[TEST] Valgrind constant-time tests #407
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds extensive constant-time tests for a large set of compilers and compilation flags. It also makes use of the KyberSlash valgrind patch allowing detection of secret-dependent divisions (none were found in our code). The approach works as follows: We mark all output of randombytes as undefined and let valgrind trace through the program where values are derived from it. It will produce an error if any branches, memory accesses, or divisions depend on these undefined (secret) values. Note that ALL secret values are derived from randomness in one way or another. In places, where variable time code is detected we carefully check whether that leakage is safe or not and add appropriate declassifications (through MLD_CT_TESTING_DECLASSIFY). Comments are added explaining the rationale for the declassification. Note that compared to the mlkem-native tests, we omit the --track-origins=yes valgrind flag as it resulted in valgrind errors on AArch64 platforms for some compiler/flag combinations: vex: priv/host_arm64_defs.c:2832 (genSpill_ARM64): Assertion `offsetB < 4096' failed. Removing the flag works around this. This has no impact on the soundness of the tests - the flag merely helps tracking down were secret values originate from. Signed-off-by: Matthias J. Kannwischer <[email protected]>
mkannwischer
force-pushed
the
valgrind-ct-tst
branch
from
dc824c3 to
ae43423
Compare
Signed-off-by: Matthias J. Kannwischer <[email protected]>
mkannwischer
force-pushed
the
valgrind-ct-tst
branch
from
ae43423 to
cc39abb
Compare
Signed-off-by: Matthias J. Kannwischer <[email protected]>
mkannwischer
force-pushed
the
valgrind-ct-tst
branch
from
a195fb0 to
5cb2ea9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.