[tor-bugs] #3122 [Tor Client]: Write and use constant-time comparison functions

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat May 7 04:40:40 UTC 2011 

#3122: Write and use constant-time comparison functions
-------------------------+--------------------------------------------------
 Reporter:  rransom      |          Owner:  ioerror
     Type:  enhancement  |         Status:  new    
 Priority:  major        |      Milestone:         
Component:  Tor Client   |        Version:         
 Keywords:               |         Parent:         
   Points:               |   Actualpoints:         
-------------------------+--------------------------------------------------

Comment(by nickm):

 So here's what I'd suggest we do for starters:

 I. Memcmp

 1. Define a new tor_memcmp and a new tor_memneq.  Both should be data-
 independent.  Define a fast_memcmp that aliases the platform memcmp().
 That's just there so that any unadorned memcmp() in our code can be called
 "incorrect".
 2. Starting with 0.2.1, do a global search-and-replace for
 memcmp->tor_memcmp.  This should be automatable.
 3. Do a hand-search for cases where we use tor_memcmp for equality-
 checking only.  This should be most of them.  Replace them with
 tor_memneq.
 4. Identify cases that we think are performance-relevant and where we
 believe that data-dependence is safe.  Move those back to use fast_memcmp.
 5. In 0.2.2 and later, optimize the 16-byte, 20-byte, and 32-byte cases (I
 expect they come up a lot).

 II. String operations

 1. List all of our relevant string operations and figure out how to
 identify any high-risk class of users.  I think that 95% of our string
 operations are not on secret data, so we could say "string functions must
 not be called on secret stuff" or "string functions must not be called on
 stuff over the net" or something.
 2. Write data-independent variants of our string functions.
 3. Use them in some relatively easy-to-decide pattern.

 III. Other things

 We need to look for other kinds of operations that alter control flow
 based on sensitive information.  This includes at minimum auditing hash
 tables and lookup functions.  This will be an ongoing thing.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3122#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list