Skip to content

Commit 116bcea

Browse files
willieyzwillieyz
committed
CI: add the PCT enabled, PCT enabled + broken, Custom zeroization (explicit_bzero)
- This commit add the three tests `PCT enabled`, `PCT enabled + broken`, `Custom zeroization (explicit_bzero)` in the ci.yml Signed-off-by: willieyz <[email protected]>
1 parent 2da7a4f commit 116bcea

File tree

3 files changed

+433
-0
lines changed

3 files changed

+433
-0
lines changed

.github/workflows/ci.yml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -379,6 +379,38 @@ jobs:
379379
runs-on: ${{ matrix.target.runner }}
380380
steps:
381381
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
382+
- name: "PCT enabled"
383+
uses: ./.github/actions/multi-functest
384+
with:
385+
gh_token: ${{ secrets.GITHUB_TOKEN }}
386+
compile_mode: native
387+
cflags: "-DMLD_CONFIG_KEYGEN_PCT -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
388+
func: true
389+
kat: true
390+
acvp: true
391+
- name: "PCT enabled + broken"
392+
run: |
393+
make clean
394+
CFLAGS='-DMLD_CONFIG_FILE=\"../test/break_pct_config.h\"' make func -j4
395+
# PCT breakage is done at runtime via MLD_BREAK_PCT
396+
make run_func # Should be OK
397+
MLD_BREAK_PCT=0 make run_func # Should be OK
398+
if (MLD_BREAK_PCT=1 make run_func 2>&1 >/dev/null); then
399+
echo "PCT failure expected"
400+
exit 1
401+
else
402+
echo "PCT failed as expected"
403+
fi
404+
- name: "Custom zeroization (explicit_bzero)"
405+
uses: ./.github/actions/multi-functest
406+
with:
407+
gh_token: ${{ secrets.GITHUB_TOKEN }}
408+
compile_mode: native
409+
cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../test/custom_zeroize_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
410+
func: true
411+
kat: true
412+
acvp: true
413+
examples: false # Some examples use a custom config themselves
382414
- name: "No ASM"
383415
uses: ./.github/actions/multi-functest
384416
with:

