Change mbedtls_mpi_core_exp_mod to constant time

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2025-09-29 08:24:11 -04:00 · 2024-05-30 16:41:47 +00:00 · 2024-05-30 16:41:47 +00:00 · 7b3024e791
commit 7b3024e791
parent 90b035e823
2 changed files with 22 additions and 2 deletions
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@ -621,6 +621,9 @@ size_t mbedtls_mpi_core_exp_mod_working_limbs(size_t AN_limbs, size_t E_limbs);
 * \p X may be aliased to \p A, but not to \p RR or \p E, even if \p E_limbs ==
 * \p AN_limbs.
 *
+ * This function operates in constant time with respect
+ * to the values of \p A, \p N and \p E.
+ *
 * \param[out] X     The destination MPI, as a little endian array of length
 *                   \p AN_limbs.
 * \param[in] A      The base MPI, as a little endian array of length \p AN_limbs.
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@ -1302,14 +1302,31 @@ void mpi_core_exp_mod(char *input_N, char *input_A,
              working_limbs);

    TEST_CALLOC(T, working_limbs);
-
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+    TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_SECRET(N, N_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_SECRET(E, E_limbs * sizeof(mbedtls_mpi_uint));
+#endif
    mbedtls_mpi_core_exp_mod(Y, A, N, N_limbs, E, E_limbs, R2, T);
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+    TEST_CF_PUBLIC(Y, N_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_PUBLIC(N, N_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_PUBLIC(E, E_limbs * sizeof(mbedtls_mpi_uint));
+#endif

    TEST_EQUAL(0, memcmp(X, Y, N_limbs * sizeof(mbedtls_mpi_uint)));

+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+    TEST_CF_SECRET(A, A_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_SECRET(N, N_limbs * sizeof(mbedtls_mpi_uint));
+    TEST_CF_SECRET(E, E_limbs * sizeof(mbedtls_mpi_uint));
+#endif
    /* Check when output aliased to input */
-
    mbedtls_mpi_core_exp_mod(A, A, N, N_limbs, E, E_limbs, R2, T);
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+    TEST_CF_PUBLIC(A, A_limbs * sizeof(mbedtls_mpi_uint));
+#endif

    TEST_EQUAL(0, memcmp(X, A, N_limbs * sizeof(mbedtls_mpi_uint)));