TIMECOP
/ crypto_verify

Primitives for crypto_verify

This page lists all primitives grouped under operation crypto_verify.

For each primitive, all listed implementations were checked across a number of compilers, compiler options, and hosts.

The progress bar shows the relative number of successes, fails, and errors:

  • Success. The constant-time checker didn't find any cases where the execution time of the tested code depends on secret data.
  • Fail. The execution time of the tested code depends on secret data.
  • Error.

Errors can have multiple causes:
  • The constant-time checker encountered an error and couldn't be completed.
  • Valgrind found memory issues, but none of them are related to constant-time checks.
  • The constant-time checker timed out after 6 minutes.
  • The tested code produced invalid results. More details can be found near the start of the output file. Example:
    crypto_aead_decrypt returns nonzero 

The absolute number of successes, fails, and errors is shown to the left of the progress bar.

The following code was used to flag secret data, and test implementations:

1void timecop_doit(void)
2{
3 poison(x, crypto_verify_BYTES);
4 poison(y, crypto_verify_BYTES);
5 doit();
6 unpoison(x, crypto_verify_BYTES);
7 unpoison(y, crypto_verify_BYTES);
8}

Click an implementation to see all checked compiler options.

16
Implementations:
32
Implementations: