Add mbedtls_mpi_core_check_zero_ct() and tests
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
diff --git a/library/bignum_core.c b/library/bignum_core.c
index 1ce8457..75cce05 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -742,6 +742,17 @@
return( c );
}
+mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
+ size_t limbs )
+{
+ mbedtls_mpi_uint bits = 0;
+
+ for( size_t i = 0; i < limbs; i++ )
+ bits |= A[i];
+
+ return( bits );
+}
+
/* END MERGE SLOT 3 */
/* BEGIN MERGE SLOT 4 */
diff --git a/library/bignum_core.h b/library/bignum_core.h
index b7af4d0..7f5375e 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -572,6 +572,19 @@
mbedtls_mpi_uint b,
size_t limbs );
+/**
+ * \brief Determine if a given MPI has the value \c 0 in constant time with
+ * respect to the value (but not with respect to the number of limbs).
+ *
+ * \param[in] A The MPI to test.
+ * \param limbs Number of limbs in \p A.
+ *
+ * \return 0 if `A == 0`
+ * non-0 (may be any value) if `A != 0`.
+ */
+mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
+ size_t limbs );
+
/* END MERGE SLOT 3 */
/* BEGIN MERGE SLOT 4 */
diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py
index 158ada9..1a8c22b 100644
--- a/scripts/mbedtls_dev/bignum_core.py
+++ b/scripts/mbedtls_dev/bignum_core.py
@@ -818,6 +818,20 @@
str(-borrow)
]
+class BignumCoreZeroCheckCT(BignumCoreTarget, bignum_common.OperationCommon):
+ """Test cases for bignum core zero check (constant flow)."""
+ count = 0
+ symbol = "== 0"
+ test_function = "mpi_core_check_zero_ct"
+ test_name = "mpi_core_check_zero_ct"
+ input_style = "variable"
+ arity = 1
+ suffix = True
+
+ def result(self) -> List[str]:
+ result = 1 if self.int_a == 0 else 0
+ return [str(result)]
+
# END MERGE SLOT 3
# BEGIN MERGE SLOT 4
diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index 7872115..9392f51 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -1162,6 +1162,25 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void mpi_core_check_zero_ct( char *input_X, int expected_is_zero )
+{
+ mbedtls_mpi_uint *X = NULL;
+ size_t X_limbs;
+
+ TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &X, &X_limbs, input_X ) );
+
+ TEST_CF_SECRET( X, X_limbs * sizeof( mbedtls_mpi_uint ) );
+
+ mbedtls_mpi_uint check = mbedtls_mpi_core_check_zero_ct( X, X_limbs );
+ int is_zero = (check == 0);
+ TEST_EQUAL( is_zero, expected_is_zero );
+
+exit:
+ mbedtls_free( X );
+}
+/* END_CASE */
+
/* END MERGE SLOT 3 */
/* BEGIN MERGE SLOT 4 */