/* BEGIN_HEADER */ /** \file test_suite_constant_time.function * * Functional testing of functions in the constant_time module. * * The tests are instrumented with #TEST_CF_SECRET and #TEST_CF_PUBLIC * (see tests/include/test/constant_flow.h) so that running the tests * under MSan or Valgrind will detect a non-constant-time implementation. */ #include #include #include #include /* END_HEADER */ /* BEGIN_CASE */ void mbedtls_ct_memcmp_null() { uint32_t x = 0; TEST_ASSERT(mbedtls_ct_memcmp(&x, NULL, 0) == 0); TEST_ASSERT(mbedtls_ct_memcmp(NULL, &x, 0) == 0); TEST_ASSERT(mbedtls_ct_memcmp(NULL, NULL, 0) == 0); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ct_memcmp(int same, int size, int offset) { uint8_t *a = NULL, *b = NULL; ASSERT_ALLOC(a, size + offset); ASSERT_ALLOC(b, size + offset); TEST_CF_SECRET(a + offset, size); TEST_CF_SECRET(b + offset, size); /* Construct data that matches, if same == -1, otherwise * same gives the number of bytes (after the initial offset) * that will match; after that it will differ. */ for (int i = 0; i < size + offset; i++) { a[i] = i & 0xff; if (same == -1 || (i - offset) < same) { b[i] = a[i]; } else { b[i] = (i + 1) & 0xff; } } int reference = memcmp(a + offset, b + offset, size); int actual = mbedtls_ct_memcmp(a + offset, b + offset, size); TEST_CF_PUBLIC(a + offset, size); TEST_CF_PUBLIC(b + offset, size); if (same == -1 || same >= size) { TEST_ASSERT(reference == 0); TEST_ASSERT(actual == 0); } else { TEST_ASSERT(reference != 0); TEST_ASSERT(actual != 0); } exit: mbedtls_free(a); mbedtls_free(b); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */ void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) { uint8_t *src = NULL, *result = NULL, *expected = NULL; ASSERT_ALLOC(src, size + offset); ASSERT_ALLOC(result, size + offset); ASSERT_ALLOC(expected, size + offset); for (int i = 0; i < size + offset; i++) { src[i] = 1; result[i] = 0xff; expected[i] = eq ? 1 : 0xff; } int one, secret_eq; TEST_CF_SECRET(&one, sizeof(one)); TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); one = 1; secret_eq = eq; mbedtls_ct_memcpy_if_eq(result + offset, src, size, secret_eq, one); TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); ASSERT_COMPARE(expected, size, result + offset, size); for (int i = 0; i < size + offset; i++) { src[i] = 1; result[i] = 0xff; expected[i] = eq ? 1 : 0xff; } TEST_CF_SECRET(&one, sizeof(one)); TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); one = 1; secret_eq = eq; mbedtls_ct_memcpy_if_eq(result, src + offset, size, secret_eq, one); TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); ASSERT_COMPARE(expected, size, result, size); exit: mbedtls_free(src); mbedtls_free(result); mbedtls_free(expected); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) { unsigned char *dst = NULL; unsigned char *src = NULL; size_t src_len = offset_max + len; size_t secret; ASSERT_ALLOC(dst, len); ASSERT_ALLOC(src, src_len); /* Fill src in a way that we can detect if we copied the right bytes */ mbedtls_test_rnd_std_rand(NULL, src, src_len); for (secret = offset_min; secret <= (size_t) offset_max; secret++) { mbedtls_test_set_step((int) secret); TEST_CF_SECRET(&secret, sizeof(secret)); mbedtls_ct_memcpy_offset(dst, src, secret, offset_min, offset_max, len); TEST_CF_PUBLIC(&secret, sizeof(secret)); TEST_CF_PUBLIC(dst, len); ASSERT_COMPARE(dst, len, src + secret, len); } exit: mbedtls_free(dst); mbedtls_free(src); } /* END_CASE */