test/break_pct_config.h

Lines changed: 202 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,202 @@
1+
/*
2+
* Copyright (c) The mldsa-native project authors
3+
* SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
4+
*/
5+
#ifndef MLD_CONFIG_H
6+
#define MLD_CONFIG_H
7+
8+
#define MLD_RANDOMIZED_SIGNING
9+
10+
#ifndef MLDSA_MODE
11+
#define MLDSA_MODE 2
12+
#endif
13+
14+
#if MLDSA_MODE == 2
15+
#define MLD_NAMESPACETOP MLD_44_ref
16+
#define MLD_NAMESPACE(s) MLD_44_ref_##s
17+
#elif MLDSA_MODE == 3
18+
#define MLD_NAMESPACETOP MLD_65_ref
19+
#define MLD_NAMESPACE(s) MLD_65_ref_##s
20+
#elif MLDSA_MODE == 5
21+
#define MLD_NAMESPACETOP MLD_87_ref
22+
#define MLD_NAMESPACE(s) MLD_87_ref_##s
23+
#endif
24+
25+
26+
/******************************************************************************
27+
* Name: MLD_CONFIG_FILE
28+
*
29+
* Description: If defined, this is a header that will be included instead
30+
* of this default configuration file mldsa/config.h.
31+
*
32+
* When you need to build mldsa-native in multiple configurations,
33+
* using varying MLD_CONFIG_FILE can be more convenient
34+
* then configuring everything through CFLAGS.
35+
*
36+
* To use, MLD_CONFIG_FILE _must_ be defined prior
37+
* to the inclusion of any mldsa-native headers. For example,
38+
* it can be set by passing `-DMLD_CONFIG_FILE="..."`
39+
* on the command line.
40+
*
41+
*****************************************************************************/
42+
/* #define MLD_CONFIG_FILE "config.h" */
43+
44+
/******************************************************************************
45+
* Name: MLD_CONFIG_ARITH_BACKEND_FILE
46+
*
47+
* Description: The arithmetic backend to use.
48+
*
49+
* If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is unset, this option
50+
* is ignored.
51+
*
52+
* If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is set, this option must
53+
* either be undefined or the filename of an arithmetic backend.
54+
* If unset, the default backend will be used.
55+
*
56+
* This can be set using CFLAGS.
57+
*
58+
*****************************************************************************/
59+
#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) && \
60+
!defined(MLD_CONFIG_ARITH_BACKEND_FILE)
61+
#define MLD_CONFIG_ARITH_BACKEND_FILE "native/meta.h"
62+
#endif
63+
64+
/******************************************************************************
65+
* Name: MLD_CONFIG_FIPS202_BACKEND_FILE
66+
*
67+
* Description: The FIPS-202 backend to use.
68+
*
69+
* If MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, this option
70+
* must either be undefined or the filename of a FIPS202 backend.
71+
* If unset, the default backend will be used.
72+
*
73+
* This can be set using CFLAGS.
74+
*
75+
*****************************************************************************/
76+
#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) && \
77+
!defined(MLD_CONFIG_FIPS202_BACKEND_FILE)
78+
#define MLD_CONFIG_FIPS202_BACKEND_FILE "fips202/native/auto.h"
79+
#endif
80+
81+
/******************************************************************************
82+
* Name: MLD_CONFIG_CUSTOM_ZEROIZE
83+
*
84+
* Description: In compliance with FIPS 204 Section 3.6.3, mldsa-native zeroizes
85+
* intermediate stack buffers before returning from function calls.
86+
*
87+
* Set this option and define `mld_zeroize_native` if you want to
88+
* use a custom method to zeroize intermediate stack buffers.
89+
* The default implementation uses SecureZeroMemory on Windows
90+
* and a memset + compiler barrier otherwise. If neither of those
91+
* is available on the target platform, compilation will fail,
92+
* and you will need to use MLD_CONFIG_CUSTOM_ZEROIZE to provide
93+
* a custom implementation of `mld_zeroize_native()`.
94+
*
95+
* WARNING:
96+
* The explicit stack zeroization conducted by mldsa-native
97+
* reduces the likelihood of data leaking on the stack, but
98+
* does not eliminate it! The C standard makes no guarantee about
99+
* where a compiler allocates structures and whether/where it makes
100+
* copies of them. Also, in addition to entire structures, there
101+
* may also be potentially exploitable leakage of individual values
102+
* on the stack.
103+
*
104+
* If you need bullet-proof zeroization of the stack, you need to
105+
* consider additional measures instead of what this feature
106+
* provides. In this case, you can set mld_zeroize_native to a
107+
* no-op.
108+
*
109+
*****************************************************************************/
110+
/* #define MLD_CONFIG_CUSTOM_ZEROIZE
111+
#if !defined(__ASSEMBLER__)
112+
#include <stdint.h>
113+
#include "sys.h"
114+
static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len)
115+
{
116+
... your implementation ...
117+
}
118+
#endif
119+
*/
120+
121+
/******************************************************************************
122+
* Name: MLD_CONFIG_KEYGEN_PCT
123+
*
124+
* Description: Compliance with @[FIPS140_3_IG, p.87] requires a
125+
* Pairwise Consistency Test (PCT) to be carried out on a freshly
126+
* generated keypair before it can be exported.
127+
*
128+
* Set this option if such a check should be implemented.
129+
* In this case, crypto_sign_keypair_internal and
130+
* crypto_sign_keypair will return a non-zero error code if the
131+
* PCT failed.
132+
*
133+
* NOTE: This feature will drastically lower the performance of
134+
* key generation.
135+
*
136+
*****************************************************************************/
137+
#define MLD_CONFIG_KEYGEN_PCT
138+
139+
/******************************************************************************
140+
* Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST
141+
*
142+
* Description: If this option is set, the user must provide a runtime
143+
* function `static inline int mld_break_pct() { ... }` to
144+
* indicate whether the PCT should be made fail.
145+
*
146+
* This option only has an effect if MLD_CONFIG_KEYGEN_PCT is set.
147+
*
148+
*****************************************************************************/
149+
#define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST
150+
#if !defined(__ASSEMBLER__)
151+
#include <stdlib.h>
152+
#include <string.h>
153+
#include "../mldsa/sys.h"
154+
static MLD_INLINE int mld_break_pct(void)
155+
{
156+
/* Break PCT if and only if MLD_BREAK_PCT is set to 1 */
157+
const char *val = getenv("MLD_BREAK_PCT");
158+
return val != NULL && strcmp(val, "1") == 0;
159+
}
160+
#endif
161+
162+
163+
/******************************************************************************
164+
* Name: MLD_CONFIG_NO_ASM
165+
*
166+
* Description: If this option is set, mldsa-native will be built without
167+
* use of native code or inline assembly.
168+
*
169+
* By default, inline assembly is used to implement value barriers.
170+
* Without inline assembly, mldsa-native will use a global volatile
171+
* 'opt blocker' instead; see ct.h.
172+
*
173+
* Inline assembly is also used to implement a secure zeroization
174+
* function on non-Windows platforms. If this option is set and
175+
* the target platform is not Windows, you MUST set
176+
* MLD_CONFIG_CUSTOM_ZEROIZE and provide a custom zeroization
177+
* function.
178+
*
179+
* If this option is set, MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 and
180+
* and MLD_CONFIG_USE_NATIVE_BACKEND_ARITH will be ignored, and no
181+
* native backends will be used.
182+
*
183+
*****************************************************************************/
184+
/* #define MLD_CONFIG_NO_ASM */
185+
186+
/******************************************************************************
187+
* Name: MLD_CONFIG_NO_ASM_VALUE_BARRIER
188+
*
189+
* Description: If this option is set, mldsa-native will be built without
190+
* use of native code or inline assembly for value barriers.
191+
*
192+
* By default, inline assembly (if available) is used to implement
193+
* value barriers.
194+
* Without inline assembly, mldsa-native will use a global volatile
195+
* 'opt blocker' instead; see ct.h.
196+
*
197+
*****************************************************************************/
198+
/* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */
199+
200+
201+
202+
#endif /* !MLD_CONFIG_H */

0 commit comments

Comments
 (0)