| Manuel Pégourié-Gonnard | 6240def | 2020-07-10 09:35:54 +0200 | [diff] [blame] | 1 | /** |
| 2 | * \file constant_flow.h |
| 3 | * |
| 4 | * \brief This file contains tools to ensure tested code has constant flow. |
| 5 | */ |
| 6 | |
| 7 | /* |
| Dan Handley | 5011814 | 2020-08-20 11:20:12 +0100 | [diff] [blame] | 8 | * Copyright The Mbed TLS Contributors |
| Dave Rodgman | 7ff7965 | 2023-11-03 12:04:52 +0000 | [diff] [blame] | 9 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| Manuel Pégourié-Gonnard | 6240def | 2020-07-10 09:35:54 +0200 | [diff] [blame] | 10 | */ |
| 11 | |
| 12 | #ifndef TEST_CONSTANT_FLOW_H |
| 13 | #define TEST_CONSTANT_FLOW_H |
| 14 | |
| 15 | #if !defined(MBEDTLS_CONFIG_FILE) |
| 16 | #include "mbedtls/config.h" |
| 17 | #else |
| 18 | #include MBEDTLS_CONFIG_FILE |
| 19 | #endif |
| 20 | |
| Manuel Pégourié-Gonnard | 73afa37 | 2020-08-19 10:27:38 +0200 | [diff] [blame] | 21 | /* |
| 22 | * This file defines the two macros |
| 23 | * |
| 24 | * #define TEST_CF_SECRET(ptr, size) |
| 25 | * #define TEST_CF_PUBLIC(ptr, size) |
| 26 | * |
| 27 | * that can be used in tests to mark a memory area as secret (no branch or |
| 28 | * memory access should depend on it) or public (default, only needs to be |
| 29 | * marked explicitly when it was derived from secret data). |
| 30 | * |
| 31 | * Arguments: |
| 32 | * - ptr: a pointer to the memory area to be marked |
| 33 | * - size: the size in bytes of the memory area |
| 34 | * |
| 35 | * Implementation: |
| 36 | * The basic idea is that of ctgrind <https://github.com/agl/ctgrind>: we can |
| 37 | * re-use tools that were designed for checking use of uninitialized memory. |
| 38 | * This file contains two implementations: one based on MemorySanitizer, the |
| 39 | * other on valgrind's memcheck. If none of them is enabled, dummy macros that |
| 40 | * do nothing are defined for convenience. |
| Gilles Peskine | 9603a44 | 2022-11-29 16:01:41 +0100 | [diff] [blame] | 41 | * |
| 42 | * \note #TEST_CF_SECRET must be called directly from within a .function file, |
| 43 | * not indirectly via a macro defined under tests/include or a function |
| 44 | * under tests/src. This is because we only run Valgrind for constant |
| 45 | * flow on test suites that have greppable annotations inside them (see |
| 46 | * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`). |
| Manuel Pégourié-Gonnard | 73afa37 | 2020-08-19 10:27:38 +0200 | [diff] [blame] | 47 | */ |
| 48 | |
| Manuel Pégourié-Gonnard | 6240def | 2020-07-10 09:35:54 +0200 | [diff] [blame] | 49 | #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) |
| 50 | #include <sanitizer/msan_interface.h> |
| 51 | |
| 52 | /* Use macros to avoid messing up with origin tracking */ |
| 53 | #define TEST_CF_SECRET __msan_allocated_memory |
| 54 | // void __msan_allocated_memory(const volatile void* data, size_t size); |
| 55 | #define TEST_CF_PUBLIC __msan_unpoison |
| 56 | // void __msan_unpoison(const volatile void *a, size_t size); |
| 57 | |
| Manuel Pégourié-Gonnard | 73afa37 | 2020-08-19 10:27:38 +0200 | [diff] [blame] | 58 | #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) |
| 59 | #include <valgrind/memcheck.h> |
| 60 | |
| 61 | #define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED |
| 62 | // VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) |
| 63 | #define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED |
| 64 | // VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) |
| 65 | |
| 66 | #else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || |
| 67 | MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ |
| Manuel Pégourié-Gonnard | 6240def | 2020-07-10 09:35:54 +0200 | [diff] [blame] | 68 | |
| 69 | #define TEST_CF_SECRET(ptr, size) |
| 70 | #define TEST_CF_PUBLIC(ptr, size) |
| 71 | |
| Manuel Pégourié-Gonnard | 73afa37 | 2020-08-19 10:27:38 +0200 | [diff] [blame] | 72 | #endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || |
| 73 | MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ |
| Manuel Pégourié-Gonnard | 6240def | 2020-07-10 09:35:54 +0200 | [diff] [blame] | 74 | |
| 75 | #endif /* TEST_CONSTANT_FLOW_H */ |