X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/c2603631178b688a6f8ce5eccd461e74718058d5..1aaccf40b93719fd3df7cc89e023b9bb48b358b6:/base/ct-test.c diff --git a/base/ct-test.c b/base/ct-test.c new file mode 100644 index 00000000..b4cddc62 --- /dev/null +++ b/base/ct-test.c @@ -0,0 +1,79 @@ +/* -*-c-*- + * + * Utilities for verifying constant-time programming + * + * (c) 2017 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software: you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published + * by the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb. If not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +/*----- Header files ------------------------------------------------------*/ + +#include "config.h" + +#include "ct.h" + +#ifdef HAVE_VALGRIND_H +# include +# include +#endif + +/*----- Main code ---------------------------------------------------------*/ + +/* --- @ct_poison@ --- * + * + * Arguments: @const void *p@ = pointer to a secret + * @size_t sz@ = size of the secret + * + * Returns: --- + * + * Use: Ordinarily, does nothing. If the process is running under + * the control of Valgrind's `memcheck' utility, then mark the + * secret as `uninitialized', so that Valgrind warns about + * conditional execution or memory addressing based on the value + * of the secret. + * + * Credit for this idea goes to Adam Langley, who described it + * in https://www.imperialviolet.org/2010/04/01/ctgrind.html, + * though this implementation doesn't require patching Valgrind. + */ + +void ct_poison(const void *p, size_t sz) + { VALGRIND_MAKE_MEM_UNDEFINED(p, sz); } + +/* --- @ct_remedy@ --- * + * + * Arguments: @const void *p@ = pointer to a secret + * @size_t sz@ = size of the secret + * + * Returns: --- + * + * Use: Ordinarily, does nothing. If the process is running under + * the control of Valgrind's `memcheck' utility, then mark the + * secret as `initialized'. This is intended to reverse the + * effect of @ct_poison@ so that a test program can verify + * function outputs wihtout Valgrind warning. + */ + +void ct_remedy(const void *p, size_t sz) + { VALGRIND_MAKE_MEM_DEFINED(p, sz); } + +/*----- That's all, folks -------------------------------------------------*/