Home Explore Help
Sign In
ariadne
/
shttpd
Watch 1
Star 0
Fork 0
Files Issues 7 Pull Requests 0 Wiki
Tree: 2bee9d4835
Branches Tags
shttpd
/
sHT
/
test.h

test.h 4.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202 
  1. // SPDX-License-Identifier: GPL-3.0-or-later
    2. 

  2. // Copyright © 2018-2019 Ariadne Devos
    3. 

  3. /* sHT -- compare values, on a Spectre-oblivious compiler */
    4. 

  4. 

  5. #ifndef _sHT_TEST_H
    6. 

  6. #define _sHT_TEST_H
    7. 

  7. 

  8. #include <stddef.h>
    9. 

  9. #include <stdint.h>
    10. 

  10. #include <sHT/compiler.h>
    11. 

  11. #include <sHT/test-arch.h>
    12. 

  12. 

  13. /** Comparing values
    14. 

  14. 

  15.   If two values are compared, the compiler can assume information in both
    16. 

  16.   branches, which may be -- speculatively -- incorrect. s2 must not allow
    17. 

  17.   side-channel attacks.
    18. 

  18. 

  19.   Why use inline assembly instead of littering the code with
    20. 

  20.   @var{sHT_hide_var}? Because its a lie that the variable changes,
    21. 

  21.   reducing optimisation opportunities, because its fragile: information
    22. 

  22.   about a parameter implies information about other data, because it is
    23. 

  23.   less verbose, and because branches can easily be marked.
    24. 

  24. 

  25.   The last allows for checking the binary that all branches are hidden
    26. 

  26.   correctly, and allows for flipping and deleting branches to test the test
    27. 

  27.   cases.
    28. 

  28. 

  29.   A major downside is that this requires architecture-specific code. */
    30. 

  30. 

  31. /** @var{a} > @var{b}?
    32. 

  32.   The fall-through case should be the most likely. */
    33. 

  33. __attribute__((always_inline))
    34. 

  34. static inline _Bool
    35. 

  35. sHT_gt(uintmax_t a, uintmax_t b)
    36. 

  36. {
    37. 

  37. 	if (sHT_constant_p(a > b))
    38. 

  38. 		return a > b;
    39. 

  39. 	_sHT_gt(a, b, correct);
    40. 

  40. 	return 0;
    41. 

  41. correct:
    42. 

  42. 	return 1;
    43. 

  43. }
    44. 

  44. 

  45. /** @var{a} >= @var{b}?
    46. 

  46.   The fall-through case should be the most likely. */
    47. 

  47. __attribute__((always_inline))
    48. 

  48. static inline _Bool
    49. 

  49. sHT_ge(uintmax_t a, uintmax_t b)
    50. 

  50. {
    51. 

  51. 	if (sHT_constant_p(a >= b))
    52. 

  52. 		return a >= b;
    53. 

  53. 	_sHT_ge(a, b, correct);
    54. 

  54. 	return 0;
    55. 

  55. correct:
    56. 

  56. 	return 1;
    57. 

  57. }
    58. 

  58. 

  59. /** @var{a} == @var{b}?
    60. 

  60.   The fall-through case should be the most likely. */
    61. 

  61. __attribute__((always_inline))
    62. 

  62. static inline _Bool
    63. 

  63. sHT_eq(uintmax_t a, uintmax_t b)
    64. 

  64. {
    65. 

  65. 	if (sHT_constant_p(a == b))
    66. 

  66. 		return a == b;
    67. 

  67. 	_sHT_eq(a, b, correct);
    68. 

  68. 	return 0;
    69. 

  69. correct:
    70. 

  70. 	return 1;
    71. 

  71. }
    72. 

  72. 

  73. /** @var{a} == @var{b} ? 1 : 0
    74. 

  74. 

  75.   This differs from @var{sHT_eq} in that the
    76. 

  76.   return value is an integer, and not a condition.
    77. 

  77.   It may not be directly branched upon. */
    78. 

  78. __attribute__((always_inline))
    79. 

  79. static inline int
    80. 

  80. sHT_eq_bool(uintmax_t a, uintmax_t b)
    81. 

  81. {
    82. 

  82. 	if (sHT_constant_p(a == b))
    83. 

  83. 		return a == b;
    84. 

  84. 	_Bool ret;
    85. 

  85. 	_sHT_eq_bool(a, b, ret);
    86. 

  86. 	return ret;
    87. 

  87. }
    88. 

  88. 

  89. /** @var{a} != @var{b}?
    90. 

  90.   The fall-through case should be the most likely. */
    91. 

  91. static inline _Bool
    92. 

  92. sHT_neq(uintmax_t a, uintmax_t b)
    93. 

  93. {
    94. 

