From 56881beb966149c55894937abc9da7cf02735e90 Mon Sep 17 00:00:00 2001
From: Pravek Sharma <sharmapravek@gmail.com>
Date: Wed, 13 Sep 2023 22:35:16 +0200
Subject: [PATCH] Document Falcon constant time errors.

---
 docs/algorithms/sig/falcon.yml        | 16 ++++++++--------
 tests/constant_time/sig/issues.json   |  4 ++--
 tests/constant_time/sig/issues/falcon | 15 +++++++++++++++
 3 files changed, 25 insertions(+), 10 deletions(-)
 create mode 100644 tests/constant_time/sig/issues/falcon

diff --git a/docs/algorithms/sig/falcon.yml b/docs/algorithms/sig/falcon.yml
index 51685dde64..5187b043ec 100644
--- a/docs/algorithms/sig/falcon.yml
+++ b/docs/algorithms/sig/falcon.yml
@@ -36,8 +36,8 @@ parameter-sets:
     supported-platforms: all
     common-crypto:
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
   - upstream: primary-upstream
     upstream-id: avx2
@@ -47,8 +47,8 @@ parameter-sets:
       - avx2
     common-crypto:
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
 - name: Falcon-1024
   claimed-nist-level: 5
@@ -63,8 +63,8 @@ parameter-sets:
     supported-platforms: all
     common-crypto:
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
   - upstream: primary-upstream
     upstream-id: avx2
@@ -74,6 +74,6 @@ parameter-sets:
       - avx2
     common-crypto:
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
diff --git a/tests/constant_time/sig/issues.json b/tests/constant_time/sig/issues.json
index 286f43223c..9bb7eb81c4 100644
--- a/tests/constant_time/sig/issues.json
+++ b/tests/constant_time/sig/issues.json
@@ -3,8 +3,8 @@
   "Dilithium2": [],
   "Dilithium3": [],
   "Dilithium5": [],
-  "Falcon-1024": [],
-  "Falcon-512": [],
+  "Falcon-1024": ["falcon"],
+  "Falcon-512": ["falcon"],
   "SPHINCS+-SHA256-128f-robust": ["sphincs"],
   "SPHINCS+-SHA256-128f-simple": ["sphincs"],
   "SPHINCS+-SHA256-128s-robust": ["sphincs"],
diff --git a/tests/constant_time/sig/issues/falcon b/tests/constant_time/sig/issues/falcon
new file mode 100644
index 0000000000..70054774e3
--- /dev/null
+++ b/tests/constant_time/sig/issues/falcon
@@ -0,0 +1,15 @@
+{
+   <insert_a_suppression_name_here>
+   Memcheck:Cond
+   src:sign.c:1226
+   # fun:PQCLEAN_FALCON*_AVX2_sampler
+   fun:ffSampling_fft_dyntree
+}
+
+{
+   <insert_a_suppression_name_here>
+   Memcheck:Cond
+   src:sign.c:1140
+   # fun:BerExp
+   fun:PQCLEAN_FALCON*_AVX2_sampler
+}
\ No newline at end of file