Closed Bug 1741849 Opened 4 years ago Closed 1 year ago

Add constant-time verification through valgrind

Categories

(NSS :: Test, task, P3)

Product:
NSS
Component:
Test
Version:
3.73
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1872936

People

(Reporter: johny, Unassigned)

Details

(Whiteboard: [nss-fx])

Attachments

(2 files)

Bug 1741849 - Add constant-time checks to bltest and fbectest r=#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1741849 - Add constant-time test suite r=#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review
No description provided.

The mpi_unittest.c of the gtest-based tests has some support for verification of constant-timeness via the Valgrind technique (also described here). The build.sh file also supports the --ct-verif switch which enables the define which enables the Valgrind instrumentation necessary. The switch is somewhat badly named as there is actually a tool called ct-verif for formal verification of constant-timeness but I digress.

This issue suggests extending the approach used in that single testcase to cover more cryptographic primitives and also to actually execute the tests under Valgrind in CI (which is not done currently) and report their results.

I have a patch ready that adds the Valgrind instrumentation to bltest and fbectest and enables the --ct-verif switch to switch it on for the additional files. This allows the constant-timeness verification of primitives tested by those tests. However, what I do not have is added this testing into the CI as I do not understand the use of taskcluster/treeherder/etc. Any help in this regard would be highly appreciated.

Enable the --ct-verif switch to toggle the CT_VERIF define in
bltest and fbectest. Add Valgrind instrumentation for
constant-timeness checks to bltest and fbectest.

Adds the ct test-suite which uses Valgrind to
test the constant-timeness of crypto primitives
in NSS.

Depends on D131490

I have written a blog post about using the above two patches to analyse constant-timeness, it also has an analysis of the results. TL;DR; I think there are some leaks that deserve attention.

Type: enhancement → task
Severity: -- → S4
Priority: -- → P3
Whiteboard: [nss-fx]
Blocks: 1872936

Thanks for your work on this, Ján, but we're going to take a different approach. We've found that it is easier to limit the number of false positives by adding annotations within lib/freebl. Another benefit of that strategy is that lets test constant time execution of KATs, wycheproof test vectors, fuzzer-produced inputs, etc.

No longer blocks: 1872936
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1872936
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: