:這里指代碼實(shí)現(xiàn)層面(非數(shù)學(xué)優(yōu)化層面),使用寄存器優(yōu)化,即主密鑰/輪密鑰、敏感數(shù)據(jù)比如中間/臨時(shí)變量必須存于寄存器,明文/密文放在內(nèi)存(若有夠用的寄存器則放寄存器),主密鑰用特權(quán)寄存器(為支持長(zhǎng)期存儲(chǔ),比如調(diào)試寄存器、MSR寄存器),輪密鑰和敏感數(shù)據(jù)用通用寄存器。那么怎么做?穩(wěn)妥快捷的方法是用匯編或內(nèi)聯(lián)匯編,手工編排寄存器即構(gòu)建密鑰與敏感數(shù)據(jù)到寄存器集合的映射,若用普通的匯編指令,則寄存器的映射比較自由;若用專用的加密指令,則映射相對(duì)受限。如果用高級(jí)語(yǔ)言比如c/c++開(kāi)發(fā),問(wèn)題在于
關(guān)鍵字非強(qiáng)制生效,即使強(qiáng)制的,編譯器優(yōu)化(比如公共子表達(dá)式消除)產(chǎn)生的中間變量及寄存器分配策略不完全可控,需要修改編譯器比如
強(qiáng)制某些變量必須分配(特定的)寄存器,為通用性要從編程語(yǔ)言語(yǔ)法屬性到目標(biāo)機(jī)器代碼生成都改動(dòng)支持,這個(gè)方法實(shí)現(xiàn)成本有點(diǎn)大。下面是摘自LLVM X86RegisterInfo.td的部分寄存器
1 // 32-bit registers
2 let SubRegIndices = [sub_16bit, sub_16bit_hi], CoveredBySubRegs = 1
in {
3 def EAX : X86Reg<"eax", 0, [AX, HAX]>, DwarfRegNum<[-2, 0, 0]>;
4 def EDX : X86Reg<"edx", 2, [DX, HDX]>, DwarfRegNum<[-2, 2, 2]>;
5 def ECX : X86Reg<"ecx", 1, [CX, HCX]>, DwarfRegNum<[-2, 1, 1]>;
6 def EBX : X86Reg<"ebx", 3, [BX, HBX]>, DwarfRegNum<[-2, 3, 3]>;
7 def ESI : X86Reg<"esi", 6, [SI, HSI]>, DwarfRegNum<[-2, 6, 6]>;
8 def EDI : X86Reg<"edi", 7, [DI, HDI]>, DwarfRegNum<[-2, 7, 7]>;
9 def EBP : X86Reg<"ebp", 5, [BP, HBP]>, DwarfRegNum<[-2, 4, 5]>;
10 def ESP : X86Reg<"esp", 4, [SP, HSP]>, DwarfRegNum<[-2, 5, 4]>;
11 def EIP : X86Reg<"eip", 0, [IP, HIP]>, DwarfRegNum<[-2, 8, 8]>;
12 }
13
14 // X86-64 only, requires REX
15 let SubRegIndices = [sub_16bit, sub_16bit_hi], CoveredBySubRegs = 1
in {
16 def R8D : X86Reg<"r8d", 8, [R8W,R8WH]>;
17 def R9D : X86Reg<"r9d", 9, [R9W,R9WH]>;
18 def R10D : X86Reg<"r10d", 10, [R10W,R10WH]>;
19 def R11D : X86Reg<"r11d", 11, [R11W,R11WH]>;
20 def R12D : X86Reg<"r12d", 12, [R12W,R12WH]>;
21 def R13D : X86Reg<"r13d", 13, [R13W,R13WH]>;
22 def R14D : X86Reg<"r14d", 14, [R14W,R14WH]>;
23 def R15D : X86Reg<"r15d", 15, [R15W,R15WH]>;
24 }
25
26 // 64-bit registers, X86-64 only
27 let SubRegIndices = [sub_32bit]
in {
28 def RAX : X86Reg<"rax", 0, [EAX]>, DwarfRegNum<[0, -2, -2]>;
29 def RDX : X86Reg<"rdx", 2, [EDX]>, DwarfRegNum<[1, -2, -2]>;
30 def RCX : X86Reg<"rcx", 1, [ECX]>, DwarfRegNum<[2, -2, -2]>;
31 def RBX : X86Reg<"rbx", 3, [EBX]>, DwarfRegNum<[3, -2, -2]>;
32 def RSI : X86Reg<"rsi", 6, [ESI]>, DwarfRegNum<[4, -2, -2]>;
33 def RDI : X86Reg<"rdi", 7, [EDI]>, DwarfRegNum<[5, -2, -2]>;
34 def RBP : X86Reg<"rbp", 5, [EBP]>, DwarfRegNum<[6, -2, -2]>;
35 def RSP : X86Reg<"rsp", 4, [ESP]>, DwarfRegNum<[7, -2, -2]>;
36
37 // These also require REX.
