Merge pull request #767 from pq-code-package/ct_macro

Rename ENABLE_CT_TESTING -> MLK_CT_TESTING_ENABLED

Author: hanno-becker

.github/actions/ct-test/action.yml

@@ -39,4 +39,4 @@ runs:
       - shell: ${{ env.SHELL }}
         run: |
           make clean
-          tests func --exec-wrapper="valgrind --error-exitcode=1 --track-origins=yes ${{ inputs.valgrind_flags }}" --cflags="-DENABLE_CT_TESTING -DNTESTS=50 ${{ inputs.cflags }}"
+          tests func --exec-wrapper="valgrind --error-exitcode=1 --track-origins=yes ${{ inputs.valgrind_flags }}" --cflags="-DMLK_CT_TESTING_ENABLED -DNTESTS=50 ${{ inputs.cflags }}"

examples/monolithic_build/mlkem_native_monobuild.c

@@ -284,6 +284,8 @@
 #undef MLK_ALIGN
 #undef MLK_ALWAYS_INLINE
 #undef MLK_CET_ENDBR
+#undef MLK_CT_TESTING_DECLASSIFY
+#undef MLK_CT_TESTING_SECRET
 #undef MLK_DEFAULT_ALIGN
 #undef MLK_INLINE
 #undef MLK_RESTRICT

mlkem/indcpa.c

@@ -16,10 +16,6 @@
 #include "sampling.h"
 #include "symmetric.h"
 
-#ifdef ENABLE_CT_TESTING
-#include <valgrind/memcheck.h>
-#endif
-
 /* Static namespacing
  * This is to facilitate building multiple instances
  * of mlkem-native (e.g. with varying security levels)
@@ -302,16 +298,13 @@ void indcpa_keypair_derand(uint8_t pk[MLKEM_INDCPA_PUBLICKEYBYTES],
 
   hash_g(buf, coins_with_domain_separator, MLKEM_SYMBYTES + 1);
 
-
-#ifdef ENABLE_CT_TESTING
   /*
    * Declassify the public seed.
    * Required to use it in conditional-branches in rejection sampling.
    * This is needed because all output of randombytes is marked as secret
    * (=undefined)
    */
-  VALGRIND_MAKE_MEM_DEFINED(publicseed, MLKEM_SYMBYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(publicseed, MLKEM_SYMBYTES);
 
   gen_matrix(a, publicseed, 0 /* no transpose */);
 
@@ -367,16 +360,13 @@ void indcpa_enc(uint8_t c[MLKEM_INDCPA_BYTES],
   unpack_pk(&pkpv, seed, pk);
   poly_frommsg(&k, m);
 
-
-#ifdef ENABLE_CT_TESTING
   /*
    * Declassify the public seed.
    * Required to use it in conditional-branches in rejection sampling.
    * This is needed because in re-encryption the publicseed originated from sk
    * which is marked undefined.
    */
-  VALGRIND_MAKE_MEM_DEFINED(seed, MLKEM_SYMBYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(seed, MLKEM_SYMBYTES);
 
   gen_matrix(at, seed, 1 /* transpose */);
 

mlkem/kem.c

@@ -12,10 +12,6 @@
 #include "symmetric.h"
 #include "verify.h"
 
-#ifdef ENABLE_CT_TESTING
-#include <valgrind/memcheck.h>
-#endif
-
 /* Static namespacing
  * This is to facilitate building multiple instances
  * of mlkem-native (e.g. with varying security levels)
@@ -84,13 +80,11 @@ static int check_sk(const uint8_t sk[MLKEM_INDCCA_SECRETKEYBYTES])
    * of this function.
    */
 
