pqcrypto/test/ct.cpp

// Those tests work only with Clang and Memory Sanitizer

#include <gtest/gtest.h>
#include <common/ct_check.h>
#include <common/utils.h>

TEST(ConstantTime, CtCheck_Negative) {
    unsigned char a[16], b[16];
    unsigned i;
    memset(a, 42, 16);
    memset(b, 42, 16);

    ct_poison(a, 16);
    for (i = 0; i < 16; i++) {
        ct_expect_uum();
        if (a[i] != b[i]) {
            break;
        }
        ct_require_uum();
    }

    ct_purify(a, 16);
    // Ensure buffers are not optimized-out
    ASSERT_EQ(a[0], b[0]);
}

TEST(ConstantTime, CtCheck_Positive_NoAccess) {
    unsigned i;
    char result = 0;
    unsigned char a[16], b[16];
    memset(a, 42, sizeof(a));
    memset(b, 42, sizeof(b));

    ct_poison(a, 16);

    for (i = 0; i < 16; i++) {
        result |= a[i] ^ b[i];
    }
    ct_purify(a, 16);

    // Purify result, to allow check that otherwise
    // would be not constant-time.
    ct_purify(&result, 1);
    ASSERT_EQ(result, 0);
}


TEST(ConstantTime, CtCheck_Negative_UseSecretAsIndex) {
    static const unsigned char tab[2] = {1, 0};
    unsigned char a[16];
    unsigned char result;
    memset(a, 42, sizeof(a));

    ct_poison(a, 16);

    ct_expect_uum();
    result = tab[a[0] & 1];
    ct_require_uum();

    ct_purify(a, 16);

    // Ensure variables are not optimized-out
    ct_purify(&result, 1);
    ASSERT_EQ(result, 1);
}

TEST(ConstantTime, CtCheck_memcmp) {
    unsigned char a[16], b[16];
    memset(a, 42, sizeof(a));
    memset(b, 42, sizeof(b));
    uint8_t ret;

    ct_poison(a, 16);
    ret = ct_memcmp(a,b,16);
    ct_expect_uum();
    // Doesn't matter what we check. It's just to
    // enusre UMR is triggered.
    if (!ret) ASSERT_EQ(ret, 0);
    ct_require_uum();
    ct_purify(&ret, 1);

    b[1] = 0;
    ct_expect_uum();
    ret = ct_memcmp(a,b,16);
    if (ret) ASSERT_EQ(ret,1);
    ct_require_uum();
    ct_purify(&ret, 1);
}

TEST(ConstantTime, CtCheck_memcmp_chained) {
    unsigned char a[16], b[16], c[16], d[16];
    memset(a, 42, sizeof(a));
    memset(b, 42, sizeof(b));
    memset(d, 42, sizeof(b));
    memset(c, 41, sizeof(c));
    uint8_t ret;

    ct_poison(a, 16);

    ct_expect_uum();
    // obviously must generate UMR if first check fails
    // and second is not done
    ret = (ct_memcmp(a,c,16)==0) && (ct_memcmp(a,b,16)==0);
    ct_require_uum();
    ct_purify(&ret, 1);
    ASSERT_EQ(ret,0);

    ct_expect_uum();
    // it's still UMR even if both checks are OK
    ret = (ct_memcmp(a,d,16)==0) && (ct_memcmp(a,b,16)==0);
    ct_require_uum();

    ct_purify(&ret, 1);
    ASSERT_EQ(ret,1);
}
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`// Those tests work only with Clang and Memory Sanitizer`

Build libcxx and libcxxabi with Memory Sanitizer 2021-06-17 08:27:29 +01:00			`#include <gtest/gtest.h>`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`#include <common/ct_check.h>`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`#include <common/utils.h>`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00
change names of some tests 2021-07-10 00:55:39 +01:00			`TEST(ConstantTime, CtCheck_Negative) {`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`unsigned char a[16], b[16];`
			`unsigned i;`
			`memset(a, 42, 16);`
			`memset(b, 42, 16);`

ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_poison(a, 16);`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`for (i = 0; i < 16; i++) {`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_expect_uum();`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`if (a[i] != b[i]) {`
			`break;`
			`}`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_require_uum();`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`}`

ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_purify(a, 16);`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`// Ensure buffers are not optimized-out`
			`ASSERT_EQ(a[0], b[0]);`
			`}`

change names of some tests 2021-07-10 00:55:39 +01:00			`TEST(ConstantTime, CtCheck_Positive_NoAccess) {`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`unsigned i;`
			`char result = 0;`
			`unsigned char a[16], b[16];`
			`memset(a, 42, sizeof(a));`
			`memset(b, 42, sizeof(b));`

ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_poison(a, 16);`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00
			`for (i = 0; i < 16; i++) {`
			`result \|= a[i] ^ b[i];`
			`}`
ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_purify(a, 16);`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00
			`// Purify result, to allow check that otherwise`
			`// would be not constant-time.`
ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_purify(&result, 1);`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`ASSERT_EQ(result, 0);`
			`}`


change names of some tests 2021-07-10 00:55:39 +01:00			`TEST(ConstantTime, CtCheck_Negative_UseSecretAsIndex) {`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`static const unsigned char tab[2] = {1, 0};`
			`unsigned char a[16];`
			`unsigned char result;`
			`memset(a, 42, sizeof(a));`
Build libcxx and libcxxabi with Memory Sanitizer 2021-06-17 08:27:29 +01:00
ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_poison(a, 16);`
Build libcxx and libcxxabi with Memory Sanitizer 2021-06-17 08:27:29 +01:00
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_expect_uum();`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`result = tab[a[0] & 1];`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_require_uum();`
Build libcxx and libcxxabi with Memory Sanitizer 2021-06-17 08:27:29 +01:00
ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_purify(a, 16);`
Build libcxx and libcxxabi with Memory Sanitizer 2021-06-17 08:27:29 +01:00
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`// Ensure variables are not optimized-out`
ct: use inline static instead of macros 2021-06-28 23:43:55 +01:00			`ct_purify(&result, 1);`
Test CT sanitizer and CTGRIND functionality 2021-06-25 09:05:54 +01:00			`ASSERT_EQ(result, 1);`
Build libcxx and libcxxabi with Memory Sanitizer 2021-06-17 08:27:29 +01:00			`}`
backport some changes from ct study 2021-07-10 00:33:09 +01:00
			`TEST(ConstantTime, CtCheck_memcmp) {`
			`unsigned char a[16], b[16];`
			`memset(a, 42, sizeof(a));`
			`memset(b, 42, sizeof(b));`
			`uint8_t ret;`

			`ct_poison(a, 16);`
			`ret = ct_memcmp(a,b,16);`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_expect_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`// Doesn't matter what we check. It's just to`
			`// enusre UMR is triggered.`
			`if (!ret) ASSERT_EQ(ret, 0);`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_require_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`ct_purify(&ret, 1);`

			`b[1] = 0;`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_expect_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`ret = ct_memcmp(a,b,16);`
			`if (ret) ASSERT_EQ(ret,1);`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_require_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`ct_purify(&ret, 1);`
			`}`

			`TEST(ConstantTime, CtCheck_memcmp_chained) {`
			`unsigned char a[16], b[16], c[16], d[16];`
			`memset(a, 42, sizeof(a));`
			`memset(b, 42, sizeof(b));`
			`memset(d, 42, sizeof(b));`
			`memset(c, 41, sizeof(c));`
			`uint8_t ret;`

			`ct_poison(a, 16);`

ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_expect_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`// obviously must generate UMR if first check fails`
			`// and second is not done`
			`ret = (ct_memcmp(a,c,16)==0) && (ct_memcmp(a,b,16)==0);`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_require_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`ct_purify(&ret, 1);`
			`ASSERT_EQ(ret,0);`

ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_expect_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00			`// it's still UMR even if both checks are OK`
			`ret = (ct_memcmp(a,d,16)==0) && (ct_memcmp(a,b,16)==0);`
ct_expect/require_umr -> ct_expect/require_uum 2021-07-16 10:57:34 +01:00			`ct_require_uum();`
backport some changes from ct study 2021-07-10 00:33:09 +01:00
			`ct_purify(&ret, 1);`
			`ASSERT_EQ(ret,1);`
			`}`