Test CT sanitizer and CTGRIND functionality

.github/workflows/main.yml

@@ -97,7 +97,7 @@ jobs:
         run: |
           mkdir -p build
           cd build
-          CC=clang CXX=clang++ cmake -DCMAKE_BUILD_TYPE=Release -DMEMSAN=1 ..
+          CC=clang CXX=clang++ cmake -DCMAKE_BUILD_TYPE=Release -DMEMSAN=1 -DCTSAN=1 ..
           make
       - name: run tests
         run: |

CMakeLists.txt

@@ -38,10 +38,36 @@ if(MEMSAN)
   set(CMAKE_ARGS_MEMCHECK_LIB "-stdlib=libc++")
   set(CMAKE_ARGS_MEMCHECK_INC "-isystem -I${LLVM_PRJ_INC} -I${LLVM_PRJ_INC}/c++/v1")
   set(CMAKE_ARGS_MEMCHECK_FLAGS "-fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -Wno-unused-command-line-argument")
+  # Enablin "keep-going" flag alows two things:
+  # 1. Enables CT_EXPECT_UMR()/CT_REQUIRE_UMR() in tests. For some reason MSan will halt
+  #    on error even if it expects UMR. And hence, CT can't be tested. This is probably a bug.
+  # 2. reports all the errors from the run, not only the first one (don't fail-fast)
+  string(APPEND CMAKE_ARGS_MEMCHECK_FLAGS " -mllvm -msan-keep-going=1")
   set(EXTRA_CXX_FLAGS "${CMAKE_ARGS_MEMCHECK_FLAGS} ${CMAKE_ARGS_MEMCHECK_LIB} ${CMAKE_ARGS_MEMCHECK_INC} -DPQC_MEMSAN_BUILD")
   set(CXXLIBS_FOR_MEMORY_SANITIZER cxx cxxabi)
 endif()
 
+# Contant time memory checks with CTGRIND (requires clang and -DMEMSAN)
+if(CTSAN)
+if (NOT MEMSAN)
+message(FATAL_ERROR "Constant time sanitizer requires -DMEMSAN")
+endif()
+
+if (NOT CMAKE_C_COMPILER_ID MATCHES "Clang")
+message(FATAL_ERROR "Constant time sanitizer requires Clang")
+endif()
+
+string(APPEND EXTRA_CXX_FLAGS " -DPQC_USE_CTSANITIZER")
+endif()
+
+# Contant time memory checks with CTGRIND (requires valgrind)
+if (CTGRIND)
+if (MEMSAN OR CTSAN)
+message(FATAL_ERROR "Can't use memory sanitizer (MEMSAN) and CTGRIND")
+endif()
+string(APPEND EXTRA_CXX_FLAGS " -DPQC_USE_CTGRIND")
+endif()
+
 set(CMAKE_VERBOSE_MAKEFILE ON)
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "~/.cmake/Modules")
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "3rd/cmake-modules")
@@ -92,13 +118,11 @@ string(APPEND PQC_CMAKE_C_CXX_FLAGS " -Wno-ignored-qualifiers \
   -Wall \
   -Werror \
   -Wextra \
-  -Wpedantic \
   -Wshadow \
   -Wno-variadic-macros \
   -Wunused-result \
   -Wno-unused-command-line-argument \
-  -Wno-undef \
-  ${EXTRA_CXX_FLAGS}")
+  -Wno-undef")
 
 if(CMAKE_COMPILER_IS_GNUCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER 11.0)
 string(APPEND PQC_CMAKE_C_CXX_FLAGS " -Wno-stringop-overread \
@@ -149,7 +173,7 @@ FetchContent_Declare(
   cpu_features
   SOURCE_DIR     ${PROJECT_SOURCE_DIR}/3rd/cpu_features
   GIT_REPOSITORY https://github.com/kriskwiatkowski/cpu_features.git
-  GIT_TAG        892991f352591e9bca6ec72936836650bde90802
+  GIT_TAG        38f4324533390b09079a38b524be8b178be8e435
 )
 FetchContent_Populate(cpu_features)
 
@@ -158,14 +182,15 @@ if(PQC_WEAK_RANDOMBYTES)
 endif()
 
 # Build CPU features
-set(CMAKE_C_FLAGS ${EXTRA_CXX_FLAGS})
-set(CMAKE_CXX_FLAGS ${EXTRA_CXX_FLAGS})
+set(CMAKE_C_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
+set(CMAKE_CXX_FLAGS "$${PQC_CMAKE_C_CXX_FLAGS} {EXTRA_CXX_FLAGS}")
 set(BUILD_PIC ON CACHE BOOL "")
 add_subdirectory(3rd/cpu_features)
 
 # PQC library
 
 # Set C, CXX, and LD flags
+string(APPEND PQC_CMAKE_C_CXX_FLAGS " -Wpedantic")
 set(CMAKE_C_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
 set(CMAKE_CXX_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
 string(APPEND LDFLAGS "${EXTRA_LDFLAGS}")
@@ -334,7 +359,7 @@ target_link_libraries(
 )
 
