Re: little request :)

From:	Rouven Weßling	Date:	Thu, 06 Feb 2014 00:06:26 +0000
Subject:	Re: little request :)
References:	1 2 3	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi everyone,
hi Alex
On 05.02.2014, at 11:20, Pierre Joye <[email protected]> wrote:

> About the timing attack RFC, I have asked for some review and advice
> and here is a useful one already, thanks Alex :)
> 
> Please keep him as CC as I do not know if he is on this list.

First, thanks for getting that review. The more people who know their stuff look at this, the
better.

> I think a function like this is needed, but you're right: it'd need to
> be let's say more solid, and it should be specified which properties are
> guaranteed and to what extent (tricky!)
> 
> As it is, it tries to hide the length of known_str, but it fails to do
> so at least because integer division is commonly not constant time.

I may just be blind, because it's getting late. I don't see any integer division
occurring. Only bitwise operations which, from my understanding, should all be constant time.

> Does zend_parse_parameters() figure out the string lengths in constant
> time?  I hope so.

As stas has already mentioned, yes it does. Strings are stored together with their length.

> Is MAX() implemented without branching?  Hardly.

It's not (for reference the code is below). I think the impact of this is reduced by the fact,
that unless the length is 0 always the same branch is used.

#ifndef MAX
# define MAX(a,b) ((a)<(b)?(b):(a))
#endif

> "Do not optimize this for speed." - this is merely a source code
> comment, and while it might work on humans, it won't work on C
> compilers, which may indeed try to optimize the code in various ways.
> Currently, C compilers are not known to optimize this specific construct
> in a dangerous way, but there's nothing preventing them from doing so.

The comment is directed at humans, who might want to touch it in undesirable ways in time to come.

As for C compilers, that's true. But I think that's an impossible problem to solve. We
could of course ship assembler versions, but I'm willing to bet we'll never cover all
platforms.

> Hiding a string length is really tricky, and only possible to a more
> limited extent than hiding byte value differences.

That's probably a good conclusion. I think we should just document this as potentially leaking
information about the length. If we do find ways to reduce this, by all means, we should take them.

Best regards
Rouven



   

Thread (42 messages)

• Pierre JoyeWed, 05 Feb 2014 10:20:27 +0000
  • Yasuo OhgakiWed, 05 Feb 2014 22:57:17 +0000
    • Pádraic BradyThu, 06 Feb 2014 00:42:29 +0000
      • Yasuo OhgakiThu, 06 Feb 2014 03:06:35 +0000
  • Stas MalyshevWed, 05 Feb 2014 23:00:10 +0000
  • Rouven WeßlingThu, 06 Feb 2014 00:06:26 +0000Re: little request :)
    • Tjerk MeestersThu, 06 Feb 2014 03:51:55 +0000
      • Yasuo OhgakiThu, 06 Feb 2014 04:53:29 +0000
    • Lester CaineThu, 06 Feb 2014 05:49:59 +0000
      • Pierre JoyeThu, 06 Feb 2014 05:55:20 +0000
      • Yasuo OhgakiThu, 06 Feb 2014 05:58:47 +0000
        • Lester CaineThu, 06 Feb 2014 23:18:51 +0000
          • Pádraic BradyThu, 06 Feb 2014 23:32:44 +0000
            • Tjerk MeestersFri, 07 Feb 2014 00:32:10 +0000
              • Yasuo OhgakiFri, 07 Feb 2014 01:01:45 +0000
            • Lester CaineFri, 07 Feb 2014 05:17:41 +0000
              • Sanford WhitemanFri, 07 Feb 2014 07:41:32 +0000
                • Pádraic BradyFri, 07 Feb 2014 10:54:16 +0000
              • Pádraic BradyFri, 07 Feb 2014 10:41:29 +0000
                • Lester CaineFri, 07 Feb 2014 11:20:08 +0000
                  • Lester CaineFri, 07 Feb 2014 22:10:12 +0000
                    • Sanford WhitemanFri, 07 Feb 2014 22:45:28 +0000
                    • Pádraic BradyFri, 07 Feb 2014 23:06:28 +0000
                      • Yasuo OhgakiSat, 08 Feb 2014 03:50:17 +0000
                    • Sanford WhitemanFri, 07 Feb 2014 23:56:29 +0000
                  • Sanford WhitemanFri, 07 Feb 2014 22:24:51 +0000
  • Solar DesignerThu, 06 Feb 2014 14:24:48 +0000Re: Fwd: little request :)
    • Yasuo OhgakiThu, 06 Feb 2014 21:45:41 +0000Re: Re: Fwd: little request :)
    • Pádraic BradyThu, 06 Feb 2014 23:44:58 +0000Re: Re: Fwd: little request :)
    • Tjerk MeestersMon, 10 Feb 2014 10:36:18 +0000Re: Re: Fwd: little request :)
      • Solar DesignerMon, 10 Feb 2014 11:45:22 +0000
      • Yasuo OhgakiMon, 10 Feb 2014 19:50:15 +0000
        • Yasuo OhgakiMon, 10 Feb 2014 20:09:42 +0000
        • Tjerk MeestersMon, 10 Feb 2014 23:55:41 +0000
          • Lester CaineTue, 11 Feb 2014 00:39:55 +0000
            • Robert ParkerTue, 11 Feb 2014 17:55:12 +0000
            • Robert ParkerTue, 11 Feb 2014 17:57:49 +0000
          • Solar DesignerTue, 11 Feb 2014 07:43:13 +0000
            • Yasuo OhgakiWed, 12 Feb 2014 09:39:32 +0000
              • Solar DesignerWed, 12 Feb 2014 12:47:33 +0000
                • Pierre JoyeWed, 12 Feb 2014 14:49:38 +0000
                  • Lester CaineWed, 12 Feb 2014 16:34:14 +0000