38 def R8 : X86Reg<"r8", 8, [R8D]>, DwarfRegNum<[ 8, -2, -2]>;
39 def R9 : X86Reg<"r9", 9, [R9D]>, DwarfRegNum<[ 9, -2, -2]>;
40 def R10 : X86Reg<"r10", 10, [R10D]>, DwarfRegNum<[10, -2, -2]>;
41 def R11 : X86Reg<"r11", 11, [R11D]>, DwarfRegNum<[11, -2, -2]>;
42 def R12 : X86Reg<"r12", 12, [R12D]>, DwarfRegNum<[12, -2, -2]>;
43 def R13 : X86Reg<"r13", 13, [R13D]>, DwarfRegNum<[13, -2, -2]>;
44 def R14 : X86Reg<"r14", 14, [R14D]>, DwarfRegNum<[14, -2, -2]>;
45 def R15 : X86Reg<"r15", 15, [R15D]>, DwarfRegNum<[15, -2, -2]>;
46 def RIP : X86Reg<"rip", 0, [EIP]>, DwarfRegNum<[16, -2, -2]>;
47 }
48 
49 // XMM Registers, used by the various SSE instruction set extensions.
50 def XMM0: X86Reg<"xmm0", 0>, DwarfRegNum<[17, 21, 21]>;
51 def XMM1: X86Reg<"xmm1", 1>, DwarfRegNum<[18, 22, 22]>;
52 def XMM2: X86Reg<"xmm2", 2>, DwarfRegNum<[19, 23, 23]>;
53 def XMM3: X86Reg<"xmm3", 3>, DwarfRegNum<[20, 24, 24]>;
54 def XMM4: X86Reg<"xmm4", 4>, DwarfRegNum<[21, 25, 25]>;
55 def XMM5: X86Reg<"xmm5", 5>, DwarfRegNum<[22, 26, 26]>;
56 def XMM6: X86Reg<"xmm6", 6>, DwarfRegNum<[23, 27, 27]>;
57 def XMM7: X86Reg<"xmm7", 7>, DwarfRegNum<[24, 28, 28]>;
58
59 // X86-64 only
60 def XMM8: X86Reg<"xmm8", 8>, DwarfRegNum<[25, -2, -2]>;
61 def XMM9: X86Reg<"xmm9", 9>, DwarfRegNum<[26, -2, -2]>;
62 def XMM10: X86Reg<"xmm10", 10>, DwarfRegNum<[27, -2, -2]>;
63 def XMM11: X86Reg<"xmm11", 11>, DwarfRegNum<[28, -2, -2]>;
64 def XMM12: X86Reg<"xmm12", 12>, DwarfRegNum<[29, -2, -2]>;
65 def XMM13: X86Reg<"xmm13", 13>, DwarfRegNum<[30, -2, -2]>;
66 def XMM14: X86Reg<"xmm14", 14>, DwarfRegNum<[31, -2, -2]>;
67 def XMM15: X86Reg<"xmm15", 15>, DwarfRegNum<[32, -2, -2]>;
68
69 def XMM16: X86Reg<"xmm16", 16>, DwarfRegNum<[67, -2, -2]>;
70 def XMM17: X86Reg<"xmm17", 17>, DwarfRegNum<[68, -2, -2]>;
71 def XMM18: X86Reg<"xmm18", 18>, DwarfRegNum<[69, -2, -2]>;
72 def XMM19: X86Reg<"xmm19", 19>, DwarfRegNum<[70, -2, -2]>;
73 def XMM20: X86Reg<"xmm20", 20>, DwarfRegNum<[71, -2, -2]>;
74 def XMM21: X86Reg<"xmm21", 21>, DwarfRegNum<[72, -2, -2]>;
75 def XMM22: X86Reg<"xmm22", 22>, DwarfRegNum<[73, -2, -2]>;
76 def XMM23: X86Reg<"xmm23", 23>, DwarfRegNum<[74, -2, -2]>;
77 def XMM24: X86Reg<"xmm24", 24>, DwarfRegNum<[75, -2, -2]>;
78 def XMM25: X86Reg<"xmm25", 25>, DwarfRegNum<[76, -2, -2]>;
79 def XMM26: X86Reg<"xmm26", 26>, DwarfRegNum<[77, -2, -2]>;
80 def XMM27: X86Reg<"xmm27", 27>, DwarfRegNum<[78, -2, -2]>;
81 def XMM28: X86Reg<"xmm28", 28>, DwarfRegNum<[79, -2, -2]>;
82 def XMM29: X86Reg<"xmm29", 29>, DwarfRegNum<[80, -2, -2]>;
83 def XMM30: X86Reg<"xmm30", 30>, DwarfRegNum<[81, -2, -2]>;
84 def XMM31: X86Reg<"xmm31", 31>, DwarfRegNum<[82, -2, -2]>;
85
86 // YMM0-15 registers, used by AVX instructions and
87 // YMM16-31 registers, used by AVX-512 instructions.
