Make explicit _ct and _nonct versions of bn_mod_exp funcitons that

matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
author: beck <> 2017-01-21 09:38:59 +0000
committer: beck <> 2017-01-21 09:38:59 +0000
commit: a0a595cda97de2b217b0582cfa601ee4c746bfce (patch)
tree: a68beae7892dad13fd8d76ba1fc45e6570e3360b /src/regress/lib/libcrypto/exp/exptest.c
parent: 0150f186622a6f660c4e80dc9a36dc843ac87b7c (diff)
download: openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.gz
openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.bz2
openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.zip
1 files changed, 55 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c
index 45ca5ac5f5..375628cb25 100644
--- a/src/regress/lib/libcrypto/exp/exptest.c
+++ b/src/regress/lib/libcrypto/exp/exptest.c
@@ -64,6 +64,15 @@
 #include <openssl/bn.h>
 #include <openssl/err.h>
+int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 #define NUM_BITS        (BN_BITS*2)
 /*
@@ -116,6 +125,18 @@ static int test_exp_mod_zero(void)
        if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
                failed = 1;
+        if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx))
+                goto err;
+        if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a))
+                failed = 1;
+        if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx))
+                goto err;
+        if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a))
+                failed = 1;
        if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
                goto err;
@@ -134,6 +155,18 @@ static int test_exp_mod_zero(void)
        if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
                failed = 1;
+        if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL))
+                goto err;
+        if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a))
+                failed = 1;
+        if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL))
+                goto err;
+        if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a))
+                failed = 1;
        if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
                goto err;
        }
@@ -175,7 +208,8 @@ int main(int argc, char *argv[])
        BIO *out = NULL;
        int i, ret;
        unsigned char c;
-        BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
+        BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple,
+            *r_mont_ct, *r_mont_nonct, *a, *b, *m;
        ERR_load_BN_strings();
@@ -184,6 +218,8 @@ int main(int argc, char *argv[])
                exit(1);
        r_mont = BN_new();
        r_mont_const = BN_new();
+        r_mont_ct = BN_new();
+        r_mont_nonct = BN_new();
        r_recp = BN_new();
        r_simple = BN_new();
        a = BN_new();
@@ -221,6 +257,20 @@ int main(int argc, char *argv[])
                        exit(1);
                }
+                ret = BN_mod_exp_mont_ct(r_mont_ct, a, b, m, ctx, NULL);
+                if (ret <= 0) {
+                        printf("BN_mod_exp_mont_ct() problems\n");
+                        ERR_print_errors(out);
+                        exit(1);
+                }
+                ret = BN_mod_exp_mont_nonct(r_mont_nonct, a, b, m, ctx, NULL);
+                if (ret <= 0) {
+                        printf("BN_mod_exp_mont_nonct() problems\n");
+                        ERR_print_errors(out);
+                        exit(1);
+                }
                ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
                if (ret <= 0) {
                        printf("BN_mod_exp_recp() problems\n");
@@ -254,6 +304,10 @@ int main(int argc, char *argv[])
                                printf("\nsimple and mont const time results differ\n");
                        if (BN_cmp(r_simple, r_recp) != 0)
                                printf("\nsimple and recp results differ\n");
+                        if (BN_cmp(r_mont, r_mont_ct) != 0)
+                                printf("\nmont_ct and mont results differ\n");
+                        if (BN_cmp(r_mont_ct, r_mont_nonct) != 0)
+                                printf("\nmont_ct and mont_nonct results differ\n");
                        printf("a (%3d) = ", BN_num_bits(a));
                        BN_print(out, a);
author	beck <>	2017-01-21 09:38:59 +0000
committer	beck <>	2017-01-21 09:38:59 +0000
commit	a0a595cda97de2b217b0582cfa601ee4c746bfce (patch)
tree	a68beae7892dad13fd8d76ba1fc45e6570e3360b /src/regress/lib/libcrypto/exp/exptest.c
parent	0150f186622a6f660c4e80dc9a36dc843ac87b7c (diff)
