mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 16:35:41 +01:00
Add early return test + fake implementation
This commit is contained in:
parent
054433c493
commit
510d5caece
@ -99,6 +99,22 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops )
|
||||
{
|
||||
ecp_max_ops = max_ops;
|
||||
}
|
||||
|
||||
/*
|
||||
* Saved context type for restarting operations.
|
||||
*
|
||||
* XXX: this is a temporary place for the definition
|
||||
*/
|
||||
typedef struct {
|
||||
unsigned char fake_it; /* for tests: should we fake early return? */
|
||||
} ecp_restart_context;
|
||||
|
||||
/*
|
||||
* Saved context fro restarting operations.
|
||||
*
|
||||
* XXX: temporary place for the allocation
|
||||
*/
|
||||
static ecp_restart_context ecp_restart;
|
||||
#endif /* MBEDTLS_ECP_EARLY_RETURN */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
|
||||
@ -1376,6 +1392,11 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
mbedtls_ecp_point *T;
|
||||
mbedtls_mpi M, mm;
|
||||
|
||||
#if defined(MBEDTLS_ECP_EARLY_RETURN)
|
||||
if( ecp_restart.fake_it++ != 0 && ecp_max_ops != 0 )
|
||||
return( MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_init( &M );
|
||||
mbedtls_mpi_init( &mm );
|
||||
|
||||
|
@ -344,3 +344,11 @@ ecp_test_vect:MBEDTLS_ECP_DP_SECP256K1:"923C6D4756CD940CD1E13A359F6E0F0698791938
|
||||
|
||||
ECP selftest
|
||||
ecp_selftest:
|
||||
|
||||
ECP early return secp256r1 restart disabled
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0
|
||||
|
||||
ECP early return secp256r1 restart enabled
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":1:1:5000
|
||||
|
@ -51,6 +51,107 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECP_EARLY_RETURN */
|
||||
void ecp_test_vect_restart( int id,
|
||||
char *dA_str, char *xA_str, char *yA_str,
|
||||
char *dB_str, char *xZ_str, char *yZ_str,
|
||||
int max_ops, int min_restarts, int max_restarts )
|
||||
{
|
||||
/*
|
||||
* Test for early restart. Based on test vectors like ecp_test_vect(),
|
||||
* but for the sake of simplicity only does half of each side. It's
|
||||
* important to test both base point and random point, though, as memory
|
||||
* management is different in each case.
|
||||
*
|
||||
* Don't try using too precise bounds for restarts as the exact number
|
||||
* will depend on settings such as MBEDTLS_ECP_FIXED_POINT_OPTIM and
|
||||
* MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
|
||||
* change in the future. A factor 2 is a minimum safety margin.
|
||||
*
|
||||
* For reference, with mbed TLS 2.4 and default settings, for P-256:
|
||||
* - Random point mult: ~3600M
|
||||
* - Cold base point mult: ~3600M
|
||||
* - Hot base point mult: ~1200M
|
||||
* With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum):
|
||||
* - Random point mult: ~4200M
|
||||
*/
|
||||
mbedtls_ecp_group grp;
|
||||
mbedtls_ecp_point R;
|
||||
mbedtls_mpi dA, xA, yA, dB, xZ, yZ;
|
||||
int cnt_restarts;
|
||||
int ret;
|
||||
|
||||
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
|
||||
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA );
|
||||
mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
|
||||
|
||||
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
|
||||
|
||||
mbedtls_ecp_set_max_ops( (unsigned) max_ops );
|
||||
|
||||
/* Base point case */
|
||||
cnt_restarts = 0;
|
||||
do {
|
||||
ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL );
|
||||
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
cnt_restarts++;
|
||||
}
|
||||
while( ret != 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
|
||||
|
||||
TEST_ASSERT( cnt_restarts >= min_restarts );
|
||||
TEST_ASSERT( cnt_restarts <= max_restarts );
|
||||
|
||||
/* Do we leak memory when doing it twice in a row? */
|
||||
do {
|
||||
ret = mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, NULL, NULL );
|
||||
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
}
|
||||
while( ret != 0 );
|
||||
|
||||
/* Non-base point case */
|
||||
cnt_restarts = 0;
|
||||
do {
|
||||
ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL );
|
||||
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
cnt_restarts++;
|
||||
}
|
||||
while( ret != 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
|
||||
|
||||
TEST_ASSERT( cnt_restarts >= min_restarts );
|
||||
TEST_ASSERT( cnt_restarts <= max_restarts );
|
||||
|
||||
/* Do we leak memory when doing it twice in a row? */
|
||||
do {
|
||||
ret = mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL );
|
||||
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
}
|
||||
while( ret != 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R );
|
||||
mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA );
|
||||
mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str,
|
||||
char *dB_str, char *xB_str, char *yB_str, char *xZ_str,
|
||||
|
Loading…
Reference in New Issue
Block a user