-#ifdef ENABLE_CT_TESTING
   /* Declassify the public part of the secret key */
-  VALGRIND_MAKE_MEM_DEFINED(sk + MLKEM_INDCPA_SECRETKEYBYTES,
+  MLK_CT_TESTING_DECLASSIFY(sk + MLKEM_INDCPA_SECRETKEYBYTES,
                             MLKEM_INDCCA_PUBLICKEYBYTES);
-  VALGRIND_MAKE_MEM_DEFINED(
+  MLK_CT_TESTING_DECLASSIFY(
       sk + MLKEM_INDCCA_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, MLKEM_SYMBYTES);
-#endif
 
   hash_h(test, sk + MLKEM_INDCPA_SECRETKEYBYTES, MLKEM_INDCCA_PUBLICKEYBYTES);
   if (memcmp(sk + MLKEM_INDCCA_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, test,

mlkem/sys.h

@@ -135,4 +135,21 @@
 #endif
 #endif
 
+#if defined(MLK_CT_TESTING_ENABLED) && !defined(__ASSEMBLER__)
+#include <valgrind/memcheck.h>
+#define MLK_CT_TESTING_SECRET(ptr, len) \
+  VALGRIND_MAKE_MEM_UNDEFINED((ptr), (len))
+#define MLK_CT_TESTING_DECLASSIFY(ptr, len) \
+  VALGRIND_MAKE_MEM_DEFINED((ptr), (len))
+#else
+#define MLK_CT_TESTING_SECRET(ptr, len) \
+  do                                    \
+  {                                     \
+  } while (0)
+#define MLK_CT_TESTING_DECLASSIFY(ptr, len) \
+  do                                        \
+  {                                         \
+  } while (0)
+#endif /* MLK_CT_TESTING_ENABLED */
+
 #endif /* MLK_SYS_H */

test/notrandombytes/notrandombytes.c

@@ -16,9 +16,7 @@
 #include <stdint.h>
 #include <string.h>
 
-#ifdef ENABLE_CT_TESTING
-#include <valgrind/memcheck.h>
-#endif
+#include "../../mlkem/sys.h"
 
 static uint32_t seed[32] = {3, 1, 4, 1, 5, 9, 2, 6, 5, 3, 5, 8, 9, 7, 9, 3,
                             2, 3, 8, 4, 6, 2, 6, 4, 3, 3, 8, 3, 2, 7, 9, 5};
@@ -81,7 +79,7 @@ static void surf(void)
 
 void randombytes(uint8_t *buf, size_t n)
 {
-#ifdef ENABLE_CT_TESTING
+#ifdef MLK_CT_TESTING_ENABLED
   uint8_t *buf_orig = buf;
   size_t n_orig = n;
 #endif
@@ -108,11 +106,9 @@ void randombytes(uint8_t *buf, size_t n)
     --n;
   }
 
-#ifdef ENABLE_CT_TESTING
   /*
    * Mark all randombytes output as secret (undefined).
    * Valgrind will propagate this to everything derived from it.
    */
-  VALGRIND_MAKE_MEM_UNDEFINED(buf_orig, n_orig);
-#endif
+  MLK_CT_TESTING_SECRET(buf_orig, n_orig);
 }

test/test_mlkem.c

@@ -10,10 +10,6 @@
 
 #include "notrandombytes/notrandombytes.h"
 
-#ifdef ENABLE_CT_TESTING
-#include <valgrind/memcheck.h>
-#endif
-
 #ifndef NTESTS
 #define NTESTS 1000
 #endif
@@ -29,22 +25,18 @@ static int test_keys(void)
   /* Alice generates a public key */
   crypto_kem_keypair(pk, sk);
 
-#ifdef ENABLE_CT_TESTING
   /* mark public key as public (=defined) */
-  VALGRIND_MAKE_MEM_DEFINED(pk, CRYPTO_PUBLICKEYBYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES);
 
   /* Bob derives a secret key and creates a response */
   crypto_kem_enc(ct, key_b, pk);
 
   /* Alice uses Bobs response to get her shared key */
   crypto_kem_dec(key_a, ct, sk);
 
-#ifdef ENABLE_CT_TESTING
   /* mark as defined, so we can compare */
-  VALGRIND_MAKE_MEM_DEFINED(key_a, CRYPTO_BYTES);
-  VALGRIND_MAKE_MEM_DEFINED(key_b, CRYPTO_BYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(key_a, CRYPTO_BYTES);
+  MLK_CT_TESTING_DECLASSIFY(key_b, CRYPTO_BYTES);
 
   if (memcmp(key_a, key_b, CRYPTO_BYTES))
   {
@@ -65,10 +57,8 @@ static int test_invalid_pk(void)
   /* Alice generates a public key */
   crypto_kem_keypair(pk, sk);
 
