[Cryptography] Other obvious issues being ignored?

John-Mark Gurney jmg at funkthat.com
Wed Oct 21 17:13:13 EDT 2015


Bill Frantz wrote this message on Wed, Oct 21, 2015 at 07:26 -0700:
> On 10/20/15 at 8:40 PM, leichter at lrw.com (Jerry Leichter) wrote:
> 
> >I wonder how the NSA writes its security-related code?
> 
> Assembler is your friend.

I really don't want to do register allocation by hand, and you can't
use inline assembly in C, because clang is known to look into inline
assembly and optimize it...

> With fewer hardware architectures now than in the past, it is 
> actually practical to write separate assembler routines for each 
> architecture to perform simple tasks like clearing sensitive data.

That's one minor aspect, and assumes that the C function doesn't
do odd things w/ the data...

> With RISC architectures it is probably impossible to write code 
> which keeps sensitive data out of registers and therefore out of 
> kernel memory on task switch. Is it possible on the X86 
> architecture? In any case, assembler will offer higher assurance 
> of what the code actually does than any compiled language.
> 
> The key here is to keep the assembler code simple enough that 
> you can get reasonable assurance of correctness. Saying 

Having looked at the SHA-256 (SSE4) or AES-GCM (AES-NI) implementions
in assembly, they are not simple at all...  nasm/yasm helps a bit
with this, but still, not nearly that easy...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the cryptography mailing list