Start verifying that code which should be constant-time really is.

[catacomb] / base / ct-test.c

diff --git a/base/ct-test.c b/base/ct-test.c
new file mode 100644 (file)
index 0000000..b4cddc6
--- /dev/null
+++ b/base/ct-test.c
@@ -0,0 +1,79 @@
+/* -*-c-*-
+ *
+ * Utilities for verifying constant-time programming
+ *
+ * (c) 2017 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Library General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb.  If not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include "config.h"
+
+#include "ct.h"
+
+#ifdef HAVE_VALGRIND_H
+#  include <valgrind/valgrind.h>
+#  include <valgrind/memcheck.h>
+#endif
+
+/*----- Main code ---------------------------------------------------------*/
+
+/* --- @ct_poison@ --- *
+ *
+ * Arguments:  @const void *p@ = pointer to a secret
+ *             @size_t sz@ = size of the secret
+ *
+ * Returns:    ---
+ *
+ * Use:                Ordinarily, does nothing.  If the process is running under
+ *             the control of Valgrind's `memcheck' utility, then mark the
+ *             secret as `uninitialized', so that Valgrind warns about
+ *             conditional execution or memory addressing based on the value
+ *             of the secret.
+ *
+ *             Credit for this idea goes to Adam Langley, who described it
+ *             in https://www.imperialviolet.org/2010/04/01/ctgrind.html,
+ *             though this implementation doesn't require patching Valgrind.
+ */
+
+void ct_poison(const void *p, size_t sz)
+  { VALGRIND_MAKE_MEM_UNDEFINED(p, sz); }
+
+/* --- @ct_remedy@ --- *
+ *
+ * Arguments:  @const void *p@ = pointer to a secret
+ *             @size_t sz@ = size of the secret
+ *
+ * Returns:    ---
+ *
+ * Use:                Ordinarily, does nothing.  If the process is running under
+ *             the control of Valgrind's `memcheck' utility, then mark the
+ *             secret as `initialized'.  This is intended to reverse the
+ *             effect of @ct_poison@ so that a test program can verify
+ *             function outputs wihtout Valgrind warning.
+ */
+
+void ct_remedy(const void *p, size_t sz)
+  { VALGRIND_MAKE_MEM_DEFINED(p, sz); }
+
+/*----- That's all, folks -------------------------------------------------*/