 SET(UT_SRC test/ut.cpp)
-if(MEMSAN)
+if(CTGRIND OR CTSAN)
 SET(UT_SRC ${UT_SRC} test/ct.cpp)
 endif()
 

src/common/ct_check.h

@@ -0,0 +1,49 @@
+#ifndef CT_CHECK_H
+#define CT_CHECK_H
+
+// Uses Clang's Memory Sanitizer
+#if defined(PQC_USE_CTSANITIZER)
+#if defined(__clang__) && defined(__has_feature) && __has_feature(memory_sanitizer)
+#include <sanitizer/msan_interface.h>
+// Set sz bytes of memory starting at x as uninitialized. Switches on
+// constat time checks.
+#define CT_DYE(x,sz) __msan_allocated_memory(x,sz)
+// Set sz bytes of memory starting at x as initialized. Switches off
+// constat time checks.
+#define CT_PURIFY(x, sz) __msan_unpoison(x, sz)
+// This macro is useful for testing. It instructs memory sanitizer
+// that code expects to do reads from unintialized memory.
+#define CT_EXPECT_UMR() __msan_set_expect_umr(1)
+// This macro works in tandem with CT_EXPECT_UMR. It checks if
+// unintialized memory read has occured, if not, it will report
+// an error. In current version, code needs to be compiled
+// with `-mllvm -msan-keep-going=1` flags in order to work
+// correctly (otherwise, runtime will be stopped between
+// macros with message "Existing").
+#define CT_REQUIRE_UMR() __msan_set_expect_umr(0)
+#else
+#error("Clang is required to use CT_SANITIZER.")
+#endif
+// Uses Valgrind's Memcheck (aka ctgrind)
+#elif defined(PQC_USE_CTGRIND)
+#include <valgrind/valgrind.h>
+#include <valgrind/memcheck.h>
+// Set sz bytes of memory starting at x as uninitialized. Switches on
+// constat time checks.
+#define CT_DYE(p,sz) VALGRIND_MAKE_MEM_UNDEFINED(p,sz)
+// Set sz bytes of memory starting at x as initialized. Switches off
+// constat time checks.
+#define CT_PURIFY(p,sz) VALGRIND_MAKE_MEM_DEFINED(p,sz)
+// Not supported in Valgrind
+#define CT_EXPECT_UMR()
+// Not supported in Valgrind
+#define CT_REQUIRE_UMR()
+
+#elif // no ct-checks
+#define CT_DYE(x,sz)
+#define CT_PURIFY(x, sz)
+#define CT_EXPECT_UMR()
+#define CT_REQUIRE_UMR()
+#endif // defined(__clang__) && defined(__has_feature) && __has_feature(memory_sanitizer)
+
+#endif // CT_CHECK_H

test/ct.cpp

@@ -1,23 +1,70 @@
-#include <algorithm>
-#include <vector>
+// Those tests work only with Clang and Memory Sanitizer
+
 #include <gtest/gtest.h>
-#include <pqc/pqc.h>
+#include <common/ct_check.h>
+#include <stdio.h>
+// tests from https://github.com/agl/ctgrind/blob/master/test.c
+
+void nothing(void) {
+  printf("exiting...");
+}
+
+TEST(ConstantTime, CtGrind_Negative) {
+    unsigned char a[16], b[16];
+    unsigned i;
+    memset(a, 42, 16);
+    memset(b, 42, 16);
+
+    CT_DYE(a, 16);
+    for (i = 0; i < 16; i++) {
+        CT_EXPECT_UMR();
+        if (a[i] != b[i]) {
+            break;
+        }
+        CT_REQUIRE_UMR();
+    }
+
+    CT_PURIFY(a, 16);
+    // Ensure buffers are not optimized-out
+    ASSERT_EQ(a[0], b[0]);
+}
+
+TEST(ConstantTime, CtGrind_Positive_NoAccess) {
+    unsigned i;
+    char result = 0;
+    unsigned char a[16], b[16];
+    memset(a, 42, sizeof(a));
+    memset(b, 42, sizeof(b));
+
+    CT_DYE(a, 16);
+
+    for (i = 0; i < 16; i++) {
+        result |= a[i] ^ b[i];
+    }
+    CT_PURIFY(a, 16);
+
+    // Purify result, to allow check that otherwise
+    // would be not constant-time.
+    CT_PURIFY(&result, 1);
+    ASSERT_EQ(result, 0);
+}
+
+
+TEST(ConstantTime, CtGrind_Negative_UseSecretAsIndex) {
+    static const unsigned char tab[2] = {1, 0};
+    unsigned char a[16];
+    unsigned char result;
+    memset(a, 42, sizeof(a));
 
-// #ifdef VALGRIND
-// #include <valgrind/valgrind.h>
-// #include <valgrind/memcheck.h>
-// #define POISON(p,sz) VALGRIND_MAKE_MEM_UNDEFINED(p,sz)
-// #endif
+    CT_DYE(a, 16);
 
-#ifdef PQC_MEMSAN
-#include <sanitizer/msan_interface.h>
-#define POISON(p,sz) __msan_poison(p,sz)
-#endif
+    CT_EXPECT_UMR();
+    result = tab[a[0] & 1];
+    CT_REQUIRE_UMR();
 
+    CT_PURIFY(a, 16);
 
-TEST(ConstantTime, Poisonner_Basic) {
-	unsigned char x[8] = {0};
-//gi	POISON(x, 4);
-	if(x[5]) x[6] = x[5];
-	//UNPOISON(x, 4);
+    // Ensure variables are not optimized-out
+    CT_PURIFY(&result, 1);
+    ASSERT_EQ(result, 1);
 }