download	openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.gz openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.bz2 openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.zip

diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c index 45ca5ac5f5..375628cb25 100644 --- a/src/regress/lib/libcrypto/exp/exptest.c +++ b/src/regress/lib/libcrypto/exp/exptest.c
@@ -64,6 +64,15 @@
64	#include <openssl/bn.h>	64	#include <openssl/bn.h>
65	#include <openssl/err.h>	65	#include <openssl/err.h>
66		66
		67	int BN_mod_exp_ct(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		68	const BIGNUM m, BN_CTX ctx);
		69	int BN_mod_exp_nonct(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		70	const BIGNUM m, BN_CTX ctx);
		71	int BN_mod_exp_mont_ct(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		72	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx);
		73	int BN_mod_exp_mont_nonct(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		74	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx);
		75
67	#define NUM_BITS (BN_BITS*2)	76	#define NUM_BITS (BN_BITS*2)
68		77
69	/*	78	/*
@@ -116,6 +125,18 @@ static int test_exp_mod_zero(void)
116	if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))	125	if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
117	failed = 1;	126	failed = 1;
118		127
		128	if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx))
		129	goto err;
		130
		131	if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a))
		132	failed = 1;
		133
		134	if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx))
		135	goto err;
		136
		137	if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a))
		138	failed = 1;
		139
119	if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))	140	if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
120	goto err;	141	goto err;
121		142
@@ -134,6 +155,18 @@ static int test_exp_mod_zero(void)
134	if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))	155	if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
135	failed = 1;	156	failed = 1;
136		157
		158	if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL))
		159	goto err;
		160
		161	if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a))
		162	failed = 1;
		163
		164	if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL))
		165	goto err;
		166
		167	if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a))
		168	failed = 1;
		169
137	if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {	170	if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
138	goto err;	171	goto err;
139	}	172	}
@@ -175,7 +208,8 @@ int main(int argc, char *argv[])
175	BIO *out = NULL;	208	BIO *out = NULL;
176	int i, ret;	209	int i, ret;
177	unsigned char c;	210	unsigned char c;
178	BIGNUM r_mont, r_mont_const, r_recp, r_simple, a, b, *m;	211	BIGNUM r_mont, r_mont_const, r_recp, r_simple,
		212	r_mont_ct, r_mont_nonct, a, b, *m;
179		213
180	ERR_load_BN_strings();	214	ERR_load_BN_strings();
181		215
@@ -184,6 +218,8 @@ int main(int argc, char *argv[])
184	exit(1);	218	exit(1);
185	r_mont = BN_new();	219	r_mont = BN_new();
186	r_mont_const = BN_new();	220	r_mont_const = BN_new();
		221	r_mont_ct = BN_new();
		222	r_mont_nonct = BN_new();
187	r_recp = BN_new();	223	r_recp = BN_new();
188	r_simple = BN_new();	224	r_simple = BN_new();
189	a = BN_new();	225	a = BN_new();
@@ -221,6 +257,20 @@ int main(int argc, char *argv[])
221	exit(1);	257	exit(1);
222	}	258	}
223		259
		260	ret = BN_mod_exp_mont_ct(r_mont_ct, a, b, m, ctx, NULL);
		261	if (ret <= 0) {
		262	printf("BN_mod_exp_mont_ct() problems\n");
		263	ERR_print_errors(out);
		264	exit(1);
		265	}
		266
		267	ret = BN_mod_exp_mont_nonct(r_mont_nonct, a, b, m, ctx, NULL);
		268	if (ret <= 0) {
		269	printf("BN_mod_exp_mont_nonct() problems\n");
		270	ERR_print_errors(out);
		271	exit(1);
		272	}
		273
224	ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);	274	ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
225	if (ret <= 0) {	275	if (ret <= 0) {
226	printf("BN_mod_exp_recp() problems\n");	276	printf("BN_mod_exp_recp() problems\n");
@@ -254,6 +304,10 @@ int main(int argc, char *argv[])
254	printf("\nsimple and mont const time results differ\n");	304	printf("\nsimple and mont const time results differ\n");
255	if (BN_cmp(r_simple, r_recp) != 0)	305	if (BN_cmp(r_simple, r_recp) != 0)
256	printf("\nsimple and recp results differ\n");	306	printf("\nsimple and recp results differ\n");
		307	if (BN_cmp(r_mont, r_mont_ct) != 0)
		308	printf("\nmont_ct and mont results differ\n");
		309	if (BN_cmp(r_mont_ct, r_mont_nonct) != 0)
		310	printf("\nmont_ct and mont_nonct results differ\n");
257		311
258	printf("a (%3d) = ", BN_num_bits(a));	312	printf("a (%3d) = ", BN_num_bits(a));
259	BN_print(out, a);	313	BN_print(out, a);