[9front] memory(2): mention tsmemcmp

[9front] memory(2): mention tsmemcmp

[kemal]

diff -r b341860aaa26 sys/man/2/memory
--- a/sys/man/2/memory	Sun Apr 25 21:49:01 2021 +0200
+++ b/sys/man/2/memory	Thu Apr 29 14:38:46 2021 +0300
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,6 +108,11 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
@@ -124,3 +134,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.

[9front] Re: memory(2): mention tsmemcmp

[kemal]

shit, had a mistake. apply this one instead.

diff -r b341860aaa26 sys/man/2/memory
--- a/sys/man/2/memory	Sun Apr 25 21:49:01 2021 +0200
+++ b/sys/man/2/memory	Thu Apr 29 19:30:43 2021 +0300
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,6 +108,11 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
@@ -124,3 +134,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.

Re: [9front] Re: memory(2): mention tsmemcmp

[cinap_lenrek]

I think it should be explained how it works. Basically, tsmemcmp always reads
all the bytes and does NOT stop early when it sees a difference. That makes its
runtime only a function of N, not the contents of the data so here can be no
information gathered about the data from measuring its runtime behaviour or
cache side-effects.

--
cinap

[9front] Re: memory(2): mention tsmemcmp

[kemal]

OK, added an explanation.

diff -r 47a307f91238 sys/man/2/memory
--- a/sys/man/2/memory	Fri Apr 30 00:20:39 2021 +0200
+++ b/sys/man/2/memory	Sun May 02 17:20:35 2021 +0300
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is
function of
+.I n
+and not something that can lead clues to attackers.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
 Most also have machine-dependent assembly language implementations in
 .BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
 .SH SEE ALSO
 .IR strcat (2)
 .SH BUGS
@@ -124,3 +140,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.

Re: [9front] Re: memory(2): mention tsmemcmp

[umbraticus]

Thanks.  Just fixed your itses and suggested some
mild improvements to the wording below.

diff -r 47a307f91238 sys/man/2/memory
--- a/sys/man/2/memory	Fri Apr 30 00:20:39 2021 +0200
+++ b/sys/man/2/memory	Sun May 02 17:20:35 2021 +0300
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference,
+so that its runtime is a function of
+.I n
+and not something that can give an attacker clues.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
 Most also have machine-dependent assembly language implementations in
 .BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found at
+.BR /sys/src/libsec/port/tsmemcmp.c .
 .SH SEE ALSO
 .IR strcat (2)
 .SH BUGS
@@ -124,3 +140,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data,
+as it is vulnerable to timing attacks.
+Instead,
+.I tsmemcmp
+should be used.

Re: [9front] Re: memory(2): mention tsmemcmp

[cinap_lenrek]

sorry, this patch doesnt apply to me.

patching file `sys/man/2/memory'
patch: **** malformed patch at line 47:  .SH BUGS

--
cinap

Re: [9front] Re: memory(2): mention tsmemcmp

[kemal]

> sorry, this patch doesnt apply to me.

huh? i just generate it with `hg diff /sys/man/2/memory`. how come
it's malformed?
is there any better way to generate patches?

Re: [9front] Re: memory(2): mention tsmemcmp

[hiro]

just add the patch as an attachment instead of inline. maybe your mail
client won't mangle it then :)

On 5/9/21, kemal <kemalinanc8@gmail.com> wrote:
>> sorry, this patch doesnt apply to me.
>
> huh? i just generate it with `hg diff /sys/man/2/memory`. how come
> it's malformed?
> is there any better way to generate patches?
>

Re: [9front] Re: memory(2): mention tsmemcmp

[kemal]

[-- Attachment #1: Type: text/plain, Size: 226 bytes --]

> just add the patch as an attachment instead of inline. maybe your mail
> client won't mangle it then :)

oh, right. also i couldn't manage to setup smtp on 9 and
i have to use this shitty gmail web client, somebody help me.

[-- Attachment #2: a --]
[-- Type: application/octet-stream, Size: 1459 bytes --]

diff -r 5c3701c99ef7 sys/man/2/memory
--- a/sys/man/2/memory	Tue May 04 15:32:35 2021 +0200
+++ b/sys/man/2/memory	Sun May 09 22:10:05 2021 +0300
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is function of
+.I n
+and not something that can lead clues to attackers.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
 Most also have machine-dependent assembly language implementations in
 .BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
 .SH SEE ALSO
 .IR strcat (2)
 .SH BUGS
@@ -124,3 +140,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, 
+.I tsmemcmp
+should be used.

Re: [9front] Re: memory(2): mention tsmemcmp

[cinap_lenrek]

applied! thanks!

--
cinap