| /* BEGIN_HEADER */ |
| /** \file test_suite_constant_time.function |
| * |
| * Functional testing of functions in the constant_time module. |
| * |
| * The tests are instrumented with #TEST_CF_SECRET and #TEST_CF_PUBLIC |
| * (see tests/include/test/constant_flow.h) so that running the tests |
| * under MSan or Valgrind will detect a non-constant-time implementation. |
| */ |
| |
| #include <mbedtls/constant_time.h> |
| #include <constant_time_internal.h> |
| #include <constant_time_invasive.h> |
| |
| #include <test/constant_flow.h> |
| /* END_HEADER */ |
| |
| #include <stdio.h> |
| |
| /* BEGIN_CASE */ |
| void mbedtls_ct_memcmp_null() |
| { |
| uint32_t x; |
| TEST_ASSERT(mbedtls_ct_memcmp(&x, NULL, 0) == 0); |
| TEST_ASSERT(mbedtls_ct_memcmp(NULL, &x, 0) == 0); |
| TEST_ASSERT(mbedtls_ct_memcmp(NULL, NULL, 0) == 0); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void mbedtls_ct_memcmp(int same, int size, int offset) |
| { |
| uint8_t *a = NULL, *b = NULL; |
| ASSERT_ALLOC(a, size + offset); |
| ASSERT_ALLOC(b, size + offset); |
| |
| TEST_CF_SECRET(a + offset, size); |
| TEST_CF_SECRET(b + offset, size); |
| |
| for (int i = 0; i < size + offset; i++) { |
| a[i] = i & 0xff; |
| b[i] = (i & 0xff) + (same ? 0 : 1); |
| } |
| |
| int reference = memcmp(a + offset, b + offset, size); |
| int actual = mbedtls_ct_memcmp(a + offset, b + offset, size); |
| TEST_CF_PUBLIC(a + offset, size); |
| TEST_CF_PUBLIC(b + offset, size); |
| |
| if (same != 0) { |
| TEST_ASSERT(reference == 0); |
| TEST_ASSERT(actual == 0); |
| } else { |
| TEST_ASSERT(reference != 0); |
| TEST_ASSERT(actual != 0); |
| } |
| exit: |
| mbedtls_free(a); |
| mbedtls_free(b); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */ |
| void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) |
| { |
| uint8_t *src = NULL, *result = NULL, *expected = NULL; |
| ASSERT_ALLOC(src, size + offset); |
| ASSERT_ALLOC(result, size + offset); |
| ASSERT_ALLOC(expected, size + offset); |
| |
| for (int i = 0; i < size + offset; i++) { |
| src[i] = 1; |
| result[i] = 0xff; |
| expected[i] = eq ? 1 : 0xff; |
| } |
| |
| mbedtls_ct_memcpy_if_eq(result + offset, src, size, eq, 1); |
| ASSERT_COMPARE(expected, size, result + offset, size); |
| |
| for (int i = 0; i < size + offset; i++) { |
| src[i] = 1; |
| result[i] = 0xff; |
| expected[i] = eq ? 1 : 0xff; |
| } |
| mbedtls_ct_memcpy_if_eq(result, src + offset, size, eq, 1); |
| ASSERT_COMPARE(expected, size, result, size); |
| |
| exit: |
| mbedtls_free(src); |
| mbedtls_free(result); |
| mbedtls_free(expected); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ |
| void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) |
| { |
| unsigned char *dst = NULL; |
| unsigned char *src = NULL; |
| size_t src_len = offset_max + len; |
| size_t secret; |
| |
| ASSERT_ALLOC(dst, len); |
| ASSERT_ALLOC(src, src_len); |
| |
| /* Fill src in a way that we can detect if we copied the right bytes */ |
| mbedtls_test_rnd_std_rand(NULL, src, src_len); |
| |
| for (secret = offset_min; secret <= (size_t) offset_max; secret++) { |
| mbedtls_test_set_step((int) secret); |
| |
| TEST_CF_SECRET(&secret, sizeof(secret)); |
| mbedtls_ct_memcpy_offset(dst, src, secret, |
| offset_min, offset_max, len); |
| TEST_CF_PUBLIC(&secret, sizeof(secret)); |
| TEST_CF_PUBLIC(dst, len); |
| |
| ASSERT_COMPARE(dst, len, src + secret, len); |
| } |
| |
| exit: |
| mbedtls_free(dst); |
| mbedtls_free(src); |
| } |
| /* END_CASE */ |