yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 11:35:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add early return test + fake implementation

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-03-08 11:41:47 +01:00
parent 054433c493
commit 510d5caece
3 changed files with 130 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
library/ecp.c
View File

@ -99,6 +99,22 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops )
{
ecp_max_ops = max_ops;
}
/*
* Saved context type for restarting operations.
*
* XXX: this is a temporary place for the definition
*/
typedef struct {
unsigned char fake_it; /* for tests: should we fake early return? */
} ecp_restart_context;
/*
* Saved context fro restarting operations.
*
* XXX: temporary place for the allocation
*/
static ecp_restart_context ecp_restart;
#endif /* MBEDTLS_ECP_EARLY_RETURN */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
@ -1376,6 +1392,11 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
mbedtls_ecp_point *T;
mbedtls_mpi M, mm;
#if defined(MBEDTLS_ECP_EARLY_RETURN)
if( ecp_restart.fake_it++ != 0 && ecp_max_ops != 0 )
return( MBEDTLS_ERR_ECP_IN_PROGRESS );
#endif
mbedtls_mpi_init( &M );
mbedtls_mpi_init( &mm );

8
tests/suites/test_suite_ecp.data
View File

@ -344,3 +344,11 @@ ecp_test_vect:MBEDTLS_ECP_DP_SECP256K1:"923C6D4756CD940CD1E13A359F6E0F0698791938
ECP selftest
ecp_selftest:
ECP early return secp256r1 restart disabled
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0
ECP early return secp256r1 restart enabled
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":1:1:5000

101
tests/suites/test_suite_ecp.function
View File

@ -51,6 +51,107 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_EARLY_RETURN */
void ecp_test_vect_restart( int id,
char *dA_str, char *xA_str, char *yA_str,
char *dB_str, char *xZ_str, char *yZ_str,
int max_ops, int min_restarts, int max_restarts )
{
/*
* Test for early restart. Based on test vectors like ecp_test_vect(),
* but for the sake of simplicity only does half of each side. It's
* important to test both base point and random point, though, as memory
* management is different in each case.
*
* Don't try using too precise bounds for restarts as the exact number
* will depend on settings such as MBEDTLS_ECP_FIXED_POINT_OPTIM and
* MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
* change in the future. A factor 2 is a minimum safety margin.
*
* For reference, with mbed TLS 2.4 and default settings, for P-256:
* - Random point mult: ~3600M
* - Cold base point mult: ~3600M
* - Hot base point mult: ~1200M
* With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum):
* - Random point mult: ~4200M
*/
mbedtls_ecp_group grp;
mbedtls_ecp_point R;
mbedtls_mpi dA, xA, yA, dB, xZ, yZ;
int cnt_restarts;
int ret;
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA );
mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
mbedtls_ecp_set_max_ops( (unsigned) max_ops );
/* Base point case */
cnt_restarts = 0;
do {
ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
cnt_restarts++;
}
while( ret != 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
TEST_ASSERT( cnt_restarts >= min_restarts );
TEST_ASSERT( cnt_restarts <= max_restarts );
/* Do we leak memory when doing it twice in a row? */
do {
ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
}
while( ret != 0 );
/* Non-base point case */
cnt_restarts = 0;
do {
ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
cnt_restarts++;
}
while( ret != 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
TEST_ASSERT( cnt_restarts >= min_restarts );
TEST_ASSERT( cnt_restarts <= max_restarts );
/* Do we leak memory when doing it twice in a row? */
do {
ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
}
while( ret != 0 );
exit:
mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R );
mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA );
mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ );
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str,
char *dB_str, char *xB_str, char *yB_str, char *xZ_str,