diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 8fcbc049b1..cbfa2c3677 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -16,7 +16,7 @@ jobs: container: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time' - SKIP_ALGS: 'SPHINCS\+-SHA*,Classic-McEliece-6(.)*' + SKIP_ALGS: 'SPHINCS\+-SHA*, Classic-McEliece-(.)*' - name: extensions container: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON diff --git a/docs/algorithms/kem/classic_mceliece.md b/docs/algorithms/kem/classic_mceliece.md index 2efd78ebda..737cedcbf1 100644 --- a/docs/algorithms/kem/classic_mceliece.md +++ b/docs/algorithms/kem/classic_mceliece.md @@ -14,6 +14,7 @@ ## Advisories - Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture. +- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. ## Parameter set summary diff --git a/docs/algorithms/kem/classic_mceliece.yml b/docs/algorithms/kem/classic_mceliece.yml index c09b364b1e..9208251b01 100644 --- a/docs/algorithms/kem/classic_mceliece.yml +++ b/docs/algorithms/kem/classic_mceliece.yml @@ -26,6 +26,7 @@ advisories: building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture. +- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. parameter-sets: - name: Classic-McEliece-348864 claimed-nist-level: 1 diff --git a/tests/constant_time/kem/issues/bike_has_no_timing_protections b/tests/constant_time/kem/issues/bike_has_no_timing_protections deleted file mode 100644 index 83601cd748..0000000000 --- a/tests/constant_time/kem/issues/bike_has_no_timing_protections +++ /dev/null @@ -1,18 +0,0 @@ -{ - The implementation of BIKE in liboqs is not constant time - Memcheck:Cond - ... - fun:OQS_KEM_bike* -} -{ - The implementation of BIKE in liboqs is not constant time - Memcheck:Value1 - ... - fun:OQS_KEM_bike* -} -{ - The implementation of BIKE in liboqs is not constant time - Memcheck:Value8 - ... - fun:OQS_KEM_bike* -} diff --git a/tests/constant_time/kem/issues/classic-mceliece-348864 b/tests/constant_time/kem/issues/classic-mceliece-348864 index c00d5f6fb3..07c1510ab1 100644 --- a/tests/constant_time/kem/issues/classic-mceliece-348864 +++ b/tests/constant_time/kem/issues/classic-mceliece-348864 @@ -134,6 +134,14 @@ fun:PQCLEAN_MCELIECE348864_AVX2_crypto_kem_keypair } +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:314 + # fun:PQCLEAN_MCELIECE348864_AVX2_pk_gen + fun:PQCLEAN_MCELIECE348864_AVX2_crypto_kem_keypair +} + { This implementation of Classic McEliece may not be constant time. Memcheck:Value8 @@ -166,6 +174,22 @@ fun:PQCLEAN_MCELIECE348864_AVX2_crypto_kem_keypair } +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:322 + # fun:PQCLEAN_MCELIECE348864_AVX2_pk_gen + fun:PQCLEAN_MCELIECE348864_AVX2_crypto_kem_keypair +} + +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Cond + src:pk_gen.c:322 + # fun:PQCLEAN_MCELIECE348864_AVX2_pk_gen + fun:PQCLEAN_MCELIECE348864_AVX2_crypto_kem_keypair +} + { This implementation of Classic McEliece may not be constant time. Memcheck:Value8 diff --git a/tests/constant_time/kem/issues/classic-mceliece-460896 b/tests/constant_time/kem/issues/classic-mceliece-460896 index d6a33ceb47..83c9703071 100644 --- a/tests/constant_time/kem/issues/classic-mceliece-460896 +++ b/tests/constant_time/kem/issues/classic-mceliece-460896 @@ -1,3 +1,19 @@ +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:35 + # fun:extract_01_masks + fun:PQCLEAN_MCELIECE460896_AVX2_pk_gen +} + +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:43 + # fun:extract_mask256 + fun:PQCLEAN_MCELIECE460896_AVX2_pk_gen +} + { This implementation of Classic McEliece may not be constant time. Memcheck:Value8 @@ -30,6 +46,14 @@ fun:PQCLEAN_MCELIECE460896_AVX2_crypto_kem_keypair } +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:315 + # fun:PQCLEAN_MCELIECE460896_AVX2_pk_gen + fun:PQCLEAN_MCELIECE460896_AVX2_crypto_kem_keypair +} + { This implementation of Classic McEliece may not be constant time. Memcheck:Cond @@ -38,6 +62,22 @@ fun:PQCLEAN_MCELIECE460896_AVX2_crypto_kem_keypair } +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:320 + # fun:PQCLEAN_MCELIECE460896_AVX2_pk_gen + fun:PQCLEAN_MCELIECE460896_AVX2_crypto_kem_keypair +} + +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:323 + # fun:PQCLEAN_MCELIECE460896_AVX2_pk_gen + fun:PQCLEAN_MCELIECE460896_AVX2_crypto_kem_keypair +} + { This implementation of Classic McEliece may not be constant time. Memcheck:Value8 diff --git a/tests/constant_time/kem/issues/classic-mceliece-6960119 b/tests/constant_time/kem/issues/classic-mceliece-6960119 index 4b0646bccc..8732052e45 100644 --- a/tests/constant_time/kem/issues/classic-mceliece-6960119 +++ b/tests/constant_time/kem/issues/classic-mceliece-6960119 @@ -62,6 +62,14 @@ fun:PQCLEAN_MCELIECE6960119_AVX2_crypto_kem_keypair } +{ + This implementation of Classic McEliece may not be constant time. + Memcheck:Value8 + src:pk_gen.c:326 + # fun:PQCLEAN_MCELIECE6960119_AVX2_pk_gen + fun:PQCLEAN_MCELIECE6960119_AVX2_crypto_kem_keypair +} + { This implementation of Classic McEliece may not be constant time. Memcheck:Cond diff --git a/tests/constant_time/kem/issues/classic-mceliece-8192128 b/tests/constant_time/kem/issues/classic-mceliece-8192128 index c51c58ee69..ec6da0ba8a 100644 --- a/tests/constant_time/kem/issues/classic-mceliece-8192128 +++ b/tests/constant_time/kem/issues/classic-mceliece-8192128 @@ -62,6 +62,14 @@ fun:PQCLEAN_MCELIECE8192128_AVX2_crypto_kem_keypair } +{ + + Memcheck:Value8 + src:pk_gen.c:323 + # fun:PQCLEAN_MCELIECE8192128_AVX2_pk_gen + fun:PQCLEAN_MCELIECE8192128_AVX2_crypto_kem_keypair +} + { This implementation of Classic McEliece may not be constant time. Memcheck:Cond