[Cryptography] Validating large code cleanups using git and objdiff, was: Re: RFC possible changes for Linux random device

Jason Cooper cryptography at lakedaemon.net
Sun Sep 14 01:05:27 EDT 2014


On Sat, Sep 13, 2014 at 08:40:52PM -0400, Theodore Ts'o wrote:
> P.S.  It may help if you think of what hints you might give an NSA
> agent who is trying to contribute in a Kleptographic trojan horse into
> an open source project.  How would you do that?  Bury the change in a
> thousand line patch.  Change whitespace all over the space to further
> obfuscate the deadly change.  Etc.  Then do the exact opposite.  :-)

That's why I wrote ./scripts/objdiff.  I wanted to add skein/threefish
to the kernel, starting with an established code base.  Huge whitespace
changes were necessary to convert it to the kernel coding style.  I sent
it through the staging tree since it's for drivers requiring a lot of
cleanup.

You can see the series with (newest on top):

$ git log --oneline -- drivers/staging/skein/
df37d1ac58d9 staging: skein: fix sparse warning for static arrays
7eb843aa5050 staging: skein: fix sparse warning for static declarations
007dfe5ad6d0 staging/skein: variable/member name cleanup
a82100e78cdf staging/skein: comment typos
0109ce7304af staging/skein: move all threefish block functions to one file
85dfd522f885 staging/skein: rename files and clean up directory structure
0264b7b7fb44 staging: crypto: skein: rename macros
9435d3ace68a staging: crypto: skein: rename enums
3201b7f25e3b staging: crypto: skein: rename skein1024_ctx to skein_1024_ctx
95f1840a7e76 staging: crypto: skein: rename camelcase vars
68ace624a6cd staging: crypto: skein: rename camelcase functions
6559e221a187 staging: crypto: skein: depend upon CRYPTO
c5ace7bf7a4d staging: crypto: skein: add TODO file
fc9824747c20 staging: crypto: skein: remove unnecessary line continuation
7584a878712c staging: crypto: skein: remove braces from single-statement block
906b492e770d staging: crypto: skein: remove externs from .c files
522e358d2d4f staging: crypto: skein: wrap multi-line macros in do-while loops
161a2afdf50a staging: crypto: skein: fix brace placement errors
51cc00fd1eb0 staging: crypto: skein: fix do/while brace formatting
60eb817520c9 staging: crypto: skein: cleanup >80 character lines
06a620f09ec4 staging: crypto: skein: remove trailing whitespace
39bd42b0855f staging: crypto: skein: fix leading whitespace
e6d336f5c68c staging: crypto: skein: dos2unix, remove executable perms
a0d5dd843235 staging: crypto: skein: cleanup whitespace around operators/punc.
cd4811a64cbb staging: crypto: skein: fixup pointer whitespace
b9761ccb553a staging: crypto: skein: use u8, u64 vice uint*_t
11d9ffb2caec staging: crypto: skein: remove all typedef {struct, enum}
2ab31bba2d7c staging: crypto: skein: remove unneeded typedefs
8eee37872e84 staging: crypto: skein: remove __cplusplus and an unneeded stddef.h
da13dfd7e6e7 staging: crypto: skein: remove skein_port.h
5057bbbe74a0 staging: crypto: skein: remove brg_*.h includes
c2c7426bfcf2 staging: crypto: skein: allow building statically
449bb8125e3f staging: crypto: skein: import code from Skein3Fish.git

To verify the series:
  1) checkout the first one (449bb8125e3f) and verify the sha256sums
     listed in the commit message
  2) checkout the second commit (c2c7426bfcf2) that allows building
     within the tree, and audit the commit by hand
  3) follow the instructions in the comments of objdiff to validate the
     series doesn't change the generated object code.  You'll start with
     the second commit (c2c7426bfcf2) and work your way up to my last
     commit, 0264b7b7fb44.

In the future, I'm looking at enhancing radare2's [1] rdiff tool to
output a normal looking diff (red=remove,green=add) with the enhancement
that identical object code with different addresses be in yellow.  Then
I'll add recording the object file itself to objdiff.  This should allow
an auditor to validate code changes even when linking order or renames
occur (85dfd522f885, 0109ce7304af above).

As for skein/threefish, it's still a work-in-progress, as time permits
:-P  Patches welcome.

thx,

Jason.

Caution: Some toolnames NSFW :)
[1] https://github.com/radare/radare2.git


More information about the cryptography mailing list