Test CT sanitizer and CTGRIND functionality
这个提交包含在:
父节点
e4eff10297
当前提交
caa97d8dfb
2
.github/workflows/main.yml
vendored
2
.github/workflows/main.yml
vendored
@ -97,7 +97,7 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
mkdir -p build
|
mkdir -p build
|
||||||
cd build
|
cd build
|
||||||
CC=clang CXX=clang++ cmake -DCMAKE_BUILD_TYPE=Release -DMEMSAN=1 ..
|
CC=clang CXX=clang++ cmake -DCMAKE_BUILD_TYPE=Release -DMEMSAN=1 -DCTSAN=1 ..
|
||||||
make
|
make
|
||||||
- name: run tests
|
- name: run tests
|
||||||
run: |
|
run: |
|
||||||
|
@ -38,10 +38,36 @@ if(MEMSAN)
|
|||||||
set(CMAKE_ARGS_MEMCHECK_LIB "-stdlib=libc++")
|
set(CMAKE_ARGS_MEMCHECK_LIB "-stdlib=libc++")
|
||||||
set(CMAKE_ARGS_MEMCHECK_INC "-isystem -I${LLVM_PRJ_INC} -I${LLVM_PRJ_INC}/c++/v1")
|
set(CMAKE_ARGS_MEMCHECK_INC "-isystem -I${LLVM_PRJ_INC} -I${LLVM_PRJ_INC}/c++/v1")
|
||||||
set(CMAKE_ARGS_MEMCHECK_FLAGS "-fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -Wno-unused-command-line-argument")
|
set(CMAKE_ARGS_MEMCHECK_FLAGS "-fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -Wno-unused-command-line-argument")
|
||||||
|
# Enablin "keep-going" flag alows two things:
|
||||||
|
# 1. Enables CT_EXPECT_UMR()/CT_REQUIRE_UMR() in tests. For some reason MSan will halt
|
||||||
|
# on error even if it expects UMR. And hence, CT can't be tested. This is probably a bug.
|
||||||
|
# 2. reports all the errors from the run, not only the first one (don't fail-fast)
|
||||||
|
string(APPEND CMAKE_ARGS_MEMCHECK_FLAGS " -mllvm -msan-keep-going=1")
|
||||||
set(EXTRA_CXX_FLAGS "${CMAKE_ARGS_MEMCHECK_FLAGS} ${CMAKE_ARGS_MEMCHECK_LIB} ${CMAKE_ARGS_MEMCHECK_INC} -DPQC_MEMSAN_BUILD")
|
set(EXTRA_CXX_FLAGS "${CMAKE_ARGS_MEMCHECK_FLAGS} ${CMAKE_ARGS_MEMCHECK_LIB} ${CMAKE_ARGS_MEMCHECK_INC} -DPQC_MEMSAN_BUILD")
|
||||||
set(CXXLIBS_FOR_MEMORY_SANITIZER cxx cxxabi)
|
set(CXXLIBS_FOR_MEMORY_SANITIZER cxx cxxabi)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
# Contant time memory checks with CTGRIND (requires clang and -DMEMSAN)
|
||||||
|
if(CTSAN)
|
||||||
|
if (NOT MEMSAN)
|
||||||
|
message(FATAL_ERROR "Constant time sanitizer requires -DMEMSAN")
|
||||||
|
endif()
|
||||||
|
|
||||||
|
if (NOT CMAKE_C_COMPILER_ID MATCHES "Clang")
|
||||||
|
message(FATAL_ERROR "Constant time sanitizer requires Clang")
|
||||||
|
endif()
|
||||||
|
|
||||||
|
string(APPEND EXTRA_CXX_FLAGS " -DPQC_USE_CTSANITIZER")
|
||||||
|
endif()
|
||||||
|
|
||||||
|
# Contant time memory checks with CTGRIND (requires valgrind)
|
||||||
|
if (CTGRIND)
|
||||||
|
if (MEMSAN OR CTSAN)
|
||||||
|
message(FATAL_ERROR "Can't use memory sanitizer (MEMSAN) and CTGRIND")
