint *dest,
size_t index)
{
for (size_t i = 0; i < count; i++, table += limbs) {
mbedtls_ct_condition_t assign = mbedtls_ct_bool_eq(i, index);
mbedtls_ct_condition_t assign = mbedtls_ct_uint_eq(i, index);
mbedtls_mpi_core_cond_assign(dest, table, limbs, assign);
}
}

4
library/constant_time.c
View file

@ -131,7 +131,7 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset)
{
volatile unsigned char *buf = start;
for (size_t i = 0; i < total; i++) {
mbedtls_ct_condition_t no_op = mbedtls_ct_bool_gt(total - offset, i);
mbedtls_ct_condition_t no_op = mbedtls_ct_uint_gt(total - offset, i);
/* The first `total - offset` passes are a no-op. The last
* `offset` passes shift the data one byte to the left and
* zero out the last byte. */
@ -188,7 +188,7 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest,
size_t offsetval;
for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offsetval, offset), dest, src + offsetval, NULL,
mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offsetval, offset), dest, src + offsetval, NULL,
len);
}
}

20
library/constant_time_impl.h
View file

@ -143,7 +143,7 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition,
return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0));
}
static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
{
/* Ensure that the compiler cannot optimise the following operations over x and y,
* even if it knows the value of x and y.
@ -175,7 +175,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbe
return mbedtls_ct_bool(ret);
}
static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
{
/* diff = 0 if x == y, non-zero otherwise */
const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y);
@ -252,28 +252,28 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t co
#endif /* MBEDTLS_BIGNUM_C */
static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y)
{
return ~mbedtls_ct_bool_ne(x, y);
return ~mbedtls_ct_uint_ne(x, y);
}
static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y)
{
return mbedtls_ct_bool_lt(y, x);
return mbedtls_ct_uint_lt(y, x);
}
static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y)
{
return ~mbedtls_ct_bool_lt(x, y);
return ~mbedtls_ct_uint_lt(x, y);
}
static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y)
{
return ~mbedtls_ct_bool_gt(x, y);
return ~mbedtls_ct_uint_gt(x, y);
}
static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x,

15
library/constant_time_internal.h
View file

@ -37,10 +37,11 @@
* It has three main parts:
*
* - boolean operations
* These are all named mbedtls_ct_bool_<operation>, and operate over
* These are all named mbedtls_ct_<type>_<operation>, and operate over
* mbedtls_ct_condition_t.
* All arguments are considered secret.
* example: bool x = y | z => x = mbedtls_ct_bool_or(y, z)
* example: bool x = y == z => x = mbedtls_ct_uint_eq(y, z)
*
* - conditional data selection
* These are all named mbedtls_ct_<type>_if and mbedtls_ct_<type>_if0
@ -118,7 +119,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x);
*
* \return MBEDTLS_CT_TRUE if \p x != \p y, otherwise MBEDTLS_CT_FALSE.
*/
static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
/** Boolean "equals" operation.
*
@ -131,7 +132,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbe
*
* \return MBEDTLS_CT_TRUE if \p x == \p y, otherwise MBEDTLS_CT_FALSE.
*/
static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y);
/** Boolean "less than" operation.
@ -145,7 +146,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x,
*
* \return MBEDTLS_CT_TRUE if \p x < \p y, otherwise MBEDTLS_CT_FALSE.
*/
static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
/** Boolean "greater than" operation.
*
@ -158,7 +159,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbe
*
* \return MBEDTLS_CT_TRUE if \p x > \p y, otherwise MBEDTLS_CT_FALSE.
*/
static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y);
/** Boolean "greater or equal" operation.
@ -173,7 +174,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x,
* \return MBEDTLS_CT_TRUE if \p x >= \p y,
* otherwise MBEDTLS_CT_FALSE.
*/
static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y);
/** Boolean "less than or equal" operation.
@ -188,7 +189,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x,
* \return MBEDTLS_CT_TRUE if \p x <= \p y,
* otherwise MBEDTLS_CT_FALSE.
*/
static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x,
static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
mbedtls_ct_uint_t y);
/** Boolean "xor" operation.

8
library/rsa.c
View file

@ -120,13 +120,13 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
/* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
* where PS must be at least 8 nonzero bytes. */
bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_ne(input[1], MBEDTLS_RSA_CRYPT));
bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(input[1], MBEDTLS_RSA_CRYPT));
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count. */
pad_done = MBEDTLS_CT_FALSE;
for (i = 2; i < ilen; i++) {
mbedtls_ct_condition_t found = mbedtls_ct_bool_eq(input[i], 0);
mbedtls_ct_condition_t found = mbedtls_ct_uint_eq(input[i], 0);
pad_done = mbedtls_ct_bool_or(pad_done, found);
pad_count += mbedtls_ct_uint_if0(mbedtls_ct_bool_not(pad_done), 1);
}
@ -135,7 +135,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_not(pad_done));
/* There must be at least 8 bytes of padding. */
bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_gt(8, pad_count));
bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_gt(8, pad_count));
/* If the padding is valid, set plaintext_size to the number of
* remaining bytes after stripping the padding. If the padding
@ -150,7 +150,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
/* Set output_too_large to 0 if the plaintext fits in the output
* buffer and to 1 otherwise. */
output_too_large = mbedtls_ct_bool_gt(plaintext_size,
output_too_large = mbedtls_ct_uint_gt(plaintext_size,
plaintext_max_size);
/* Set ret without branches to avoid timing attacks. Return:

12
library/ssl_msg.c
View file

@ -257,7 +257,7 @@ int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
MD_CHK(mbedtls_md_clone(&aux, ctx));
MD_CHK(mbedtls_md_finish(&aux, aux_out));
/* Keep only the correct inner_hash in the output buffer */
mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret),
mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret),
output, aux_out, NULL, hash_size);
if (offset < max_data_len) {
@ -1918,7 +1918,7 @@ hmac_failed_etm_enabled:
padlen = data[rec->data_len - 1];
if (auth_done == 1) {
const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge(
const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
rec->data_len,
padlen + 1);
correct = mbedtls_ct_size_if0(ge, correct);
@ -1934,7 +1934,7 @@ hmac_failed_etm_enabled:
padlen + 1));
}
#endif
const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge(
const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
rec->data_len,
transform->maclen + padlen + 1);
correct = mbedtls_ct_size_if0(ge, correct);
@ -1967,13 +1967,13 @@ hmac_failed_etm_enabled:
/* pad_count += (idx >= padding_idx) &&
* (check[idx] == padlen - 1);
*/
const mbedtls_ct_condition_t a = mbedtls_ct_bool_ge(idx, padding_idx);
const mbedtls_ct_condition_t a = mbedtls_ct_uint_ge(idx, padding_idx);
size_t increment = mbedtls_ct_size_if0(a, 1);
const mbedtls_ct_condition_t b = mbedtls_ct_bool_eq(check[idx], padlen - 1);
const mbedtls_ct_condition_t b = mbedtls_ct_uint_eq(check[idx], padlen - 1);
increment = mbedtls_ct_size_if0(b, increment);
pad_count += increment;
}
correct = mbedtls_ct_size_if0(mbedtls_ct_bool_eq(pad_count, padlen), padlen);
correct = mbedtls_ct_size_if0(mbedtls_ct_uint_eq(pad_count, padlen), padlen);
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if (padlen > 0 && correct == 0) {

6
library/ssl_tls12_server.c
View file

@ -3537,9 +3537,9 @@ static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl,
* padding, to protect against timing-based Bleichenbacher-type
* attacks. */
diff = mbedtls_ct_bool(ret);
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pmslen, 48));
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[0], ver[0]));
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[1], ver[1]));
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48));
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0]));
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1]));
/*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding

12
tests/suites/test_suite_constant_time.function
View file

@ -60,22 +60,22 @@ void mbedtls_ct_bool_xxx(char *x_str, char *y_str)
TEST_EQUAL(mbedtls_ct_bool_not(mbedtls_ct_bool(x)), expected);
expected = x1 != y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_ne(x, y), expected);
TEST_EQUAL(mbedtls_ct_uint_ne(x, y), expected);
expected = x1 == y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_eq(x, y), expected);
TEST_EQUAL(mbedtls_ct_uint_eq(x, y), expected);
expected = x1 > y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_gt(x, y), expected);
TEST_EQUAL(mbedtls_ct_uint_gt(x, y), expected);
expected = x1 < y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_lt(x, y), expected);
TEST_EQUAL(mbedtls_ct_uint_lt(x, y), expected);
expected = x1 >= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_ge(x, y), expected);
TEST_EQUAL(mbedtls_ct_uint_ge(x, y), expected);
expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_le(x, y), expected);
TEST_EQUAL(mbedtls_ct_uint_le(x, y), expected);
expected = (!!x1) ^ (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_xor(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected);