Skip to content

Commit

Permalink
Update SPHINCS+ "clean" suppression files (#1683)
Browse files Browse the repository at this point in the history
  • Loading branch information
@SWilson4
SWilson4 authored Feb 7, 2024
1 parent dea5170 commit da3dab8
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 55 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/weekly.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ jobs:
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA*,Classic-McEliece-[^3](.)*'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,Classic-McEliece-[^3](.)*'
- name: extensions
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA*,Classic-McEliece-(.)*'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,Classic-McEliece-[^3](.)*'
container:
image: ${{ matrix.container }}
steps:
Expand Down
48 changes: 24 additions & 24 deletions docs/algorithms/sig/sphincs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -77,8 +77,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -107,8 +107,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -137,8 +137,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -167,8 +167,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -197,8 +197,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -227,8 +227,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -257,8 +257,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -287,8 +287,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -317,8 +317,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -347,8 +347,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down Expand Up @@ -377,8 +377,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
Expand Down
48 changes: 24 additions & 24 deletions tests/constant_time/sig/issues.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,28 +5,28 @@
"Dilithium5": [],
"Falcon-1024": ["falcon"],
"Falcon-512": ["falcon"],
"SPHINCS+-SHA256-128f-robust": ["sphincs"],
"SPHINCS+-SHA256-128f-simple": ["sphincs"],
"SPHINCS+-SHA256-128s-robust": ["sphincs"],
"SPHINCS+-SHA256-128s-simple": ["sphincs"],
"SPHINCS+-SHA256-192f-robust": ["sphincs"],
"SPHINCS+-SHA256-192f-simple": ["sphincs"],
"SPHINCS+-SHA256-192s-robust": ["sphincs"],
"SPHINCS+-SHA256-192s-simple": ["sphincs"],
"SPHINCS+-SHA256-256f-robust": ["sphincs"],
"SPHINCS+-SHA256-256f-simple": ["sphincs"],
"SPHINCS+-SHA256-256s-robust": ["sphincs"],
"SPHINCS+-SHA256-256s-simple": ["sphincs"],
"SPHINCS+-SHAKE256-128f-robust": ["sphincs"],
"SPHINCS+-SHAKE256-128f-simple": ["sphincs"],
"SPHINCS+-SHAKE256-128s-robust": ["sphincs"],
"SPHINCS+-SHAKE256-128s-simple": ["sphincs"],
"SPHINCS+-SHAKE256-192f-robust": ["sphincs"],
"SPHINCS+-SHAKE256-192f-simple": ["sphincs"],
"SPHINCS+-SHAKE256-192s-robust": ["sphincs"],
"SPHINCS+-SHAKE256-192s-simple": ["sphincs"],
"SPHINCS+-SHAKE256-256f-robust": ["sphincs"],
"SPHINCS+-SHAKE256-256f-simple": ["sphincs"],
"SPHINCS+-SHAKE256-256s-robust": ["sphincs"],
"SPHINCS+-SHAKE256-256s-simple": ["sphincs"]
"SPHINCS+-SHA2-128f-robust": ["sphincs"],
"SPHINCS+-SHA2-128f-simple": ["sphincs"],
"SPHINCS+-SHA2-128s-robust": ["sphincs"],
"SPHINCS+-SHA2-128s-simple": ["sphincs"],
"SPHINCS+-SHA2-192f-robust": ["sphincs"],
"SPHINCS+-SHA2-192f-simple": ["sphincs"],
"SPHINCS+-SHA2-192s-robust": ["sphincs"],
"SPHINCS+-SHA2-192s-simple": ["sphincs"],
"SPHINCS+-SHA2-256f-robust": ["sphincs"],
"SPHINCS+-SHA2-256f-simple": ["sphincs"],
"SPHINCS+-SHA2-256s-robust": ["sphincs"],
"SPHINCS+-SHA2-256s-simple": ["sphincs"],
"SPHINCS+-SHAKE-128f-robust": ["sphincs"],
"SPHINCS+-SHAKE-128f-simple": ["sphincs"],
"SPHINCS+-SHAKE-128s-robust": ["sphincs"],
"SPHINCS+-SHAKE-128s-simple": ["sphincs"],
"SPHINCS+-SHAKE-192f-robust": ["sphincs"],
"SPHINCS+-SHAKE-192f-simple": ["sphincs"],
"SPHINCS+-SHAKE-192s-robust": ["sphincs"],
"SPHINCS+-SHAKE-192s-simple": ["sphincs"],
"SPHINCS+-SHAKE-256f-robust": ["sphincs"],
"SPHINCS+-SHAKE-256f-simple": ["sphincs"],
"SPHINCS+-SHAKE-256s-robust": ["sphincs"],
"SPHINCS+-SHAKE-256s-simple": ["sphincs"]
}
31 changes: 26 additions & 5 deletions tests/constant_time/sig/issues/sphincs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,28 @@
{
memcpy source and destination overlap see issue 1038
Memcheck:Overlap
fun:__GI_memcpy
fun:gen_chain
fun:PQCLEAN_SPHINCS*_CLEAN_wots_*
This implementation of SPHINCS+ may not be constant time.
Memcheck:Cond
src:wotsx1.c:29
# fun:PQCLEAN_SPHINCSSHA*FSIMPLE_CLEAN_wots_gen_leafx1
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_treehashx1
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_merkle_sign
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_crypto_sign_signature
}

{
This implementation of SPHINCS+ may not be constant time.
Memcheck:Cond
src:wotsx1.c:58
# fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_wots_gen_leafx1
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_treehashx1
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_merkle_sign
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_crypto_sign_signature
}

{
This implementation of SPHINCS+ may not be constant time.
Memcheck:Cond
src:utilsx1.c:65
# fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_treehashx1
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_*_sign
fun:PQCLEAN_SPHINCSSHA*SIMPLE_CLEAN_crypto_sign_signature
}

0 comments on commit da3dab8

Please sign in to comment.