[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-c675ba31-4807-4333-b4b4-5ab176185549":3,"$fNLb65fy0I65yCzfVSgScDvL28GcQitWe1HuR7ekLODg":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"c675ba31-4807-4333-b4b4-5ab176185549","constant-time-analysis","分析加密代码以检测通过执行时序变化泄露秘密数据的行为。","cat_life_career","mod_other","sickn33,other","---\nname: constant-time-analysis\ndescription: \"Analyze cryptographic code to detect operations that leak secret data through execution timing variations.\"\nrisk: unknown\nsource: community\n---\n\n# Constant-Time Analysis\n\nAnalyze cryptographic code to detect operations that leak secret data through execution timing variations.\n\n## When to Use\n```text\nUser writing crypto code? ──yes──> Use this skill\n         │\n         no\n         │\n         v\nUser asking about timing attacks? ──yes──> Use this skill\n         │\n         no\n         │\n         v\nCode handles secret keys\u002Ftokens? ──yes──> Use this skill\n         │\n         no\n         │\n         v\nSkip this skill\n```\n\n**Concrete triggers:**\n\n- User implements signature, encryption, or key derivation\n- Code contains `\u002F` or `%` operators on secret-derived values\n- User mentions \"constant-time\", \"timing attack\", \"side-channel\", \"KyberSlash\"\n- Reviewing functions named `sign`, `verify`, `encrypt`, `decrypt`, `derive_key`\n\n## When NOT to Use\n\n- Non-cryptographic code (business logic, UI, etc.)\n- Public data processing where timing leaks don't matter\n- Code that doesn't handle secrets, keys, or authentication tokens\n- High-level API usage where timing is handled by the library\n\n## Language Selection\n\nBased on the file extension or language context, refer to the appropriate guide:\n\n| Language   | File Extensions                   | Guide                                                    |\n| ---------- | --------------------------------- | -------------------------------------------------------- |\n| C, C++     | `.c`, `.h`, `.cpp`, `.cc`, `.hpp` | references\u002Fcompiled.md         |\n| Go         | `.go`                             | references\u002Fcompiled.md         |\n| Rust       | `.rs`                             | references\u002Fcompiled.md         |\n| Swift      | `.swift`                          | references\u002Fswift.md               |\n| Java       | `.java`                           | references\u002Fvm-compiled.md   |\n| Kotlin     | `.kt`, `.kts`                     | references\u002Fkotlin.md             |\n| C#         | `.cs`                             | references\u002Fvm-compiled.md   |\n| PHP        | `.php`                            | references\u002Fphp.md                   |\n| JavaScript | `.js`, `.mjs`, `.cjs`             | references\u002Fjavascript.md     |\n| TypeScript | `.ts`, `.tsx`                     | references\u002Fjavascript.md     |\n| Python     | `.py`                             | references\u002Fpython.md             |\n| Ruby       | `.rb`                             | references\u002Fruby.md                 |\n\n## Quick Start\n\n```bash\n# Analyze any supported file type\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py \u003Csource_file>\n\n# Include conditional branch warnings\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --warnings \u003Csource_file>\n\n# Filter to specific functions\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --func 'sign|verify' \u003Csource_file>\n\n# JSON output for CI\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --json \u003Csource_file>\n```\n\n### Native Compiled Languages Only (C, C++, Go, Rust)\n\n```bash\n# Cross-architecture testing (RECOMMENDED)\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --arch x86_64 crypto.c\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --arch arm64 crypto.c\n\n# Multiple optimization levels\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --opt-level O0 crypto.c\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --opt-level O3 crypto.c\n```\n\n### VM-Compiled Languages (Java, Kotlin, C#)\n\n```bash\n# Analyze Java bytecode\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py CryptoUtils.java\n\n# Analyze Kotlin bytecode (Android\u002FJVM)\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py CryptoUtils.kt\n\n# Analyze C# IL\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py CryptoUtils.cs\n```\n\nNote: Java, Kotlin, and C# compile to bytecode (JVM\u002FCIL) that runs on a virtual machine with JIT compilation. The analyzer examines the bytecode directly, not the JIT-compiled native code. The `--arch` and `--opt-level` flags do not apply to these languages.\n\n### Swift (iOS\u002FmacOS)\n\n```bash\n# Analyze Swift for native architecture\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py crypto.swift\n\n# Analyze for specific architecture (iOS devices)\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --arch arm64 crypto.swift\n\n# Analyze with different optimization levels\nuv run {baseDir}\u002Fct_analyzer\u002Fanalyzer.py --opt-level O0 crypto.swift\n```\n\nNote: Swift compiles to native code like C\u002FC++\u002FGo\u002FRust, so it uses assembly-level analysis and supports `--arch` and `--opt-level` flags.