commit 3235165e070803b0459a37fa7469dd3e918fc77a
author Waleed Elmelegy <waleed.elmelegy@arm.com> Wed May 08 17:36:09 2024 +0000
committer Waleed Elmelegy <waleed.elmelegy@arm.com> Mon May 13 13:47:04 2024 +0000
tree cfbf5d5df9727ad2d0b6f609b346631660b9bd49
parent e14694071431070437a46dd6b80559c71eea671e

Change mpi_core_check_sub to be constant time

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

library/bignum_core.c

diff --git a/library/bignum_core.c b/library/bignum_core.c
index 1a3e0b9..ee3d704 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -449,9 +449,10 @@
     mbedtls_mpi_uint c = 0;
 
     for (size_t i = 0; i < limbs; i++) {
-        mbedtls_mpi_uint z = (A[i] < c);
+        mbedtls_mpi_uint z = mbedtls_ct_mpi_uint_if(mbedtls_ct_uint_lt(A[i], c),
+                                                    1, 0);
         mbedtls_mpi_uint t = A[i] - c;
-        c = (t < B[i]) + z;
+        c = mbedtls_ct_mpi_uint_if(mbedtls_ct_uint_lt(t, B[i]), 1, 0) + z;
         X[i] = t - B[i];
     }
 

tests/suites/test_suite_bignum_core.function

diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index db84d62..61eeaf5 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -1317,3 +1317,33 @@
     mbedtls_free(X);
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_core_check_sub_ct(char *input_A, char *input_B, int exp_ret)
+{
+    mbedtls_mpi_uint *A = NULL;
+    mbedtls_mpi_uint *B = NULL;
+    mbedtls_mpi_uint *X = NULL;
+    size_t A_limbs, B_limbs;
+    int ret;
+
+    TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &A_limbs, input_A));
+    TEST_EQUAL(0, mbedtls_test_read_mpi_core(&B, &B_limbs, input_B));
+
+    TEST_EQUAL(A_limbs, B_limbs);
+
+    size_t limbs = A_limbs;
+    TEST_CALLOC(X, limbs);
+
+    TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_SECRET(B, B_limbs * sizeof(mbedtls_mpi_uint));
+
+    ret = mbedtls_mpi_core_sub(X, A, B, limbs);
+    TEST_EQUAL(ret, exp_ret);
+
+exit:
+    mbedtls_free(A);
+    mbedtls_free(B);
+    mbedtls_free(X);
+}
+/* END_CASE */

tests/suites/test_suite_bignum_core.misc.data

diff --git a/tests/suites/test_suite_bignum_core.misc.data b/tests/suites/test_suite_bignum_core.misc.data
index ba86029..ccf3750 100644
--- a/tests/suites/test_suite_bignum_core.misc.data
+++ b/tests/suites/test_suite_bignum_core.misc.data
@@ -523,3 +523,9 @@
 
 CLZ: 100000 0: skip overly long input
 mpi_core_clz:100000:0
+
+Constant time Subtraction
+mpi_core_check_sub_ct:"1234567890abcdef0":"10000000000000000":0
+
+Constant time Subtraction #2
+mpi_core_check_sub_ct:"10000000000000000":"1234567890abcdef0":1