Intel responded to the reporting on PortSmash by saying:
Software or software libraries can be protected against such issues by employing side channel safe development practices.
Are these practices well-understood by security experts, and does Rust provide sufficient guarantees to employ them?
I found a presentation (older than PortSmash) about techniques for preventing side-channel attacks, giving the following programming guidelines:
- Avoid all data flow from secrets to branch conditions and memory addresses
- Avoid the following instructions when manipulating sensitive data:
- On AMD/Intel:
- DIV, IDIV, FDIV
- Higher-level math instructions (e.g. FSIN)
- On PowerPC:
- MUL, MULHW, MULHWU
- On ARM Cortex-M3:
- UMULL, SMULL, UMLAL, SMLAL
Given these assembly-level guidelines, I expect that the corresponding guidelines for higher-level compiled languages such as C or Rust are fairly straightforward:
- Don’t use sensitive data in conditionals (e.g.
- Don’t use sensitive data when indexing or doing pointer-arithmetic
- When doing arithmetic on sensitive data:
- On AMD/Intel: Don’t use floating-point division or any higher-level floating point math functions
- On PowerPC: Don’t use multiplication at all
- On ARM: Don’t use 64-bit multiplication
So my questions are:
- Is my interpretations of the guidelines (roughly) accurate?
- More importantly: can the compiler insert the dangerous instructions while “optimizing”, even for code that doesn’t explicitly use any of the verboten operations?