88 let SubRegIndices = [sub_xmm]
in {
89 foreach Index = 0-31
in {
90 def YMM#Index : X86Reg<"ymm"#Index, Index, [!cast
("XMM"#Index)]>,
91 DwarfRegAlias("XMM"#Index)>;
92 }
93 }
94
95 // ZMM Registers, used by AVX-512 instructions.
96 let SubRegIndices = [sub_ymm] in {
97 foreach Index = 0-31 in {
98 def ZMM#Index : X86Reg<"zmm"#Index, Index, [!cast("YMM"#Index)]>,
99 DwarfRegAlias("XMM"#Index)>;
100 }
101 }
102
103 // Debug registers
104 def DR0 : X86Reg<"dr0", 0>;
105 def DR1 : X86Reg<"dr1", 1>;
106 def DR2 : X86Reg<"dr2", 2>;
107 def DR3 : X86Reg<"dr3", 3>;
108 def DR4 : X86Reg<"dr4", 4>;
109 def DR5 : X86Reg<"dr5", 5>;
110 def DR6 : X86Reg<"dr6", 6>;
111 def DR7 : X86Reg<"dr7", 7>;
112 def DR8 : X86Reg<"dr8", 8>;
113 def DR9 : X86Reg<"dr9", 9>;
114 def DR10 : X86Reg<"dr10", 10>;
115 def DR11 : X86Reg<"dr11", 11>;
116 def DR12 : X86Reg<"dr12", 12>;
117 def DR13 : X86Reg<"dr13", 13>;
118 def DR14 : X86Reg<"dr14", 14>;
119 def DR15 : X86Reg<"dr15", 15>;
120
121 def GR32 : RegisterClass<"X86", [i32], 32,
122 (add EAX, ECX, EDX, ESI, EDI, EBX, EBP, ESP,
123 R8D, R9D, R10D, R11D, R14D, R15D, R12D, R13D)>;
124
125 // GR64 - 64-bit GPRs. This oddly includes RIP, which isn't accurate, since
126 // RIP isn't really a register and it can't be used anywhere except in an
127 // address, but it doesn't cause trouble.
128 // FIXME: it *does* cause trouble - CheckBaseRegAndIndexReg() has extra
129 // tests because of the inclusion of RIP in this register class.
130 def GR64 : RegisterClass<"X86", [i64], 64,
131 (add RAX, RCX, RDX, RSI, RDI, R8, R9, R10, R11,
132 RBX, R14, R15, R12, R13, RBP, RSP, RIP)>;
:為保障安全就復(fù)雜了,由于密鑰及敏感數(shù)據(jù)存于寄存器,首先要防止寄存器交換/拷貝到內(nèi)存(為避免讀取內(nèi)存的冷啟動(dòng)攻擊、基于cache的側(cè)信道攻擊)的一切可能因素,比如進(jìn)程調(diào)度、由信號(hào)或異步中斷引起的處理器模式切換、系統(tǒng)休眠,如果在用戶態(tài)實(shí)現(xiàn)加解密,就避免不了被調(diào)度或切換,因?yàn)閱魏松喜豢赡苤贿\(yùn)行加解密進(jìn)程,所以得實(shí)現(xiàn)在內(nèi)核態(tài)。這樣一來(lái)就要在加解密中禁止搶占與中斷,考慮到系統(tǒng)響應(yīng),禁止的粒度不能過(guò)大最小為一個(gè)分組,分組加解密前禁止搶占與中斷(比如調(diào)用linux內(nèi)核接口
)前必須清零寄存器。在系統(tǒng)休眠時(shí),禁止寄存器復(fù)制到內(nèi)存,休眠恢復(fù)時(shí)在所有用戶態(tài)進(jìn)程恢復(fù)前執(zhí)行密鑰初始化,同理系統(tǒng)啟動(dòng)時(shí)的密鑰初始化也得在用戶態(tài)進(jìn)程運(yùn)行前執(zhí)行。其次要防止其它用戶態(tài)進(jìn)程/內(nèi)核線程/中斷服務(wù)程序讀寫(xiě)寄存器尤其特權(quán)寄存器(為避免用戶態(tài)或內(nèi)核態(tài)rootkit),所以要修改內(nèi)核,過(guò)濾相關(guān)系統(tǒng)調(diào)用比如linux的
。對(duì)于不可屏蔽的中斷靠禁止是無(wú)效的,只能修改中斷處理程序避免寄存器中的密鑰數(shù)據(jù)被擴(kuò)散到內(nèi)存,比如在中斷處理函數(shù)入口處清零相關(guān)寄存器。綜上基于已知代碼修改的防御不能防御惡意加載/修改代碼之類的攻擊,比如動(dòng)態(tài)安裝的內(nèi)核模塊/驅(qū)動(dòng),但可有效防御冷啟動(dòng)攻擊、只讀DMA攻擊、基于cache的側(cè)信道攻擊、用戶態(tài)權(quán)限的軟件攻擊、內(nèi)核態(tài)的僅運(yùn)行已有代碼的軟件攻擊