隨筆-162 評論-223 文章-30 trackbacks-0

談兩個問題：高性能與安全性

先談高性能：這里指代碼實現層面（非數學優化層面），使用寄存器優化，即主密鑰/輪密鑰、敏感數據比如中間/臨時變量必須存于寄存器，明文/密文放在內存（若有夠用的寄存器則放寄存器），主密鑰用特權寄存器（為支持長期存儲，比如調試寄存器、MSR寄存器），輪密鑰和敏感數據用通用寄存器。那么怎么做？穩妥快捷的方法是用匯編或內聯匯編，手工編排寄存器即構建密鑰與敏感數據到寄存器集合的映射，若用普通的匯編指令，則寄存器的映射比較自由；若用專用的加密指令，則映射相對受限。如果用高級語言比如c/c++開發，問題在于register關鍵字非強制生效，即使強制的，編譯器優化（比如公共子表達式消除）產生的中間變量及寄存器分配策略不完全可控，需要修改編譯器比如LLVM強制某些變量必須分配(特定的)寄存器，為通用性要從編程語言語法屬性到目標機器代碼生成都改動支持，這個方法實現成本有點大。下面是摘自LLVM X86RegisterInfo.td的部分寄存器

1 // 32-bit registers
  2 let SubRegIndices = [sub_16bit, sub_16bit_hi], CoveredBySubRegs = 1 in {
  3 def EAX : X86Reg<"eax", 0, [AX, HAX]>, DwarfRegNum<[-2, 0, 0]>;
  4 def EDX : X86Reg<"edx", 2, [DX, HDX]>, DwarfRegNum<[-2, 2, 2]>;
  5 def ECX : X86Reg<"ecx", 1, [CX, HCX]>, DwarfRegNum<[-2, 1, 1]>;
  6 def EBX : X86Reg<"ebx", 3, [BX, HBX]>, DwarfRegNum<[-2, 3, 3]>;
  7 def ESI : X86Reg<"esi", 6, [SI, HSI]>, DwarfRegNum<[-2, 6, 6]>;
  8 def EDI : X86Reg<"edi", 7, [DI, HDI]>, DwarfRegNum<[-2, 7, 7]>;
  9 def EBP : X86Reg<"ebp", 5, [BP, HBP]>, DwarfRegNum<[-2, 4, 5]>;
10 def ESP : X86Reg<"esp", 4, [SP, HSP]>, DwarfRegNum<[-2, 5, 4]>;
11 def EIP : X86Reg<"eip", 0, [IP, HIP]>, DwarfRegNum<[-2, 8, 8]>;
12 }
13
14 // X86-64 only, requires REX
15 let SubRegIndices = [sub_16bit, sub_16bit_hi], CoveredBySubRegs = 1 in {
16 def R8D  : X86Reg<"r8d",   8, [R8W,R8WH]>;
17 def R9D  : X86Reg<"r9d",   9, [R9W,R9WH]>;
18 def R10D : X86Reg<"r10d", 10, [R10W,R10WH]>;
19 def R11D : X86Reg<"r11d", 11, [R11W,R11WH]>;
20 def R12D : X86Reg<"r12d", 12, [R12W,R12WH]>;
21 def R13D : X86Reg<"r13d", 13, [R13W,R13WH]>;
22 def R14D : X86Reg<"r14d", 14, [R14W,R14WH]>;
23 def R15D : X86Reg<"r15d", 15, [R15W,R15WH]>;
24 }
25
26 // 64-bit registers, X86-64 only
27 let SubRegIndices = [sub_32bit] in {
28 def RAX : X86Reg<"rax", 0, [EAX]>, DwarfRegNum<[0, -2, -2]>;
29 def RDX : X86Reg<"rdx", 2, [EDX]>, DwarfRegNum<[1, -2, -2]>;
30 def RCX : X86Reg<"rcx", 1, [ECX]>, DwarfRegNum<[2, -2, -2]>;
31 def RBX : X86Reg<"rbx", 3, [EBX]>, DwarfRegNum<[3, -2, -2]>;
32 def RSI : X86Reg<"rsi", 6, [ESI]>, DwarfRegNum<[4, -2, -2]>;
33 def RDI : X86Reg<"rdi", 7, [EDI]>, DwarfRegNum<[5, -2, -2]>;
34 def RBP : X86Reg<"rbp", 5, [EBP]>, DwarfRegNum<[6, -2, -2]>;
35 def RSP : X86Reg<"rsp", 4, [ESP]>, DwarfRegNum<[7, -2, -2]>;
36
37 // These also require REX.
38 def R8  : X86Reg<"r8",   8, [R8D]>,  DwarfRegNum<[ 8, -2, -2]>;
39 def R9  : X86Reg<"r9",   9, [R9D]>,  DwarfRegNum<[ 9, -2, -2]>;
40 def R10 : X86Reg<"r10", 10, [R10D]>, DwarfRegNum<[10, -2, -2]>;
41 def R11 : X86Reg<"r11", 11, [R11D]>, DwarfRegNum<[11, -2, -2]>;
42 def R12 : X86Reg<"r12", 12, [R12D]>, DwarfRegNum<[12, -2, -2]>;
43 def R13 : X86Reg<"r13", 13, [R13D]>, DwarfRegNum<[13, -2, -2]>;
44 def R14 : X86Reg<"r14", 14, [R14D]>, DwarfRegNum<[14, -2, -2]>;
45 def R15 : X86Reg<"r15", 15, [R15D]>, DwarfRegNum<[15, -2, -2]>;
46 def RIP : X86Reg<"rip",  0, [EIP]>,  DwarfRegNum<[16, -2, -2]>;
47 }
48

