On 4/20/21, Miles Rout <miles_AT_rout.nz> wrote:
> We'd all be better off if we focused our efforts on tools to make C
> programming better. I was thinking today about how useful it would be
> to have a way to indicate that a particular variable shouldn't be able
> to impact the running time of a function for cryptography purposes.
> (Generally, the control flow, resource use or running time of
> cryptography-related functions shouldn't depend on secret values, as
> those all have the potential to become side channels). If a compiler or
> compiler plugin recognised such a directive, it could ensure it didn't
> destroy that property. A static analysis tool could check the resulting
> object code and warn you. Other tools could verify it with randomised
> automated testing, etc.
It would also be useful to be able to indicate that a variable's
value, and values computed from it, must not be left in memory or
registers to be picked up later by misbehaving code or debuggers.
> Generally speaking, these things would be better off as unobtrusive
> extensions to C, able to be ignored by a compiler or other tool without
> affecting the meaning of the code to retain compatibility. Rust has
> many good ideas but it's just not trendy to implement those ideas in C
> sadly.
LLVM and Rust are well-funded. Funding is what attracts the 'trendy'
community, for good and ill.
Received on Wed May 12 2021 - 23:36:09 CEST
This archive was generated by hypermail 2.3.0
: Thu May 13 2021 - 03:24:08 CEST