From 664916e815ac445829bbb15deadfbf16bcbde786 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Thu, 16 May 2019 13:17:36 +0930
Subject: [PATCH] bitcoin/test: fix up constant time test for secret_eq.

We check that memcmp *isn't* constant time, but that's only true under
-O2 or above: __OPTIMIZE__ doesn't distinguish.

So we need a finer-grained test.  Also reduce verbosity by default.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 bitcoin/test/Makefile                  |  2 ++
 bitcoin/test/run-secret_eq_consttime.c | 28 ++++++++++++++------------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/bitcoin/test/Makefile b/bitcoin/test/Makefile
index 9d33d7c76..b16cd4837 100644
--- a/bitcoin/test/Makefile
+++ b/bitcoin/test/Makefile
@@ -10,6 +10,8 @@ $(BITCOIN_TEST_OBJS): $(CCAN_HEADERS) $(BITCOIN_HEADERS) $(BITCOIN_SRC)
 ALL_TEST_PROGRAMS += $(BITCOIN_TEST_PROGRAMS)
 ALL_OBJS += $(BITCOIN_TEST_PROGRAMS:=.o)
 
+# This needs to know what level of optimization we're using.
+bitcoin/test/run-secret_eq_consttime.o: CFLAGS += -DCOPTFLAGS="\"${COPTFLAGS}\""
 update-mocks: $(BITCOIN_TEST_SRC:%=update-mocks/%)
 
 check: $(BITCOIN_TEST_PROGRAMS:%=unittest/%)
diff --git a/bitcoin/test/run-secret_eq_consttime.c b/bitcoin/test/run-secret_eq_consttime.c
index 0c803c631..7dd7df0b1 100644
--- a/bitcoin/test/run-secret_eq_consttime.c
+++ b/bitcoin/test/run-secret_eq_consttime.c
@@ -6,6 +6,7 @@
 
 /* AUTOGENERATED MOCKS START */
 /* AUTOGENERATED MOCKS END */
+static bool verbose = false;
 
 #define RUNS (256 * 10000)
 static struct timerel const_time_test(struct secret *s1,
@@ -82,9 +83,10 @@ static bool secret_time_test(struct timerel (*test)(struct secret *s1,
 	free(s1);
 	free(s2);
 
-	printf("First byte %u psec vs last byte %u psec\n",
-	       (int)time_to_nsec(time_divide(firstbyte_time, RUNS / 1000)),
-	       (int)time_to_nsec(time_divide(lastbyte_time, RUNS / 1000)));
+	if (verbose)
+		printf("First byte %u psec vs last byte %u psec\n",
+		       (int)time_to_nsec(time_divide(firstbyte_time, RUNS/1000)),
+		       (int)time_to_nsec(time_divide(lastbyte_time, RUNS/1000)));
 
 	/* If they differ by more than 5%, get upset. */
 	if (time_less(firstbyte_time, lastbyte_time))
@@ -120,17 +122,17 @@ int main(void)
 	if (success < i/2)
 		errx(1, "Only const time %u/%u?", success, i);
 
-	/* This, should show measurable differences at least 1/2 the time. */
-	success = 0;
-	for (i = 0; i < 10; i++)
-		success += secret_time_test(nonconst_time_test, false);
-
-	printf("=> More than 5%% slower %u/%u times\n", success, i);
 	/* This fails without -O2 or above, at least here (x86 Ubuntu gcc 7.3) */
-#ifdef __OPTIMIZE__
-	if (success < i/2)
-		errx(1, "memcmp seemed const time %u/%u?", success, i);
-#endif
+	if (strstr(COPTFLAGS, "-O2") || strstr(COPTFLAGS, "-O3")) {
+		/* Should show measurable differences at least 1/2 the time. */
+		success = 0;
+		for (i = 0; i < 10; i++)
+			success += secret_time_test(nonconst_time_test, false);
+
+		printf("=> More than 5%% slower %u/%u times\n", success, i);
+		if (success < i/2)
+			errx(1, "memcmp seemed const time %u/%u?", success, i);
+	}
 
 	return 0;
 }