Change mbedtls_mpi_cmp_mpi_ct to check less than
The signature of mbedtls_mpi_cmp_mpi_ct() meant to support using it in
place of mbedtls_mpi_cmp_mpi(). This meant full comparison functionality
and a signed result.
To make the function more universal and friendly to constant time
coding, we change the result type to unsigned. Theoretically, we could
encode the comparison result in an unsigned value, but it would be less
intuitive.
Therefore we won't be able to represent the result as unsigned anymore
and the functionality will be constrained to checking if the first
operand is less than the second. This is sufficient to support the
current use case and to check any relationship between MPIs.
The only drawback is that we need to call the function twice when
checking for equality, but this can be optimised later if an when it is
needed.
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 97fd7b9..617f461 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -588,10 +588,12 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_mpi_ct( int size_X, int radix_X, char * input_X, int size_Y,
- int radix_Y, char * input_Y, int input_ret, int input_err )
+void mbedtls_mpi_lt_mpi_ct( int size_X, int radix_X, char * input_X,
+ int size_Y, int radix_Y, char * input_Y,
+ int input_ret, int input_err )
{
- int ret;
+ unsigned ret;
+ unsigned input_uret = input_ret;
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
@@ -601,9 +603,9 @@
mbedtls_mpi_grow( &X, size_X );
mbedtls_mpi_grow( &Y, size_Y );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi_ct( &X, &Y, &ret ) == input_err );
+ TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
if( input_err == 0 )
- TEST_ASSERT( ret == input_ret );
+ TEST_ASSERT( ret == input_uret );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );