From: Niels Möller Date: Wed, 12 Apr 2023 07:47:48 +0000 (+0200) Subject: Add valgrind annotations to ghash tests. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fghash-sidechannel-silent;p=thirdparty%2Fnettle.git Add valgrind annotations to ghash tests. --- diff --git a/ChangeLog b/ChangeLog index 674c3769..410e1d9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2023-04-12 Niels Möller + + * testsuite/gcm-test.c (test_ghash_internal): Add valgrind + annotations, to verify that the ghash makes no data-dependent + branches or memory accesses. + 2023-04-08 Niels Möller * examples/nettle-benchmark.c (bench_ghash_update): New function. diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c index d70cdd1e..bc555d60 100644 --- a/testsuite/gcm-test.c +++ b/testsuite/gcm-test.c @@ -6,6 +6,13 @@ #include "gcm.h" #include "ghash-internal.h" +#if HAVE_VALGRIND_MEMCHECK_H +# include +#else +# define VALGRIND_MAKE_MEM_UNDEFINED(p, n) +# define VALGRIND_MAKE_MEM_DEFINED(p, n) +#endif + static void test_gcm_hash (const struct tstring *msg, const struct tstring *ref) { @@ -42,11 +49,19 @@ test_ghash_internal (const struct tstring *key, struct gcm_key gcm_key; union nettle_block16 state; + /* Use VALGRIND_MAKE_MEM_DEFINED to mark inputs as "undefined", to + get valgrind to warn about any branches or memory accesses + depending on secret data. */ memcpy (state.b, key->data, GCM_BLOCK_SIZE); + VALGRIND_MAKE_MEM_UNDEFINED (&state, sizeof(state)); _ghash_set_key (&gcm_key, &state); memcpy (state.b, iv->data, GCM_BLOCK_SIZE); + VALGRIND_MAKE_MEM_UNDEFINED (&state, sizeof(state)); + VALGRIND_MAKE_MEM_UNDEFINED (message->data, message->length); _ghash_update (&gcm_key, &state, message->length / GCM_BLOCK_SIZE, message->data); + VALGRIND_MAKE_MEM_DEFINED (&state, sizeof(state)); + VALGRIND_MAKE_MEM_DEFINED (message->data, message->length); if (!MEMEQ(GCM_BLOCK_SIZE, state.b, digest->data)) { fprintf (stderr, "gcm_hash (internal) failed\n");