diff options
author | Niels Möller <nisse@lysator.liu.se> | 2023-04-12 09:47:48 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2023-04-12 09:47:48 +0200 |
commit | 0a2924e5489897cfeba9a8ec8f1293df32ced093 (patch) | |
tree | 427aef0fcf5b2cd71f35162c2f60234401fd4f71 | |
parent | f3685815cdaeabc8b10a56b79d07734933814f3b (diff) | |
download | nettle-ghash-sidechannel-silent.tar.gz |
Add valgrind annotations to ghash tests.ghash-sidechannel-silent
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | testsuite/gcm-test.c | 15 |
2 files changed, 21 insertions, 0 deletions
@@ -1,3 +1,9 @@ +2023-04-12 Niels Möller <nisse@lysator.liu.se> + + * testsuite/gcm-test.c (test_ghash_internal): Add valgrind + annotations, to verify that the ghash makes no data-dependent + branches or memory accesses. + 2023-04-08 Niels Möller <nisse@lysator.liu.se> * examples/nettle-benchmark.c (bench_ghash_update): New function. diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c index d70cdd1e..bc555d60 100644 --- a/testsuite/gcm-test.c +++ b/testsuite/gcm-test.c @@ -6,6 +6,13 @@ #include "gcm.h" #include "ghash-internal.h" +#if HAVE_VALGRIND_MEMCHECK_H +# include <valgrind/memcheck.h> +#else +# define VALGRIND_MAKE_MEM_UNDEFINED(p, n) +# define VALGRIND_MAKE_MEM_DEFINED(p, n) +#endif + static void test_gcm_hash (const struct tstring *msg, const struct tstring *ref) { @@ -42,11 +49,19 @@ test_ghash_internal (const struct tstring *key, struct gcm_key gcm_key; union nettle_block16 state; + /* Use VALGRIND_MAKE_MEM_DEFINED to mark inputs as "undefined", to + get valgrind to warn about any branches or memory accesses + depending on secret data. */ memcpy (state.b, key->data, GCM_BLOCK_SIZE); + VALGRIND_MAKE_MEM_UNDEFINED (&state, sizeof(state)); _ghash_set_key (&gcm_key, &state); memcpy (state.b, iv->data, GCM_BLOCK_SIZE); + VALGRIND_MAKE_MEM_UNDEFINED (&state, sizeof(state)); + VALGRIND_MAKE_MEM_UNDEFINED (message->data, message->length); _ghash_update (&gcm_key, &state, message->length / GCM_BLOCK_SIZE, message->data); + VALGRIND_MAKE_MEM_DEFINED (&state, sizeof(state)); + VALGRIND_MAKE_MEM_DEFINED (message->data, message->length); if (!MEMEQ(GCM_BLOCK_SIZE, state.b, digest->data)) { fprintf (stderr, "gcm_hash (internal) failed\n"); |