|
||||||
|
endif()
|
||||||
|
string(APPEND EXTRA_CXX_FLAGS " -DPQC_USE_CTGRIND")
|
||||||
|
endif()
|
||||||
|
|
||||||
set(CMAKE_VERBOSE_MAKEFILE ON)
|
set(CMAKE_VERBOSE_MAKEFILE ON)
|
||||||
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "~/.cmake/Modules")
|
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "~/.cmake/Modules")
|
||||||
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "3rd/cmake-modules")
|
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "3rd/cmake-modules")
|
||||||
@ -92,13 +118,11 @@ string(APPEND PQC_CMAKE_C_CXX_FLAGS " -Wno-ignored-qualifiers \
|
|||||||
-Wall \
|
-Wall \
|
||||||
-Werror \
|
-Werror \
|
||||||
-Wextra \
|
-Wextra \
|
||||||
-Wpedantic \
|
|
||||||
-Wshadow \
|
-Wshadow \
|
||||||
-Wno-variadic-macros \
|
-Wno-variadic-macros \
|
||||||
-Wunused-result \
|
-Wunused-result \
|
||||||
-Wno-unused-command-line-argument \
|
-Wno-unused-command-line-argument \
|
||||||
-Wno-undef \
|
-Wno-undef")
|
||||||
${EXTRA_CXX_FLAGS}")
|
|
||||||
|
|
||||||
if(CMAKE_COMPILER_IS_GNUCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER 11.0)
|
if(CMAKE_COMPILER_IS_GNUCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER 11.0)
|
||||||
string(APPEND PQC_CMAKE_C_CXX_FLAGS " -Wno-stringop-overread \
|
string(APPEND PQC_CMAKE_C_CXX_FLAGS " -Wno-stringop-overread \
|
||||||
@ -149,7 +173,7 @@ FetchContent_Declare(
|
|||||||
cpu_features
|
cpu_features
|
||||||
SOURCE_DIR ${PROJECT_SOURCE_DIR}/3rd/cpu_features
|
SOURCE_DIR ${PROJECT_SOURCE_DIR}/3rd/cpu_features
|
||||||
GIT_REPOSITORY https://github.com/kriskwiatkowski/cpu_features.git
|
GIT_REPOSITORY https://github.com/kriskwiatkowski/cpu_features.git
|
||||||
GIT_TAG 892991f352591e9bca6ec72936836650bde90802
|
GIT_TAG 38f4324533390b09079a38b524be8b178be8e435
|
||||||
)
|
)
|
||||||
FetchContent_Populate(cpu_features)
|
FetchContent_Populate(cpu_features)
|
||||||
|
|
||||||
@ -158,14 +182,15 @@ if(PQC_WEAK_RANDOMBYTES)
|
|||||||
endif()
|
endif()
|
||||||
|
|
||||||
# Build CPU features
|
# Build CPU features
|
||||||
set(CMAKE_C_FLAGS ${EXTRA_CXX_FLAGS})
|
set(CMAKE_C_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
|
||||||
set(CMAKE_CXX_FLAGS ${EXTRA_CXX_FLAGS})
|
set(CMAKE_CXX_FLAGS "$${PQC_CMAKE_C_CXX_FLAGS} {EXTRA_CXX_FLAGS}")
|
||||||
set(BUILD_PIC ON CACHE BOOL "")
|
set(BUILD_PIC ON CACHE BOOL "")
|
||||||
add_subdirectory(3rd/cpu_features)
|
add_subdirectory(3rd/cpu_features)
|
||||||
|
|
||||||
# PQC library
|
# PQC library
|
||||||
|
|
||||||
# Set C, CXX, and LD flags
|
# Set C, CXX, and LD flags
|
||||||
|
string(APPEND PQC_CMAKE_C_CXX_FLAGS " -Wpedantic")
|
||||||
