mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 21:55:41 +01:00
Added a selftest about SPA resistance
This commit is contained in:
Manuel Pégourié-Gonnard
Paul Bakker
parent
9674fd0d5e
commit
b4a310b472
@ -38,6 +38,14 @@
|
|||||||
#include "polarssl/ecp.h"
|
#include "polarssl/ecp.h"
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SELF_TEST)
|
||||||
|
/*
|
||||||
|
* Counts of point addition and doubling operations.
|
||||||
|
* Used to test resistance of point multiplication to SPA/timing attacks.
|
||||||
|
*/
|
||||||
|
unsigned long add_count, dbl_count;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize (the components of) a point
|
* Initialize (the components of) a point
|
||||||
*/
|
*/
|
||||||
@ -505,6 +513,10 @@ static int ecp_double_jac( const ecp_group *grp, ecp_point *R,
|
|||||||
int ret;
|
int ret;
|
||||||
mpi T1, T2, T3, X, Y, Z;
|
mpi T1, T2, T3, X, Y, Z;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SELF_TEST)
|
||||||
|
dbl_count++;
|
||||||
|
#endif
|
||||||
|
|
||||||
if( mpi_cmp_int( &P->Z, 0 ) == 0 )
|
if( mpi_cmp_int( &P->Z, 0 ) == 0 )
|
||||||
return( ecp_set_zero( R ) );
|
return( ecp_set_zero( R ) );
|
||||||
|
|
||||||
@ -567,6 +579,10 @@ static int ecp_add_mixed( const ecp_group *grp, ecp_point *R,
|
|||||||
int ret;
|
int ret;
|
||||||
mpi T1, T2, T3, T4, X, Y, Z;
|
mpi T1, T2, T3, T4, X, Y, Z;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SELF_TEST)
|
||||||
|
add_count++;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Trivial cases: P == 0 or Q == 0
|
* Trivial cases: P == 0 or Q == 0
|
||||||
* (Check Q first, so that we know Q != 0 when we compute -Q.)
|
* (Check Q first, so that we know Q != 0 when we compute -Q.)
|
||||||
@ -738,7 +754,71 @@ cleanup:
|
|||||||
*/
|
*/
|
||||||
int ecp_self_test( int verbose )
|
int ecp_self_test( int verbose )
|
||||||
{
|
{
|
||||||
return( verbose++ );
|
int ret;
|
||||||
|
size_t i;
|
||||||
|
ecp_group grp;
|
||||||
|
ecp_point R;
|
||||||
|
mpi m;
|
||||||
|
unsigned long add_c_prev, dbl_c_prev;
|
||||||
|
char *exponents[] =
|
||||||
|
{
|
||||||
|
"400000000000000000000000000000000000000000000000",
|
||||||
|
"7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
|
||||||
|
"555555555555555555555555555555555555555555555555",
|
||||||
|
"5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25",
|
||||||
|
"000000000000000000000000000000000000000000000010",
|
||||||
|
};
|
||||||
|
|
||||||
|
ecp_group_init( &grp );
|
||||||
|
ecp_point_init( &R );
|
||||||
|
mpi_init( &m );
|
||||||
|
|
||||||
|
MPI_CHK( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_SECP192R1 ) );
|
||||||
|
|
||||||
|
if( verbose != 0 )
|
||||||
|
printf( " ECP test #1 (SPA resistance): " );
|
||||||
|
|
||||||
|
add_count = 0;
|
||||||
|
dbl_count = 0;
|
||||||
|
MPI_CHK( mpi_read_string( &m, 16, exponents[0] ) );
|
||||||
|
MPI_CHK( ecp_mul( &grp, &R, &m, &grp.G ) );
|
||||||
|
|
||||||
|
for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ )
|
||||||
|
{
|
||||||
|
add_c_prev = add_count;
|
||||||
|
dbl_c_prev = dbl_count;
|
||||||
|
add_count = 0;
|
||||||
|
dbl_count = 0;
|
||||||
|
|
||||||
|
MPI_CHK( mpi_read_string( &m, 16, exponents[i] ) );
|
||||||
|
MPI_CHK( ecp_mul( &grp, &R, &m, &grp.G ) );
|
||||||
|
|
||||||
|
if( add_count != add_c_prev || dbl_count != dbl_c_prev )
|
||||||
|
{
|
||||||
|
if( verbose != 0 )
|
||||||
|
printf( "failed (%zu)\n", i );
|
||||||
|
|
||||||
|
ret = 1;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if( verbose != 0 )
|
||||||
|
printf( "passed\n" );
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
|
||||||
|
if( ret < 0 && verbose != 0 )
|
||||||
|
printf( "Unexpected error, return code = %08X\n", ret );
