From: Niels Möller <nisse@lysator.liu.se>
Date: Tue, 10 Feb 2026 19:01:34 +0000 (+0100)
Subject: Add test for sntrup761 side-channel silence.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fsntrup761;p=thirdparty%2Fnettle.git

Add test for sntrup761 side-channel silence.
---

diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index 3281862b..3cee9c6b 100644
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -73,7 +73,7 @@ TARGETS = $(TS_C) $(TS_CXX)
 TS_SC_HOGWEED = sc-pkcs1-sec-decrypt-test sc-rsa-sec-decrypt-test \
 	sc-rsa-oaep-encrypt-test \
 	sc-ecdsa-sign-test sc-curve25519-dh-test sc-curve448-dh-test \
-	sc-ed25519-test sc-ed448-test
+	sc-ed25519-test sc-ed448-test sc-sntrup761-test
 
 TS_SC_NETTLE = sc-cnd-memcpy-test sc-gcm-test sc-memeql-test sc-slh-dsa-test
 TS_SC = @IF_VALGRIND@ $(TS_SC_NETTLE) @IF_HOGWEED@ $(TS_SC_HOGWEED)
diff --git a/testsuite/sc-sntrup761-test b/testsuite/sc-sntrup761-test
new file mode 100755
index 00000000..374f67a9
--- /dev/null
+++ b/testsuite/sc-sntrup761-test
@@ -0,0 +1,6 @@
+#! /bin/sh
+
+srcdir=`dirname $0`
+. "${srcdir}/sc-valgrind.sh"
+
+with_valgrind ./sntrup761-test
diff --git a/testsuite/sntrup761-test.c b/testsuite/sntrup761-test.c
index 4f9545f3..97a317a6 100644
--- a/testsuite/sntrup761-test.c
+++ b/testsuite/sntrup761-test.c
@@ -35,9 +35,15 @@
 
 #include "drbg-ctr.h"
 
+static void
+random_undefined (struct drbg_ctr_aes256_ctx *ctx, size_t size, uint8_t *dst)
+{
+  drbg_ctr_aes256_random (ctx, size, dst);
+  mark_bytes_undefined (size, dst);
+}
+
 static void
 test_sntrup (struct drbg_ctr_aes256_ctx *rngctx,
-	     nettle_random_func * rngfun,
 	     const uint8_t * xpk, const uint8_t * xsk,
 	     const uint8_t * xct, const uint8_t * xk)
 {
@@ -47,7 +53,7 @@ test_sntrup (struct drbg_ctr_aes256_ctx *rngctx,
   uint8_t k1[SNTRUP761_SIZE];
   uint8_t k2[SNTRUP761_SIZE];
 
-  sntrup761_keypair (pk, sk, rngctx, rngfun);
+  sntrup761_keypair (pk, sk, rngctx, (nettle_random_func *) drbg_ctr_aes256_random);
 
   if (!MEMEQ (SNTRUP761_PUBLICKEY_SIZE, pk, xpk)
       || !MEMEQ (SNTRUP761_SECRETKEY_SIZE, sk, xsk))
@@ -59,8 +65,9 @@ test_sntrup (struct drbg_ctr_aes256_ctx *rngctx,
       abort ();
     }
 
-  sntrup761_enc (ct, k1, pk, rngctx, rngfun);
-
+  sntrup761_enc (ct, k1, pk, rngctx, (nettle_random_func *) random_undefined);
+  mark_bytes_defined (sizeof (ct), ct);
+  mark_bytes_defined (sizeof (k1), k1);
   if (!MEMEQ (SNTRUP761_CIPHERTEXT_SIZE, ct, xct)
       || !MEMEQ (SNTRUP761_SIZE, k1, xk))
     {
@@ -70,8 +77,9 @@ test_sntrup (struct drbg_ctr_aes256_ctx *rngctx,
       print_hex (sizeof k1, k1);
       abort ();
     }
-
+  mark_bytes_undefined (sizeof (sk), sk);
   sntrup761_dec (k2, ct, sk);
+  mark_bytes_defined (sizeof (k2), k2);
 
   if (!MEMEQ (SNTRUP761_SIZE, k2, xk))
     {
@@ -97,7 +105,7 @@ test_main (void)
   drbg_ctr_aes256_init (&rng,
 			H ("061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479"
 			   "D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1"));
-  test_sntrup (&rng, (nettle_random_func *) drbg_ctr_aes256_random,
+  test_sntrup (&rng,
 	       H ("36C969CF1008A6AA9551A784941C65A9BF68C2DC33FA36B5"
 		  "D266B25171B346679F2D22BF3123A79C790D6DEC68E1BC44"
 		  "420A6824F5357C78E3C336FEE0551E620DCB975F563682A3"
@@ -271,7 +279,7 @@ test_main (void)
   drbg_ctr_aes256_init (&rng,
 			H ("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55"
 			   "B22E75BF57BB556AC81ADDE6AEEB4A5A875C3BFCADFA958F"));
-  test_sntrup (&rng, (nettle_random_func *) drbg_ctr_aes256_random,
+  test_sntrup (&rng,
 	       H ("D2530F125EE5F208B1976A66BCBC917161F6929E636BA8C7"
 		  "3470DE18065F6057528D718744E9248DFFF6BB55C188CEAC"
 		  "B9419863C3C456B46A21354834ADA6B2132C67747C9EE70D"