set(CMAKE_C_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
|
set(CMAKE_C_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
|
||||||
set(CMAKE_CXX_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
|
set(CMAKE_CXX_FLAGS "${PQC_CMAKE_C_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
|
||||||
string(APPEND LDFLAGS "${EXTRA_LDFLAGS}")
|
string(APPEND LDFLAGS "${EXTRA_LDFLAGS}")
|
||||||
@ -334,7 +359,7 @@ target_link_libraries(
|
|||||||
)
|
)
|
||||||
|
|
||||||
SET(UT_SRC test/ut.cpp)
|
SET(UT_SRC test/ut.cpp)
|
||||||
if(MEMSAN)
|
if(CTGRIND OR CTSAN)
|
||||||
SET(UT_SRC ${UT_SRC} test/ct.cpp)
|
SET(UT_SRC ${UT_SRC} test/ct.cpp)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
49
src/common/ct_check.h
普通文件
49
src/common/ct_check.h
普通文件
@ -0,0 +1,49 @@
|
|||||||
|
#ifndef CT_CHECK_H
|
||||||
|
#define CT_CHECK_H
|
||||||
|
|
||||||
|
// Uses Clang's Memory Sanitizer
|
||||||
|
#if defined(PQC_USE_CTSANITIZER)
|
||||||
|
#if defined(__clang__) && defined(__has_feature) && __has_feature(memory_sanitizer)
|
||||||
|
#include <sanitizer/msan_interface.h>
|
||||||
|
// Set sz bytes of memory starting at x as uninitialized. Switches on
|
||||||
|
// constat time checks.
|
||||||
|
#define CT_DYE(x,sz) __msan_allocated_memory(x,sz)
|
||||||
|
// Set sz bytes of memory starting at x as initialized. Switches off
|
||||||
|
// constat time checks.
|
||||||
|
#define CT_PURIFY(x, sz) __msan_unpoison(x, sz)
|
||||||
|
// This macro is useful for testing. It instructs memory sanitizer
|
||||||
|
// that code expects to do reads from unintialized memory.
|
||||||
|
#define CT_EXPECT_UMR() __msan_set_expect_umr(1)
|
||||||
|
// This macro works in tandem with CT_EXPECT_UMR. It checks if
|
||||||
|
// unintialized memory read has occured, if not, it will report
|
||||||
|
// an error. In current version, code needs to be compiled
|
||||||
|
// with `-mllvm -msan-keep-going=1` flags in order to work
|
||||||
|
// correctly (otherwise, runtime will be stopped between
|
||||||
|
// macros with message "Existing").
|
||||||
|
#define CT_REQUIRE_UMR() __msan_set_expect_umr(0)
|
||||||
|
#else
|
||||||
|
#error("Clang is required to use CT_SANITIZER.")
|
||||||
|
#endif
|
||||||
|
// Uses Valgrind's Memcheck (aka ctgrind)
|
||||||
|
#elif defined(PQC_USE_CTGRIND)
|
||||||
|
#include <valgrind/valgrind.h>
|
||||||
|
#include <valgrind/memcheck.h>
|
||||||
|
// Set sz bytes of memory starting at x as uninitialized. Switches on
|
||||||
|
// constat time checks.
|
||||||
|
#define CT_DYE(p,sz) VALGRIND_MAKE_MEM_UNDEFINED(p,sz)
|
||||||
|
// Set sz bytes of memory starting at x as initialized. Switches off
|
||||||
|
// constat time checks.
