lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 12 Feb 2013 11:23:29 +0100
From:	Florian Weimer <fw@...eb.enyo.de>
To:	Daniel Borkmann <borkmann@...earbox.net>
Cc:	gregkh@...uxfoundation.org, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] lib: memcmp_nta: add timing-attack secure memcmp

* Daniel Borkmann:

> On 02/11/2013 08:00 PM, Florian Weimer wrote:
>> * Daniel Borkmann:
>
> Thanks for your feedback, Florian!
>
>>> + * memcmp_nta - memcmp that is secure against timing attacks
>>
>> It's not providing an ordering, so it should not have "cmp" in the
>> name.
>
> I agree. What would you suggest? Probably, it would make sense to
> integrate this into the Linux crypto API and name it sth like ...
>
>   crypto_mem_verify(const void *,const void *,__kernel_size_t)
>
> ... which returns:
>
>   == 0 - mem regions equal each other
>   != 0 - mem regions do not equal each other

crypto_mem_equal or crypto_mem_equals should be fine.  Or anything
else which matches an existing function name with similar function.

>>> +	for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--)
>>> +		res |= (*su1 ^ *su2);
>>
>> The compiler could still short-circuit this loop.  Unlikely at
>> present, but this looks like a maintenance hazard.
>
> So then better we leave out '|' as a possible candidate and rewrite it as:
>
> +	for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--)
> +		res += (*su1 ^ *su2);

That will cause false matches for long inputs.

If we had only four platforms to support, I would write this function
in assembler because it will be considerably easier to read.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