49 // XMM Registers, used by the various SSE instruction set extensions.
50 def XMM0: X86Reg<"xmm0", 0>, DwarfRegNum<[17, 21, 21]>;
51 def XMM1: X86Reg<"xmm1", 1>, DwarfRegNum<[18, 22, 22]>;
52 def XMM2: X86Reg<"xmm2", 2>, DwarfRegNum<[19, 23, 23]>;
53 def XMM3: X86Reg<"xmm3", 3>, DwarfRegNum<[20, 24, 24]>;
54 def XMM4: X86Reg<"xmm4", 4>, DwarfRegNum<[21, 25, 25]>;
55 def XMM5: X86Reg<"xmm5", 5>, DwarfRegNum<[22, 26, 26]>;
56 def XMM6: X86Reg<"xmm6", 6>, DwarfRegNum<[23, 27, 27]>;
57 def XMM7: X86Reg<"xmm7", 7>, DwarfRegNum<[24, 28, 28]>;
58
59 // X86-64 only
60 def XMM8:  X86Reg<"xmm8",   8>, DwarfRegNum<[25, -2, -2]>;
61 def XMM9:  X86Reg<"xmm9",   9>, DwarfRegNum<[26, -2, -2]>;
62 def XMM10: X86Reg<"xmm10", 10>, DwarfRegNum<[27, -2, -2]>;
63 def XMM11: X86Reg<"xmm11", 11>, DwarfRegNum<[28, -2, -2]>;
64 def XMM12: X86Reg<"xmm12", 12>, DwarfRegNum<[29, -2, -2]>;
65 def XMM13: X86Reg<"xmm13", 13>, DwarfRegNum<[30, -2, -2]>;
66 def XMM14: X86Reg<"xmm14", 14>, DwarfRegNum<[31, -2, -2]>;
67 def XMM15: X86Reg<"xmm15", 15>, DwarfRegNum<[32, -2, -2]>;
68
69 def XMM16:  X86Reg<"xmm16", 16>, DwarfRegNum<[67, -2, -2]>;
70 def XMM17:  X86Reg<"xmm17", 17>, DwarfRegNum<[68, -2, -2]>;
71 def XMM18:  X86Reg<"xmm18", 18>, DwarfRegNum<[69, -2, -2]>;
72 def XMM19:  X86Reg<"xmm19", 19>, DwarfRegNum<[70, -2, -2]>;
73 def XMM20:  X86Reg<"xmm20", 20>, DwarfRegNum<[71, -2, -2]>;
74 def XMM21:  X86Reg<"xmm21", 21>, DwarfRegNum<[72, -2, -2]>;
75 def XMM22:  X86Reg<"xmm22", 22>, DwarfRegNum<[73, -2, -2]>;
76 def XMM23:  X86Reg<"xmm23", 23>, DwarfRegNum<[74, -2, -2]>;
77 def XMM24:  X86Reg<"xmm24", 24>, DwarfRegNum<[75, -2, -2]>;
78 def XMM25:  X86Reg<"xmm25", 25>, DwarfRegNum<[76, -2, -2]>;
79 def XMM26:  X86Reg<"xmm26", 26>, DwarfRegNum<[77, -2, -2]>;
80 def XMM27:  X86Reg<"xmm27", 27>, DwarfRegNum<[78, -2, -2]>;
81 def XMM28:  X86Reg<"xmm28", 28>, DwarfRegNum<[79, -2, -2]>;
82 def XMM29:  X86Reg<"xmm29", 29>, DwarfRegNum<[80, -2, -2]>;
83 def XMM30:  X86Reg<"xmm30", 30>, DwarfRegNum<[81, -2, -2]>;
84 def XMM31:  X86Reg<"xmm31", 31>, DwarfRegNum<[82, -2, -2]>;
85
86 // YMM0-15 registers, used by AVX instructions and
87 // YMM16-31 registers, used by AVX-512 instructions.
88 let SubRegIndices = [sub_xmm] in {
89   foreach  Index = 0-31 in {
90     def YMM#Index : X86Reg<"ymm"#Index, Index, [!cast("XMM"#Index)]>,
91                     DwarfRegAlias("XMM"#Index)>;
92   }
93 }
94
95 // ZMM Registers, used by AVX-512 instructions.
96 let SubRegIndices = [sub_ymm] in {
97   foreach  Index = 0-31 in {
98     def ZMM#Index : X86Reg<"zmm"#Index, Index, [!cast("YMM"#Index)]>,
99                     DwarfRegAlias("XMM"#Index)>;
100   }
101 }
102