|
||||||
|
#define CT_PURIFY(p,sz) VALGRIND_MAKE_MEM_DEFINED(p,sz)
|
||||||
|
// Not supported in Valgrind
|
||||||
|
#define CT_EXPECT_UMR()
|
||||||
|
// Not supported in Valgrind
|
||||||
|
#define CT_REQUIRE_UMR()
|
||||||
|
|
||||||
|
#elif // no ct-checks
|
||||||
|
#define CT_DYE(x,sz)
|
||||||
|
#define CT_PURIFY(x, sz)
|
||||||
|
#define CT_EXPECT_UMR()
|
||||||
|
#define CT_REQUIRE_UMR()
|
||||||
|
#endif // defined(__clang__) && defined(__has_feature) && __has_feature(memory_sanitizer)
|
||||||
|
|
||||||
|
#endif // CT_CHECK_H
|
87
test/ct.cpp
87
test/ct.cpp
@ -1,23 +1,70 @@
|
|||||||
#include <algorithm>
|
// Those tests work only with Clang and Memory Sanitizer
|
||||||
#include <vector>
|
|
||||||
#include <gtest/gtest.h>
|
#include <gtest/gtest.h>
|
||||||
#include <pqc/pqc.h>
|
#include <common/ct_check.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
// tests from https://github.com/agl/ctgrind/blob/master/test.c
|
||||||
|
|
||||||
// #ifdef VALGRIND
|
void nothing(void) {
|
||||||
// #include <valgrind/valgrind.h>
|
printf("exiting...");
|
||||||
// #include <valgrind/memcheck.h>
|
}
|
||||||
// #define POISON(p,sz) VALGRIND_MAKE_MEM_UNDEFINED(p,sz)
|
|
||||||
// #endif
|
TEST(ConstantTime, CtGrind_Negative) {
|
||||||
|
unsigned char a[16], b[16];
|
||||||
#ifdef PQC_MEMSAN
|
unsigned i;
|
||||||
#include <sanitizer/msan_interface.h>
|
memset(a, 42, 16);
|
||||||
#define POISON(p,sz) __msan_poison(p,sz)
|
memset(b, 42, 16);
|
||||||
#endif
|
|
||||||
|
CT_DYE(a, 16);
|
||||||
|
for (i = 0; i < 16; i++) {
|
||||||
TEST(ConstantTime, Poisonner_Basic) {
|
CT_EXPECT_UMR();
|
||||||
unsigned char x[8] = {0};
|
if (a[i] != b[i]) {
|
||||||
//gi POISON(x, 4);
|
break;
|
||||||
if(x[5]) x[6] = x[5];
|
}
|
||||||
//UNPOISON(x, 4);
|
CT_REQUIRE_UMR();
|
||||||
|
}
|
||||||
|
|
||||||
|
CT_PURIFY(a, 16);
|
||||||
|
// Ensure buffers are not optimized-out
|
||||||
|
ASSERT_EQ(a[0], b[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST(ConstantTime, CtGrind_Positive_NoAccess) {
|
||||||
|
unsigned i;
|
||||||
|
char result = 0;
|
||||||
|
unsigned char a[16], b[16];
|
||||||
|
memset(a, 42, sizeof(a));
|
||||||
|
memset(b, 42, sizeof(b));
|
||||||
|
|
||||||
|
CT_DYE(a, 16);
|
||||||
|
|
||||||
|
for (i = 0; i < 16; i++) {
|
||||||
|
result |= a[i] ^ b[i];
|
||||||
|
}
|
||||||
|
CT_PURIFY(a, 16);
|
||||||
|
|
||||||
|
// Purify result, to allow check that otherwise
|
||||||
|
// would be not constant-time.
|
||||||
|
CT_PURIFY(&result, 1);
|
||||||
|
ASSERT_EQ(result, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
TEST(ConstantTime, CtGrind_Negative_UseSecretAsIndex) {
|
||||||
|
static const unsigned char tab[2] = {1, 0};
|
||||||
|
unsigned char a[16];
|
||||||
|
unsigned char result;
|
||||||
|
memset(a, 42, sizeof(a));
|
||||||
|
|
||||||
|
CT_DYE(a, 16);
|
||||||
|
|
||||||
|
CT_EXPECT_UMR();
|
||||||
|
result = tab[a[0] & 1];
|
||||||
|
CT_REQUIRE_UMR();
|
||||||
|
|
||||||
|
CT_PURIFY(a, 16);
|
||||||
|
|
||||||
|
// Ensure variables are not optimized-out
|
||||||
|
CT_PURIFY(&result, 1);
|
||||||
|
ASSERT_EQ(result, 1);
|
||||||
}
|
}
|
||||||
|
正在加载...
在新工单中引用
屏蔽一个用户