Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / d1c0de6fe0fe80f5004a8e6784c59b78829d21f1^! / . / crypto / constant_time_test.cc
commitd1c0de6fe0fe80f5004a8e6784c59b78829d21f1[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Mar 16 11:38:18 2017 -0400
committerAdam Langley <agl@google.com>Thu Mar 30 15:38:43 2017 +0000
treea1b709b7b399d2a6e9f29fdfa2c01f6715cafacf
parentf368c73826a96331e87e79f93be381a870ecc7c1 [diff] [blame]
Add size_t variants of constant-time functions.

These will be used in follow-up commits. The _s names are taken from
upstream, to ease importing code. I've also promoted the CONSTTIME_*
macros from the test. None of them are really necessary except
~0u cannot substitute for CONSTTIME_TRUE_S on 64-bit platforms, so
having the macros seems safer.

Once everything is converted, I expect the unsigned versions can be
removed, so I've made the _8 and _int functions act on size_t rather
than unsigned. The users of these functions basically only believe that
array indices and bytes exist.

BUG=22

Change-Id: I987bfb0c708dc726a6f2afcb05b6619bbd600564
Reviewed-on: https://boringssl-review.googlesource.com/14306
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/constant_time_test.cc b/crypto/constant_time_test.cc
index adfe272..628681f 100644
--- a/crypto/constant_time_test.cc
+++ b/crypto/constant_time_test.cc

@@ -49,14 +49,11 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+#include <limits>
+
 #include <gtest/gtest.h>
 
 
-static const unsigned CONSTTIME_TRUE = (unsigned)(~0);
-static const unsigned CONSTTIME_FALSE = 0;
-static const uint8_t CONSTTIME_TRUE_8 = 0xff;
-static const uint8_t CONSTTIME_FALSE_8 = 0;
-
 static unsigned FromBool(bool b) {
   return b ? CONSTTIME_TRUE : CONSTTIME_FALSE;
 }
@@ -65,6 +62,10 @@
   return b ? CONSTTIME_TRUE_8 : CONSTTIME_FALSE_8;
 }
 
+static size_t FromBoolS(bool b) {
+  return b ? CONSTTIME_TRUE_S : CONSTTIME_FALSE_S;
+}
+
 static unsigned test_values[] = {
     0,
     1,
@@ -80,28 +81,63 @@
 
 static uint8_t test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255};
 
+static size_t test_values_s[] = {
+    0,
+    1,
+    1024,
+    12345,
+    32000,
+#if defined(OPENSSL_64_BIT)
+    0xffffffff / 2 - 1,
+    0xffffffff / 2,
+    0xffffffff / 2 + 1,
+    0xffffffff - 1,
+    0xffffffff,
+#endif
+    std::numeric_limits<size_t>::max() / 2 - 1,
+    std::numeric_limits<size_t>::max() / 2,
+    std::numeric_limits<size_t>::max() / 2 + 1,
+    std::numeric_limits<size_t>::max() - 1,
+    std::numeric_limits<size_t>::max(),
+};
+
 static int signed_test_values[] = {
     0,     1,      -1,      1024,    -1024,       12345,      -12345,
     32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1, INT_MIN + 1};
 
 TEST(ConstantTimeTest, Test) {
-  for (unsigned a : test_values) {
+  for (size_t a : test_values_s) {
     SCOPED_TRACE(a);
 
-    EXPECT_EQ(FromBool(a == 0), constant_time_is_zero(a));
+    EXPECT_EQ(FromBoolS(a == 0), constant_time_is_zero_s(a));
     EXPECT_EQ(FromBool8(a == 0), constant_time_is_zero_8(a));
 
+    for (size_t b : test_values_s) {
+      SCOPED_TRACE(b);
+
+      EXPECT_EQ(FromBoolS(a < b), constant_time_lt_s(a, b));
+      EXPECT_EQ(FromBool8(a < b), constant_time_lt_8(a, b));
+
+      EXPECT_EQ(FromBoolS(a >= b), constant_time_ge_s(a, b));
+      EXPECT_EQ(FromBool8(a >= b), constant_time_ge_8(a, b));
+
+      EXPECT_EQ(FromBoolS(a == b), constant_time_eq_s(a, b));
+      EXPECT_EQ(FromBool8(a == b), constant_time_eq_8(a, b));
+
+      EXPECT_EQ(a, constant_time_select_s(CONSTTIME_TRUE_S, a, b));
+      EXPECT_EQ(b, constant_time_select_s(CONSTTIME_FALSE_S, a, b));
+    }
+  }
+
+  for (unsigned a : test_values) {
+    SCOPED_TRACE(a);
+    EXPECT_EQ(FromBool(a == 0), constant_time_is_zero(a));
     for (unsigned b : test_values) {
       SCOPED_TRACE(b);
 
       EXPECT_EQ(FromBool(a < b), constant_time_lt(a, b));
-      EXPECT_EQ(FromBool8(a < b), constant_time_lt_8(a, b));
-
       EXPECT_EQ(FromBool(a >= b), constant_time_ge(a, b));
-      EXPECT_EQ(FromBool8(a >= b), constant_time_ge_8(a, b));
-
       EXPECT_EQ(FromBool(a == b), constant_time_eq(a, b));
-      EXPECT_EQ(FromBool8(a == b), constant_time_eq_8(a, b));
 
       EXPECT_EQ(a, constant_time_select(CONSTTIME_TRUE, a, b));
       EXPECT_EQ(b, constant_time_select(CONSTTIME_FALSE, a, b));
@@ -113,10 +149,14 @@
     for (int b : signed_test_values) {
       SCOPED_TRACE(b);
 
+      // constant_time_select_int accepts both size_t and unsigned masks.
       EXPECT_EQ(a, constant_time_select_int(CONSTTIME_TRUE, a, b));
       EXPECT_EQ(b, constant_time_select_int(CONSTTIME_FALSE, a, b));
 
-      EXPECT_EQ(FromBool(a == b), constant_time_eq_int(a, b));
+      EXPECT_EQ(a, constant_time_select_int(CONSTTIME_TRUE_S, a, b));
+      EXPECT_EQ(b, constant_time_select_int(CONSTTIME_FALSE_S, a, b));
+
+      EXPECT_EQ(FromBoolS(a == b), constant_time_eq_int(a, b));
       EXPECT_EQ(FromBool8(a == b), constant_time_eq_int_8(a, b));
     }
   }