|
||||||
|
|
||||||
|
ecp_group_free( &grp );
|
||||||
|
ecp_point_free( &R );
|
||||||
|
mpi_free( &m );
|
||||||
|
|
||||||
|
if( verbose != 0 )
|
||||||
|
printf( "\n" );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -50,6 +50,7 @@
|
|||||||
#include "polarssl/x509.h"
|
#include "polarssl/x509.h"
|
||||||
#include "polarssl/xtea.h"
|
#include "polarssl/xtea.h"
|
||||||
#include "polarssl/pbkdf2.h"
|
#include "polarssl/pbkdf2.h"
|
||||||
|
#include "polarssl/ecp.h"
|
||||||
|
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
@ -155,6 +156,11 @@ int main( int argc, char *argv[] )
|
|||||||
return( ret );
|
return( ret );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ECP_C)
|
||||||
|
if( ( ret = ecp_self_test( v ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
#endif
|
||||||
|
|
||||||
#else
|
#else
|
||||||
printf( " POLARSSL_SELF_TEST not defined.\n" );
|
printf( " POLARSSL_SELF_TEST not defined.\n" );
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -114,3 +114,7 @@ ecp_test_vect:SECP384R1:"D27335EA71664AF244DD14E9FD1260715DFD8A7965571C48D709EE7
|
|||||||
|
|
||||||
ECP test vectors secp521r1
|
ECP test vectors secp521r1
|
||||||
ecp_test_vect:SECP521R1:"0113F82DA825735E3D97276683B2B74277BAD27335EA71664AF2430CC4F33459B9669EE78B3FFB9B8683015D344DCBFEF6FB9AF4C6C470BE254516CD3C1A1FB47362":"01EBB34DD75721ABF8ADC9DBED17889CBB9765D90A7C60F2CEF007BB0F2B26E14881FD4442E689D61CB2DD046EE30E3FFD20F9A45BBDF6413D583A2DBF59924FD35C":"00F6B632D194C0388E22D8437E558C552AE195ADFD153F92D74908351B2F8C4EDA94EDB0916D1B53C020B5EECAED1A5FC38A233E4830587BB2EE3489B3B42A5A86A4":"00CEE3480D8645A17D249F2776D28BAE616952D1791FDB4B70F7C3378732AA1B22928448BCD1DC2496D435B01048066EBE4F72903C361B1A9DC1193DC2C9D0891B96":"010EBFAFC6E85E08D24BFFFCC1A4511DB0E634BEEB1B6DEC8C5939AE44766201AF6200430BA97C8AC6A0E9F08B33CE7E9FEEB5BA4EE5E0D81510C24295B8A08D0235":"00A4A6EC300DF9E257B0372B5E7ABFEF093436719A77887EBB0B18CF8099B9F4212B6E30A1419C18E029D36863CC9D448F4DBA4D2A0E60711BE572915FBD4FEF2695":"00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC":"00F9A71641029B7FC1A808AD07CD4861E868614B865AFBECAB1F2BD4D8B55EBCB5E3A53143CEB2C511B1AE0AF5AC827F60F2FD872565AC5CA0A164038FE980A7E4BD"
|
ecp_test_vect:SECP521R1:"0113F82DA825735E3D97276683B2B74277BAD27335EA71664AF2430CC4F33459B9669EE78B3FFB9B8683015D344DCBFEF6FB9AF4C6C470BE254516CD3C1A1FB47362":"01EBB34DD75721ABF8ADC9DBED17889CBB9765D90A7C60F2CEF007BB0F2B26E14881FD4442E689D61CB2DD046EE30E3FFD20F9A45BBDF6413D583A2DBF59924FD35C":"00F6B632D194C0388E22D8437E558C552AE195ADFD153F92D74908351B2F8C4EDA94EDB0916D1B53C020B5EECAED1A5FC38A233E4830587BB2EE3489B3B42A5A86A4":"00CEE3480D8645A17D249F2776D28BAE616952D1791FDB4B70F7C3378732AA1B22928448BCD1DC2496D435B01048066EBE4F72903C361B1A9DC1193DC2C9D0891B96":"010EBFAFC6E85E08D24BFFFCC1A4511DB0E634BEEB1B6DEC8C5939AE44766201AF6200430BA97C8AC6A0E9F08B33CE7E9FEEB5BA4EE5E0D81510C24295B8A08D0235":"00A4A6EC300DF9E257B0372B5E7ABFEF093436719A77887EBB0B18CF8099B9F4212B6E30A1419C18E029D36863CC9D448F4DBA4D2A0E60711BE572915FBD4FEF2695":"00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC":"00F9A71641029B7FC1A808AD07CD4861E868614B865AFBECAB1F2BD4D8B55EBCB5E3A53143CEB2C511B1AE0AF5AC827F60F2FD872565AC5CA0A164038FE980A7E4BD"
|
||||||
|
|
||||||
|
ECP selftest
|
||||||
|
depends_on:POLARSSL_SELF_TEST
|
||||||
|
ecp_selftest:
|
||||||
|
|||||||
@ -194,3 +194,10 @@ ecp_fast_mod:id:N
|
|||||||
ecp_group_free( &grp );
|
ecp_group_free( &grp );
|
||||||
}
|
}
|
||||||
END_CASE
|
END_CASE
|
||||||
|
|
||||||
|
BEGIN_CASE
|
||||||
|
ecp_selftest:
|
||||||
|
{
|
||||||
|
TEST_ASSERT( ecp_self_test( 0 ) == 0 );
|
||||||
|
}
|
||||||
|
END_CASE
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user