-#ifdef ENABLE_CT_TESTING
   /* mark public key as public (=defined) */
-  VALGRIND_MAKE_MEM_DEFINED(pk, CRYPTO_PUBLICKEYBYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES);
 
   /* Bob derives a secret key and creates a response */
   rc = crypto_kem_enc(ct, key_b, pk);
@@ -105,10 +95,8 @@ static int test_invalid_sk_a(void)
   /* Alice generates a public key */
   crypto_kem_keypair(pk, sk);
 
-#ifdef ENABLE_CT_TESTING
   /* mark public key as public (=defined) */
-  VALGRIND_MAKE_MEM_DEFINED(pk, CRYPTO_PUBLICKEYBYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES);
 
   /* Bob derives a secret key and creates a response */
   crypto_kem_enc(ct, key_b, pk);
@@ -127,11 +115,9 @@ static int test_invalid_sk_a(void)
     return 1;
   }
 
-#ifdef ENABLE_CT_TESTING
   /* mark as defined, so we can compare */
-  VALGRIND_MAKE_MEM_DEFINED(key_a, CRYPTO_BYTES);
-  VALGRIND_MAKE_MEM_DEFINED(key_b, CRYPTO_BYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(key_a, CRYPTO_BYTES);
+  MLK_CT_TESTING_DECLASSIFY(key_b, CRYPTO_BYTES);
 
   if (!memcmp(key_a, key_b, CRYPTO_BYTES))
   {
@@ -154,10 +140,8 @@ static int test_invalid_sk_b(void)
   /* Alice generates a public key */
   crypto_kem_keypair(pk, sk);
 
-#ifdef ENABLE_CT_TESTING
   /* mark public key as public (=defined) */
-  VALGRIND_MAKE_MEM_DEFINED(pk, CRYPTO_PUBLICKEYBYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES);
 
   /* Bob derives a secret key and creates a response */
   crypto_kem_enc(ct, key_b, pk);
@@ -192,25 +176,17 @@ static int test_invalid_ciphertext(void)
   do
   {
     randombytes(&b, sizeof(uint8_t));
-
-#ifdef ENABLE_CT_TESTING
-    VALGRIND_MAKE_MEM_DEFINED(&b, sizeof(uint8_t));
-#endif
+    MLK_CT_TESTING_DECLASSIFY(&b, sizeof(uint8_t));
   } while (!b);
   randombytes((uint8_t *)&pos, sizeof(size_t));
 
-
-#ifdef ENABLE_CT_TESTING
-  VALGRIND_MAKE_MEM_DEFINED(&pos, sizeof(size_t));
-#endif
+  MLK_CT_TESTING_DECLASSIFY(&pos, sizeof(size_t));
 
   /* Alice generates a public key */
   crypto_kem_keypair(pk, sk);
 
-#ifdef ENABLE_CT_TESTING
   /* mark public key as public (=defined) */
-  VALGRIND_MAKE_MEM_DEFINED(pk, CRYPTO_PUBLICKEYBYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES);
 
   /* Bob derives a secret key and creates a response */
   crypto_kem_enc(ct, key_b, pk);
@@ -221,11 +197,9 @@ static int test_invalid_ciphertext(void)
   /* Alice uses Bobs response to get her shared key */
   crypto_kem_dec(key_a, ct, sk);
 
-#ifdef ENABLE_CT_TESTING
   /* mark as defined, so we can compare */
-  VALGRIND_MAKE_MEM_DEFINED(key_a, CRYPTO_BYTES);
-  VALGRIND_MAKE_MEM_DEFINED(key_b, CRYPTO_BYTES);
-#endif
+  MLK_CT_TESTING_DECLASSIFY(key_a, CRYPTO_BYTES);
+  MLK_CT_TESTING_DECLASSIFY(key_b, CRYPTO_BYTES);
 
   if (!memcmp(key_a, key_b, CRYPTO_BYTES))
   {