From 0404c147b0a2c57a2c43dd14ef43d8cabdedb186 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Wed, 15 Nov 2023 08:16:10 +0100
Subject: [PATCH] Add sidechannel tests for curve448.
---
ChangeLog | 10 ++++++----
ecc-curve448.c | 2 +-
testsuite/Makefile.in | 2 +-
testsuite/curve448-dh-test.c | 11 +++++++++++
testsuite/sc-curve448-dh-test | 6 ++++++
5 files changed, 25 insertions(+), 6 deletions(-)
create mode 100755 testsuite/sc-curve448-dh-test
diff --git a/ChangeLog b/ChangeLog
index 0a98d673..ca7d7bf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,17 +1,19 @@
2023-11-15 Niels Möller <nisse@lysator.liu.se>
+ * ecc-mod-arith.c (ecc_mod_addmul_1): Use assert_maybe.
+ * ecc-curve448.c (ecc_curve448_modp): Likewise.
+
* testsuite/curve25519-dh-test.c (test_g): Add calls to
mark_bytes_undefined and mark_bytes_defined.
(test_a): Likewise.
(test_main): Skip side-channel tests in builds with mini-gmp or
extra asserts enabled.
-
- * ecc-mod-arith.c (ecc_mod_addmul_1): Use assert_maybe.
+ * testsuite/curve448-dh-test.c: Analogous changes.
* testsuite/Makefile.in (TS_SC_HOGWEED): New make variable. Added
- sc-curve25519-dh-test to list.
-
+ sc-curve25519-dh-test and sc-curve448-dh-test to list.
* testsuite/sc-curve25519-dh-test: New testcase.
+ * testsuite/sc-curve448-dh-test: New testcase.
2023-11-14 Niels Möller <nisse@lysator.liu.se>
diff --git a/ecc-curve448.c b/ecc-curve448.c
index daef56cc..1bffeeb7 100644
--- a/ecc-curve448.c
+++ b/ecc-curve448.c
@@ -91,7 +91,7 @@ ecc_curve448_modp(const struct ecc_modulo *m, mp_limb_t *rp, mp_limb_t *xp)
tp[5] = tp[6] = 0;
c7 = mpn_add_n (rp, xp, tp, 7);
c7 = mpn_cnd_add_n (c7, rp, rp, m->B, 7);
- assert (c7 == 0);
+ assert_maybe (c7 == 0);
}
#else
#define ecc_curve448_modp ecc_mod
diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index b8bce556..cf3d962c 100644
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -67,7 +67,7 @@ TS_C = $(TS_NETTLE) @IF_HOGWEED@ $(TS_HOGWEED)
TS_CXX = @IF_CXX@ $(CXX_SOURCES:.cxx=$(EXEEXT))
TARGETS = $(TS_C) $(TS_CXX)
TS_SC_HOGWEED = sc-pkcs1-sec-decrypt-test sc-rsa-sec-decrypt-test \
- sc-ecdsa-sign-test sc-curve25519-dh-test
+ sc-ecdsa-sign-test sc-curve25519-dh-test sc-curve448-dh-test
TS_SC = sc-cnd-memcpy-test sc-gcm-test sc-memeql-test \
@IF_HOGWEED@ $(TS_SC_HOGWEED)
diff --git a/testsuite/curve448-dh-test.c b/testsuite/curve448-dh-test.c
index 7d142d6f..c91a5753 100644
--- a/testsuite/curve448-dh-test.c
+++ b/testsuite/curve448-dh-test.c
@@ -38,7 +38,10 @@ static void
test_g (const uint8_t *s, const uint8_t *r)
{
uint8_t p[CURVE448_SIZE];
+ mark_bytes_undefined (CURVE448_SIZE, s);
curve448_mul_g (p, s);
+ mark_bytes_defined (CURVE448_SIZE, p);
+
if (!MEMEQ (CURVE448_SIZE, p, r))
{
printf ("curve448_mul_g failure:\ns = ");
@@ -56,7 +59,11 @@ static void
test_a (const uint8_t *s, const uint8_t *b, const uint8_t *r)
{
uint8_t p[CURVE448_SIZE];
+ mark_bytes_undefined (CURVE448_SIZE, s);
+ mark_bytes_undefined (CURVE448_SIZE, b);
curve448_mul (p, s, b);
+ mark_bytes_defined (CURVE448_SIZE, p);
+
if (!MEMEQ (CURVE448_SIZE, p, r))
{
printf ("curve448_mul failure:\ns = ");
@@ -75,6 +82,10 @@ test_a (const uint8_t *s, const uint8_t *b, const uint8_t *r)
void
test_main (void)
{
+#if NETTLE_USE_MINI_GMP || WITH_EXTRA_ASSERTS
+ if (test_side_channel)
+ SKIP();
+#endif
/* From RFC 7748. */
test_g (H("9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28d"
"d9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b"),
diff --git a/testsuite/sc-curve448-dh-test b/testsuite/sc-curve448-dh-test
new file mode 100755
index 00000000..fdd59bdc
--- /dev/null
+++ b/testsuite/sc-curve448-dh-test
@@ -0,0 +1,6 @@
+#! /bin/sh
+
+srcdir=`dirname $0`
+. "${srcdir}/sc-valgrind.sh"
+
+with_valgrind ./curve448-dh-test
--
GitLab