CT tests & suppression files

tests/constant_time/kem/issues.json

@@ -24,5 +24,8 @@
   "Kyber1024": [],
   "Kyber512": [],
   "Kyber768": [],
+  "ML-KEM-512-ipd": [],
+  "ML-KEM-768-ipd": [],
+  "ML-KEM-1024-ipd": [],
   "sntrup761": []
 }

tests/constant_time/kem/passes.json

@@ -24,5 +24,8 @@
   "Kyber1024": ["kyber"],
   "Kyber512": ["kyber"],
   "Kyber768": ["kyber"],
+  "ML-KEM-512-ipd": ["ml_kem"],
+  "ML-KEM-768-ipd": ["ml_kem"],
+  "ML-KEM-1024-ipd": ["ml_kem"],
   "sntrup761": ["sntrup"]
 }

tests/constant_time/kem/passes/ml_kem

@@ -0,0 +1,21 @@
+{
+   Rejection sampling to produce public "A" matrix
+   Memcheck:Cond
+   fun:rej_uniform
+   fun:pqcrystals_ml_kem*_ref_gen_matrix
+   fun:pqcrystals_ml_kem*_ref_indcpa_*
+}
+{
+   Rejection sampling to produce public "A" matrix
+   Memcheck:Cond
+   ...
+   fun:pqcrystals_ml_kem*_avx2_gen_matrix
+   fun:pqcrystals_ml_kem*_avx2_indcpa_*
+}
+{
+   Rejection sampling to produce public "A" matrix
+   Memcheck:Value8
+   ...
+   fun:pqcrystals_ml_kem*_avx2_gen_matrix
+   fun:pqcrystals_ml_kem*_avx2_indcpa_*
+}

tests/constant_time/sig/issues.json

@@ -5,6 +5,9 @@
   "Dilithium5": [],
   "Falcon-1024": ["falcon"],
   "Falcon-512": ["falcon"],
+  "ML-DSA-44-ipd": [],
+  "ML-DSA-65-ipd": [],
+  "ML-DSA-87-ipd": [],
   "SPHINCS+-SHA256-128f-robust": ["sphincs"],
   "SPHINCS+-SHA256-128f-simple": ["sphincs"],
   "SPHINCS+-SHA256-128s-robust": ["sphincs"],

tests/constant_time/sig/passes.json

@@ -5,6 +5,9 @@
   "Dilithium5": ["dilithium", "dilithium-avx2", "dilithium-aarch64"],
   "Falcon-1024": ["falcon_keygen", "falcon_sign"],
   "Falcon-512": ["falcon_keygen", "falcon_sign"],
+  "ML-DSA-44-ipd": ["ml_dsa", "ml_dsa-avx2"],
+  "ML-DSA-65-ipd": ["ml_dsa", "ml_dsa-avx2"],
+  "ML-DSA-87-ipd": ["ml_dsa", "ml_dsa-avx2"],
   "SPHINCS+-SHA2-128f-robust": ["sphincs", "sphincs-sha2-avx2"],
   "SPHINCS+-SHA2-128f-simple": ["sphincs", "sphincs-sha2-avx2"],
   "SPHINCS+-SHA2-128s-robust": ["sphincs", "sphincs-sha2-avx2"],

tests/constant_time/sig/passes/ml_dsa

@@ -0,0 +1,80 @@
+{
+   Rejection sampling for uniformly distributed public A matrix
+   Memcheck:Cond
+   fun:rej_uniform
+   fun:pqcrystals_ml_dsa*_ref_poly_uniform
+   fun:pqcrystals_ml_dsa*_ref_polyvec_matrix_expand
+}
+{
+   Rejection sampling for s1 and s2
+   Memcheck:Cond
+   fun:rej_eta
+   fun:pqcrystals_ml_dsa*_ref_poly_uniform_eta
+   fun:pqcrystals_ml_dsa*_ref_polyvec*_uniform_eta
+   fun:pqcrystals_ml_dsa*_ref_keypair
+}
+{
+   Rejection sampling for y
+   Memcheck:Cond
+   fun:rej_gamma1m1
+   fun:pqcrystals_ml_dsa*_ref_poly_uniform_gamma1m1
+   fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Rejection sampling for challenge
+   Memcheck:Cond
+   fun:pqcrystals_ml_dsa*_ref_poly_challenge
+   fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Rejection sampling for challenge
+   Memcheck:Value8
+   fun:pqcrystals_ml_dsa*_ref_poly_challenge
+   fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Rejection sampling for signature distribution
+   Memcheck:Cond
+   ...
+   src:sign.c:154 # Call to polyvecl_chknorm
+   # fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Rejection sampling for signature distribution
+   Memcheck:Cond
+   ...
+   src:sign.c:163 # Call to polyveck_chknorm
+   # fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Rejection sampling for signature distribution
+   Memcheck:Cond
+   ...
+   src:sign.c:170 # Call to polyveck_chknorm
+   # fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Hint does not need to be computed in constant time
+   Memcheck:Cond
+   ...
+   src:sign.c:174 # Call to polyveck_make_hint
+   # fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Rejection sampling for hint
+   Memcheck:Cond
+   ...
+   src:sign.c:175 # Checking number of 1 bits in hint
+   # fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Packing routines do not need to be constant time
+   Memcheck:Cond
+   fun:pqcrystals_ml_dsa*_ref_pack_sig
+   fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Verification is not done in constant time
+   Memcheck:Cond
+   fun:pqcrystals_ml_dsa*_ref_verify
+}

tests/constant_time/sig/passes/ml_dsa-avx2

@@ -0,0 +1,155 @@
+{
+   Rejection sampling for uniformly distributed public A matrix
+   Memcheck:Cond
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_4x
+   fun:pqcrystals_ml_dsa*_avx2_polyvec_matrix_expand_row*
+}
+{
+   Rejection sampling for uniformly distributed public A matrix
+   Memcheck:Value8
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_4x
+   fun:pqcrystals_ml_dsa*_avx2_polyvec_matrix_expand_row*
+}
+
+
+{
+   Rejection sampling for s1 and s2
+   Memcheck:Cond
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_eta_4x
+   fun:pqcrystals_ml_dsa*_avx2_keypair
+}
+{
+   Rejection sampling for s1 and s2
+   Memcheck:Value8
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_eta_4x
+   fun:pqcrystals_ml_dsa*_avx2_keypair
+}
+
+{
+   Rejection sampling for y
+   Memcheck:Cond
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_4x
+   fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Rejection sampling for y
+   Memcheck:Value8
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_4x
+   fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Rejection sampling for s1 and s2
+   Memcheck:Cond
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_eta_preinit
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_eta
+   fun:pqcrystals_ml_dsa*_avx2_keypair
+}
+{
+   Rejection sampling for s1 and s2
+   Memcheck:Value8
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_eta_preinit
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_eta
+   fun:pqcrystals_ml_dsa*_avx2_keypair
+}
+{
+   Rejection sampling for y
+   Memcheck:Cond
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_preinit
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1
+   fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Rejection sampling for y
+   Memcheck:Value8
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_preinit
+   fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1
+   fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Rejection sampling for challenge
+   Memcheck:Cond
+   fun:pqcrystals_ml_dsa*_avx2_poly_challenge
+}
+{
+   Rejection sampling for challenge
+   Memcheck:Value8
+   fun:pqcrystals_ml_dsa*_avx2_poly_challenge
+}
+{
+   Rejection sampling for signature distribution
+   Memcheck:Cond
+   ...
+   src:sign.c:240 # Call to poly_chknorm
+   # fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Rejection sampling for signature distribution
+   Memcheck:Cond
+   ...
+   src:sign.c:255 # Call to poly_chknorm
+   # fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Rejection sampling for signature distribution
+   Memcheck:Cond
+   ...
+   src:sign.c:262 # Call to poly_chknorm
+   # fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Hint does not need to be computed in constant time
+   Memcheck:Cond
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_make_hint
+   src:sign.c:266 # fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Hint does not need to be computed in constant time
+   Memcheck:Value8
+   ...
+   fun:pqcrystals_ml_dsa*_avx2_poly_make_hint
+   src:sign.c:266 # fun:pqcrystals_ml_dsa*_ref_signature
+}
+{
+   Rejection sampling for hint
+   Memcheck:Cond
+   ...
+   src:sign.c:267 # Checking number of 1 bits in hint
+   # fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Hint positions are not secret
+   Memcheck:Cond
+   ...
+   src:sign.c:271 # memcpy
+   # fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Hint positions are not secret
+   Memcheck:Value8
+   ...
+   src:sign.c:271 # memcpy
+   # fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Packing routines do not need to be constant time
+   Memcheck:Cond
+   fun:pqcrystals_ml_dsa*_avx2_pack_sig
+   fun:pqcrystals_ml_dsa*_avx2_signature
+}
+{
+   Verification is not done in constant time
+   Memcheck:Cond
+   fun:pqcrystals_ml_dsa*_avx2_verify
+}
+

tests/test_vectors.py

@@ -14,8 +14,7 @@ def test_vectors_kem(kem_name):
     result = helpers.run_subprocess(
         ['tests/test_vectors.sh', kem_name],
     )
-    if kem_name + " not supported" in result:
-        pytest.skip("Not supported")
+    if kem_name + " not supported" in result: pytest.skip("Not supported")
 
 @helpers.filtered_test
 @pytest.mark.skipif(sys.platform.startswith("win"), reason="Not needed on Windows")
@@ -25,8 +24,7 @@ def test_vectors_sig(sig_name):
     result = helpers.run_subprocess(
         ['tests/test_vectors.sh', sig_name],
     )
-    if sig_name + " not supported" in result:
-        pytest.skip("Not supported")
+    if sig_name + " not supported" in result: pytest.skip("Not supported")
 
 if __name__ == "__main__":
     import sys