Testing constant-timeness using Valgrind: case of the NSS library
Cryptographic code needs to be constant-time to not leak secrets via timing. Being constant-time is usually defined as:
- No branching on secret-dependent values.
- No memory access based on secret-dependent values.
- No secret-dependent values given to some variable time functions.
There are a few ways of testing or verifying that code is constant-time, for example using the tools I described in a previous post. In this post I looked at using Valgrind’s memcheck tool to test constant-timeness of primitives in the NSS cryptographic library.