\n\n### Prerequisites\n\n| Language               | Requirements                                              |\n| ---------------------- | --------------------------------------------------------- |\n| C, C++, Go, Rust       | Compiler in PATH (`gcc`\u002F`clang`, `go`, `rustc`)           |\n| Swift                  | Xcode or Swift toolchain (`swiftc` in PATH)               |\n| Java                   | JDK with `javac` and `javap` in PATH                      |\n| Kotlin                 | Kotlin compiler (`kotlinc`) + JDK (`javap`) in PATH       |\n| C#                     | .NET SDK + `ilspycmd` (`dotnet tool install -g ilspycmd`) |\n| PHP                    | PHP with VLD extension or OPcache                         |\n| JavaScript\u002FTypeScript  | Node.js in PATH                                           |\n| Python                 | Python 3.x in PATH                                        |\n| Ruby                   | Ruby with `--dump=insns` support                          |\n\n**macOS users**: Homebrew installs Java and .NET as \"keg-only\". You must add them to your PATH:\n\n```bash\n# For Java (add to ~\u002F.zshrc)\nexport PATH=\"\u002Fopt\u002Fhomebrew\u002Fopt\u002Fopenjdk@21\u002Fbin:$PATH\"\n\n# For .NET tools (add to ~\u002F.zshrc)\nexport PATH=\"$HOME\u002F.dotnet\u002Ftools:$PATH\"\n```\n\nSee references\u002Fvm-compiled.md for detailed setup instructions and troubleshooting.\n\n## Quick Reference\n\n| Problem                | Detection                       | Fix                                          |\n| ---------------------- | ------------------------------- | -------------------------------------------- |\n| Division on secrets    | DIV, IDIV, SDIV, UDIV           | Barrett reduction or multiply-by-inverse     |\n| Branch on secrets      | JE, JNE, BEQ, BNE               | Constant-time selection (cmov, bit masking)  |\n| Secret comparison      | Early-exit memcmp               | Use `crypto\u002Fsubtle` or constant-time compare |\n| Weak RNG               | rand(), mt_rand, Math.random    | Use crypto-secure RNG                        |\n| Table lookup by secret | Array subscript on secret index | Bit-sliced lookups                           |\n\n## Interpreting Results\n\n**PASSED** - No variable-time operations detected.\n\n**FAILED** - Dangerous instructions found. Example:\n\n```text\n[ERROR] SDIV\n  Function: decompose_vulnerable\n  Reason: SDIV has early termination optimization; execution time depends on operand values\n```\n\n## Verifying Results (Avoiding False Positives)\n\n**CRITICAL**: Not every flagged operation is a vulnerability. The tool has no data flow analysis - it flags ALL potentially dangerous operations regardless of whether they involve secrets.\n\nFor each flagged violation, ask: **Does this operation's input depend on secret data?**\n\n1. **Identify the secret inputs** to the function (private keys, plaintext, signatures, tokens)\n\n2. **Trace data flow** from the flagged instruction back to inputs\n\n3. **Common false positive patterns**:\n\n   ```c\n   \u002F\u002F FALSE POSITIVE: Division uses public constant, not secret\n   int num_blocks = data_len \u002F 16;  \u002F\u002F data_len is length, not content\n\n   \u002F\u002F TRUE POSITIVE: Division involves secret-derived value\n   int32_t q = secret_coef \u002F GAMMA2;  \u002F\u002F secret_coef from private key\n   ```\n\n4. **Document your analysis** for each flagged item\n\n### Quick Triage Questions\n\n| Question                                          | If Yes                | If No                 |\n| ------------------------------------------------- | --------------------- | --------------------- |\n| Is the operand a compile-time constant?           | Likely false positive | Continue              |\n| Is the operand a public parameter (length, count)?| Likely false positive | Continue              |\n| Is the operand derived from key\u002Fplaintext\u002Fsecret? | **TRUE POSITIVE**     | Likely false positive |\n| Can an attacker influence the operand value?      | **TRUE POSITIVE**     | Likely false positive |\n\n## Limitations\n\n1. **Static Analysis Only**: Analyzes assembly\u002Fbytecode, not runtime behavior. Cannot detect cache timing or microarchitectural side-channels.\n\n2. **No Data Flow Analysis**: Flags all dangerous operations regardless of whether they process secrets. Manual review required.\n\n3. **Compiler\u002FRuntime Variations**: Different compilers, optimization levels, and runtime versions may produce different output.\n\n## Real-World Impact\n\n- **KyberSlash (2023)**: Division instructions in post-quantum ML-KEM implementations allowed key recovery\n- **Lucky Thirteen (2013)**: Timing differences in CBC padding validation enabled plaintext recovery\n- **RSA Timing Attacks**: Early implementations leaked private key bits through division timing\n\n## References\n\n- [Cryptocoding Guidelines](https:\u002F\u002Fgithub.com\u002Fveorq\u002Fcryptocoding) - Defensive coding for crypto\n- [KyberSlash](https:\u002F\u002Fkyberslash.cr.yp.to\u002F) - Division timing in post-quantum crypto\n- [BearSSL Constant-Time](https:\u002F\u002Fwww.bearssl.org\u002Fconstanttime.html) - Practical constant-time techniques\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,190,1069,"2026-05-16 13:12:47",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"560ac162-5688-4dca-a3c4-78cbd1fb2260","1.0.0","constant-time-analysis.zip",3440,"uploads\u002Fskills\u002Fc675ba31-4807-4333-b4b4-5ab176185549\u002Fconstant-time-analysis.zip","317d5bd7ac06f2f927bac9a141a2787a73669c658c655b0d8b9d1ed21e793ed6","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":9446}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]