Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cf protection to assembler files #2035

Open
beldmit opened this issue Jan 7, 2025 · 6 comments
Open

Add cf protection to assembler files #2035

beldmit opened this issue Jan 7, 2025 · 6 comments

Comments

@beldmit
Copy link
Contributor

beldmit commented Jan 7, 2025

Describe the bug
Our annobin check has found out that the library doesn't implement the CET protection https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
because of lack of the corresponding code in ASM files (see the example in the link).
SO even when the C sources are compiled with -fcf-protection the protection is still not enabled
@beldmit
Copy link
Contributor Author

beldmit commented Jan 7, 2025

An example patch:

diff -rup liboqs-0.12.0.orig/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_avx2/invntt.S liboqs-0.12.0/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_avx2/invntt.S
--- liboqs-0.12.0.orig/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_avx2/invntt.S	2025-01-06 10:08:13.282017683 +0000
+++ liboqs-0.12.0/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_avx2/invntt.S	2025-01-06 10:09:33.407463609 +0000
@@ -183,6 +183,7 @@ vmovdqa		%ymm11,(64*\off+176)*2(%rdi)
 .text
 .global cdecl(invntt_avx)
 cdecl(invntt_avx):
+ENDBR64
 vmovdqa         _16XQ*2(%rsi),%ymm0
 
 intt_levels0t5	0
@@ -191,3 +192,20 @@ intt_levels0t5	1
 intt_level6	0
 intt_level6	1
 ret
+
+	.section	.note.gnu.property,"a"
+	.align 8
+	.long	 1f - 0f
+	.long	 4f - 1f
+	.long	 5
+0:
+	.string	 "GNU"
+1:
+	.align 8
+	.long	 0xc0000002
+	.long	 3f - 2f
+2:
+	.long	 0x3
+3:
+	.align 8
+4:

The same should be implemented for all the ASM sources

@SWilson4
Copy link
Member

SWilson4 commented Jan 7, 2025
edited
Loading

Thanks for the report. Is it accurate to say that this is something that should ideally be fixed upstream? (i.e., in https://github.com/pq-crystals/kyber for this example)

@beldmit
Copy link
Contributor Author

beldmit commented Jan 7, 2025

Yes.

@baentsch
Copy link
Member

baentsch commented Jan 7, 2025

This looks like a "mechanical" (automat-able) code addition: Am I right with this @beldmit ? All that's needed is adding these lines (always the same?!) to all .S files? Or is there more to it? Or asked differently, could you add such a cat cfgnusection.S >> *.S script to your distro? If that were the case, we could of course also do it in liboqs and not wait for all upstreams to do this.

@beldmit
Copy link
Contributor Author

beldmit commented Jan 7, 2025

Unfortunately, it's not enough

Quoting the link https://sourceware.org/annobin/annobin.html/Test-cf-protection.html

If an assembler source file is used as part of an application then it too needs to be updated. Any location in the source code where an indirect branch or function call can land must now have either ENDBR64 (for 64-bit assembler) or ENDBR32 (for 32-bit assembler) as the first instruction executed.

@baentsch
Copy link
Member

baentsch commented Jan 7, 2025

Thanks for the clarification/pointer. In that case, it's a task for the upstreams, indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
liboqs planning
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@beldmit @SWilson4 @baentsch