From 55be79b500ed73facee057c2873ccf23eeba3310 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Wed, 21 Aug 2024 13:24:01 +0100
Subject: [PATCH] Add tests for optionally safe code paths in RSA

Only add the test hooks where it is meaningful. That is, not adding
where the operation is essentially the same or the target is not the
function that is being tested.

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 tests/suites/test_suite_rsa.function | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index e82452927e..e0206eca29 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -1,5 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/rsa.h"
+#include "bignum_core.h"
 #include "rsa_alt_helpers.h"
 #include "rsa_internal.h"
 /* END_HEADER */
@@ -489,7 +490,13 @@ void mbedtls_rsa_public(data_t *message_str, int mod,
     TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
     TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
 
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
+    mbedtls_mpi_optionally_safe_codepath_reset();
+#endif
     TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result);
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
+    TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_PUBLIC);
+#endif
     if (result == 0) {
 
         TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
@@ -554,9 +561,15 @@ void mbedtls_rsa_private(data_t *message_str, int mod,
     /* repeat three times to test updating of blinding values */
     for (i = 0; i < 3; i++) {
         memset(output, 0x00, sizeof(output));
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
+        mbedtls_mpi_optionally_safe_codepath_reset();
+#endif
         TEST_ASSERT(mbedtls_rsa_private(&ctx, mbedtls_test_rnd_pseudo_rand,
                                         &rnd_info, message_str->x,
                                         output) == result);
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
+        TEST_EQUAL(mbedtls_mpi_optionally_safe_codepath, MBEDTLS_MPI_IS_SECRET);
+#endif
         if (result == 0) {
 
             TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,