103 // Debug registers
104 def DR0  : X86Reg<"dr0",   0>;
105 def DR1  : X86Reg<"dr1",   1>;
106 def DR2  : X86Reg<"dr2",   2>;
107 def DR3  : X86Reg<"dr3",   3>;
108 def DR4  : X86Reg<"dr4",   4>;
109 def DR5  : X86Reg<"dr5",   5>;
110 def DR6  : X86Reg<"dr6",   6>;
111 def DR7  : X86Reg<"dr7",   7>;
112 def DR8  : X86Reg<"dr8",   8>;
113 def DR9  : X86Reg<"dr9",   9>;
114 def DR10 : X86Reg<"dr10", 10>;
115 def DR11 : X86Reg<"dr11", 11>;
116 def DR12 : X86Reg<"dr12", 12>;
117 def DR13 : X86Reg<"dr13", 13>;
118 def DR14 : X86Reg<"dr14", 14>;
119 def DR15 : X86Reg<"dr15", 15>;
120

121 def GR32 : RegisterClass<"X86", [i32], 32,
122                          (add EAX, ECX, EDX, ESI, EDI, EBX, EBP, ESP,
123                               R8D, R9D, R10D, R11D, R14D, R15D, R12D, R13D)>;
124
125 // GR64 - 64-bit GPRs. This oddly includes RIP, which isn't accurate, since
126 // RIP isn't really a register and it can't be used anywhere except in an
127 // address, but it doesn't cause trouble.
128 // FIXME: it *does* cause trouble - CheckBaseRegAndIndexReg() has extra
129 // tests because of the inclusion of RIP in this register class.
130 def GR64 : RegisterClass<"X86", [i64], 64,
131                          (add RAX, RCX, RDX, RSI, RDI, R8, R9, R10, R11,
132                               RBX, R14, R15, R12, R13, RBP, RSP, RIP)>;

再談安全性：為保障安全就復雜了，由于密鑰及敏感數據存于寄存器，首先要防止寄存器交換/拷貝到內存（為避免讀取內存的冷啟動攻擊、基于cache的側信道攻擊）的一切可能因素，比如進程調度、由信號或異步中斷引起的處理器模式切換、系統休眠，如果在用戶態實現加解密，就避免不了被調度或切換，因為單核上不可能只運行加解密進程，所以得實現在內核態。這樣一來就要在加解密中禁止搶占與中斷，考慮到系統響應，禁止的粒度不能過大最小為一個分組，分組加解密前禁止搶占與中斷（比如調用linux內核接口preempt_disable、local_irq_save），解除禁止（比如調用linux內核接口preempt_enable、local_irq_restore）前必須清零寄存器。在系統休眠時，禁止寄存器復制到內存，休眠恢復時在所有用戶態進程恢復前執行密鑰初始化，同理系統啟動時的密鑰初始化也得在用戶態進程運行前執行。其次要防止其它用戶態進程/內核線程/中斷服務程序讀寫寄存器尤其特權寄存器（為避免用戶態或內核態rootkit），所以要修改內核，過濾相關系統調用比如linux的ptrace，過濾相關內核函數比如linux的native_set_debugreg/native_get_debugreg。對于不可屏蔽的中斷靠禁止是無效的，只能修改中斷處理程序避免寄存器中的密鑰數據被擴散到內存，比如在中斷處理函數入口處清零相關寄存器。綜上基于已知代碼修改的防御不能防御惡意加載/修改代碼之類的攻擊，比如動態安裝的內核模塊/驅動，但可有效防御冷啟動攻擊、只讀DMA攻擊、基于cache的側信道攻擊、用戶態權限的軟件攻擊、內核態的僅運行已有代碼的軟件攻擊

posted on 2023-11-09 16:39 春秋十二月閱讀(4566) 評論(0) 編輯收藏引用所屬分類: Algorithm

只有注冊用戶登錄后才能發表評論。
【推薦】100%開源！大型工業跨平臺軟件C++源碼提供，建模，組態！

相關文章: 關于分圓域的一般結論一個歐拉數整除問題的兩種證法有限域上的特征與指數和之擴展二元二次型的相似變換、正定性與正交分解關于群的一些結論及應用不定方程的代數數論解法關于橢圓曲線的驗證計算不可約多項式判別算法的改正論證有限域上平方根的求解求解離散對數問題的Terr算法

網站導航: 博客園 IT新聞 BlogJava 博問 Chat2DB 管理