Bug 1741849 - Add constant-time checks to bltest and fbectest r=#nss-reviewers
Needs RevisionPublic
Actions

Authored by johny on Nov 18 2021, 12:33 PM.

Details

Reviewers

mt
ckerschb

Group Reviewers

nss-reviewers

Bugzilla Bug ID

1741849

Summary

Enable the --ct-verif switch to toggle the CT_VERIF define in
bltest and fbectest. Add Valgrind instrumentation for
constant-timeness checks to bltest and fbectest.

Diff Detail

Repository

rNSS nss

Branch

default

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

johny created this revision.Nov 18 2021, 12:33 PM

Herald added a project: secure-revision. · View Herald TranscriptNov 18 2021, 12:33 PM

Harbormaster completed remote builds in B373096: Diff 509462.Nov 18 2021, 12:33 PM

phab-bot published this revision for review.Nov 18 2021, 12:33 PM

phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".

phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".

phab-bot removed a project: secure-revision.

johny added a child revision: D132307: Bug 1741849 - Add constant-time test suite r=#nss-reviewers.Nov 28 2021, 5:32 PM

Just a quick note; I didn't spend the time necessary to determine that the coverage here is adequate. That's probably the hardest part of reviewing any change of this sort.

cmd/bltest/blapitest.c
28–30	I think that it would be a good idea to define a new macro (`CT_POISON(b, l)` say) here. When `CT_VERIF` is on it can use the valgrind macro; otherwise it can be a noop. That will avoid the need for `#ifdef` statements throughout the code.

johny updated this revision to Diff 513181.Nov 29 2021, 12:23 PM

Harbormaster completed remote builds in B376250: Diff 513181.Nov 29 2021, 12:23 PM

I have implemented the suggested CT_POISON macro. Btw. there are already mpi_taint and mpi_untaint functions defined and implemented under CT_VERIF in mpi.c, so maybe this can get unified.
However, those functions are only used in one unittest, which is disabled by default.

W.r.t coverage, feel free to let me know where to look for more primitives to include, I am quite new to NSS.

johny marked an inline comment as done.Nov 30 2021, 4:35 PM

johny updated this revision to Diff 514020.Nov 30 2021, 10:01 PM

Harbormaster completed remote builds in B376901: Diff 514020.Nov 30 2021, 10:01 PM

johny updated this revision to Diff 514299.Dec 1 2021, 3:49 PM

Harbormaster completed remote builds in B377137: Diff 514299.Dec 1 2021, 3:49 PM

bbeurdouche added a reviewer: mt.Jan 18 2022, 10:23 AM

@johny

Hello! Thanks for your patch.
Could I ask you to write a small README section about what you have done in this patch? For example, in the macros.

Thanks :)

I also added two small comments:

cmd/bltest/blapitest.c
1710	Would it make sense to also have CT_POISON(sk->iv.buf.data, sk->iv.buf.len); ?
1953	Why in some cases you have CT_VERIF, but not in the others?

We, the crypto engineering team, are in the process of improving our review and landing queue, basically patches that are tagged with 'nss-reviewers'. Part of this process is to clean out 'stalled' patches. For whatever reason this changeset has not seen any movement for a long time and we consider it 'stalled'. If you feel this is a mistake or incorrect, please follow up, e.g. by rebasing the patch and/or by resetting the tag 'nss-reviewers' and drive this patch forward!

Thank you for your contributions!

This revision now requires changes to proceed.Jun 24 2024, 7:49 AM