This page lists tools for testing and verification of constant-timeness of programs. The table is based mostly on the work in “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks and “These results must be false”: A usability evaluation of constant-time analysis tools with addition of more tools. Each tool has its own page with more information and resources, sometimes even a tutorial on using the tool.
There are currently {{ site.tools.size }} tools in the table.
{% assign tools = site.tools | sort_natural: "title" %} {% for tool in tools %} {% assign tutorials = site.tutorials | where: "title", tool.title %} {% endfor %}| Name | Year | Target | Technique | Guarantees | Tutorial |
|---|---|---|---|---|---|
| {{ tool.title }} | {{ tool.year }} | {{ tool.target }} | {{ tool.technique }} | {{ tool.guarantees }} | {% if tutorials and tutorials.size > 0 %}yes{% endif %} |
Note that the claims w.r.t. guarantees in this table are best effort and may be wrong. Many tools do not claim any guarantees about their analysis.
The following list constains short snippets of C code that exhibit constant-time (or not) behavior and can be useful for testing constant-timeness verification tools, or learning how to use them.
{% assign examples = site.examples | sort_natural: "title" %}
-
{% for example in examples %}
- {{ example.title }}.c ({% if example.ct == "depends" %}depends{% elsif example.ct %}CT{% else %}non-CT{% endif %}) {% endfor %}
The resources below can be helpful if you are seeking more information on these tools or constant-time code in general.
- Blog: The state of tooling for verifying constant-timeness of cryptographic implementations
Constitutes a precursor to this site, some reasoning for the classification used on this site is given there. - “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks
Presents a survey done among cryptographic library developers into their view on timing attacks, their mitigation and constant-timeness analysis tools. - “These results must be false”: A usability evaluation of constant-time analysis tools
Presents a user study evaluating the usability of some constant-timeness analysis tools: Binsec, ct-verif, dudect, valgrind, MemSan, haybale-pitchfork. - A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries
Presents a thorough and systematic classification of 34 constant-timeness analysis tools. - Blog: Testing constant-timeness using Valgrind: case of the NSS library
Case study on using Valgrind for constant-timeness analysis of the NSS library. - Blog: Constant-time code verification with Memory Sanitizer
Case study on using MemSan for constant-timeness analysis.
The articles below mostly discuss the role of compilers in introducing (and potentially mitigating) timing leaks.
- What you get is what you C: Controlling side effects in mainstream C compilers
- Breaking Bad: How Compilers Break Constant-Time Implementations
- Clang vs. Clang: You're making Clang angry. You wouldn't like Clang when it's angry.
- Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs
