The trick is to call Monocypher API with uninitialised buffers.
If Valgrind complains about uninitialised something, that means an array
index or a conditional jump depends on secret data.
Note that crypto_check() is not tested: that's because it doesn't even
try to be constant time.
Note that a couple tested functions do have secret dependent conditional
jumps. Those jumps however are just final checks, that just reveal
success or failure (and those are revealed anyway, as part as the
semantics of the function being tested).
Note that optimisations are disabled for the compilation of `ctgrind.c`
and the linking of `ctgrind.out`. This is an attempt to maximise
Valgrind's findings.
Also note that Valgrind seems to miss a secret dependent conditional
jump (it finds only one where we should have 2). But that may just be
Valgrind squashing the error report, instead of an actual miss.
projects / Monocypher.git / commit