open-quantum-safe / liboqs

C library for prototyping and experimenting with quantum-resistant cryptography
https://openquantumsafe.org/
Other
1.89k stars 462 forks source link

CI tooling for variable-time operations on some platforms #1639

Open dstebila opened 10 months ago

dstebila commented 10 months ago

Is there any tooling available that would have allowed us to detect #1631 and #1636?

SWilson4 commented 10 months ago

Preserving @cryptojedi's input (via @dstebila) so it doesn't get buried in a (hopefully) soon-to-be-merged PR.

I checked with @cryptojedi and he says that after this there shouldn't be any operations of the form /KYBER_Q left in the source code -- we could consider a CI test that grep's for those. He also writes that one could compile with -Os and then check if the output has an DIV instructions.

https://github.com/open-quantum-safe/liboqs/pull/1649#issuecomment-1877204914