  94. 	if (sHT_constant_p(a != b))
    95. 

  95. 		return a != b;
    96. 

  96. 	_sHT_neq(a, b, correct);
    97. 

  97. 	return 0;
    98. 

  98. correct:
    99. 

  99. 	return 1;
    100. 

  100. }
    101. 

  101. 

  102. /** @var{a} < 0? (signed)
    103. 

  103.   The fall-through case should be the most likely. */
    104. 

  104. __attribute__((always_inline))
    105. 

  105. static inline _Bool
    106. 

  106. sHT_lt0(intmax_t a)
    107. 

  107. {
    108. 

  108. 	if (sHT_constant_p(a < 0))
    109. 

  109. 		return a < 0;
    110. 

  110. 	_sHT_lt0(a, correct);
    111. 

  111. 	return 0;
    112. 

  112. correct:
    113. 

  113. 	return 1;
    114. 

  114. }
    115. 

  115. 

  116. /** @var{a} == 0?
    117. 

  117.   The fall-through case should be the most likely. */
    118. 

  118. __attribute__((always_inline))
    119. 

  119. static inline _Bool
    120. 

  120. sHT_zero_p(uintmax_t a)
    121. 

  121. {
    122. 

  122. 	if (sHT_constant_p(a == 0))
    123. 

  123. 		return a == 0;
    124. 

  124. 	_sHT_zero_p(a, correct);
    125. 

  125. 	return 0;
    126. 

  126. correct:
    127. 

  127. 	return 1;
    128. 

  128. }
    129. 

  129. 

  130. /** @var{a} != 0?
    131. 

  131.   The fall-through case should be the most likely. */
    132. 

  132. __attribute__((always_inline))
    133. 

  133. static inline _Bool
    134. 

  134. sHT_nonzero_p(uintmax_t a)
    135. 

  135. {
    136. 

  136. 	if (sHT_constant_p(a != 0))
    137. 

  137. 		return a != 0;
    138. 

  138. 	_sHT_nonzero_p(a, correct);
    139. 

  139. 	return 0;
    140. 

  140. correct:
    141. 

  141. 	return 1;
    142. 

  142. }
    143. 

  143. 

  144. 

  145. /** @var{a} == @var{b}? Both are pointers.
    146. 

  146.   The fall-through case should be the most likely. */
    147. 

  147. __attribute__((always_inline))
    148. 

  148. static inline _Bool
    149. 

  149. sHT_eq_pointer(void *a, void *b)
    150. 

  150. {
    151. 

  151. 	if (sHT_constant_p(a == b))
    152. 

  152. 		return a == b;
    153. 

  153. 	_sHT_eq(a, b, correct);
    154. 

  154. 	return 0;
    155. 

  155. correct:
    156. 

  156. 	return 1;
    157. 

  157. }
    158. 

  158. 

  159. /** @var{a} == NULL?
    160. 

  160.   The fall-through case should be the most likely. */
    161. 

  161. __attribute__((always_inline))
    162. 

  162. static inline _Bool
    163. 

  163. sHT_null_p(void *a)
    164. 

  164. {
    165. 

  165. 	if (sHT_constant_p(a == NULL))
    166. 

  166. 		return 1;
    167. 

  167. 	_sHT_zero_p(a, correct);
    168. 

  168. 	return 0;
    169. 

  169. correct:
    170. 

  170. 	return 1;
    171. 

  171. }
    172. 

  172. 

  173. /** @var{a} & @var{b} != 0?
    174. 

  174.   The fall-through case should be the most likely. */
    175. 

  175. __attribute__((always_inline))
    176. 

  176. static inline _Bool
    177. 

  177. sHT_and_any(uintmax_t a, uintmax_t b)
    178. 

  178. {
    179. 

  179. 	if (sHT_constant_p((a & b) != 0))
    180. 

  180. 		return (a & b) != 0;
    181. 

  181. 	_sHT_and_any_p(a, b, correct);
    182. 

  182. 	return 0;
    183. 

  183. correct:
    184. 

  184. 	return 1;
    185. 

  185. }
    186. 

  186. 

  187. /** @var{a} & @var{b} == 0?
    188. 

  188.   The fall-through case should be the most likely. */
    189. 

  189. __attribute__((always_inline))
    190. 

  190. static inline _Bool
    191. 

  191. sHT_and_none(uintmax_t a, uintmax_t b)
    192. 

  192. {
    193. 

  193. 	if (sHT_constant_p((a & b) == 0))
    194. 

  194. 		return (a & b) == 0;
    195. 

  195. 	_sHT_and_none_p(a, b, correct);
    196. 

  196. 	return 0;
    197. 

  197. correct:
    198. 

  198. 	return 1;
    199. 

  199. }
    200. 

  200. 

  201. #endif
    202. 

  202.