Download to read offline
![CAO Types
〉 Booleans
def b1 : bool;
def b2 : bool := true;
〉 Integers (arbitrary precision)
def i1 : int;
def i2 : int := 10;
〉 Machine integers
def ri1 : register int;
def ri2 : register int := 1;
〉 Bit strings
def ubs1 : unsigned bits [32];
def ubs2 : unsigned bits [4] := 0b0101;
def sbs1 : signed bits [16];
def sbs2 : signed bits [8] := 1b01010010;
Manuel Barbosa, David Castro, Paulo Silva 5/14](https://image.slidesharecdn.com/post14-140414104823-phpapp01/85/Compiling-CAO-From-Cryptographic-Specifications-to-C-Implementations-9-320.jpg)
![CAO Types (cont.)
〉 Rings or fields defined by an integer
def mo1 : mod [5];
def mo2 : mod [2] := [1];
Manuel Barbosa, David Castro, Paulo Silva 6/14](https://image.slidesharecdn.com/post14-140414104823-phpapp01/85/Compiling-CAO-From-Cryptographic-Specifications-to-C-Implementations-10-320.jpg)
![CAO Types (cont.)
〉 Rings or fields defined by an integer
def mo1 : mod [5];
def mo2 : mod [2] := [1];
〉 Extension fields defined by a type and a polynomial
def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ];
def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1];
Manuel Barbosa, David Castro, Paulo Silva 6/14](https://image.slidesharecdn.com/post14-140414104823-phpapp01/85/Compiling-CAO-From-Cryptographic-Specifications-to-C-Implementations-11-320.jpg)
![CAO Types (cont.)
〉 Rings or fields defined by an integer
def mo1 : mod [5];
def mo2 : mod [2] := [1];
〉 Extension fields defined by a type and a polynomial
def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ];
def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1];
〉 Vectors
def v1 : vector [10] of register int;
def v2 : vector [4] of unsigned bits [2] := {
0b00 , 0b01 , 0b10 , 0b11 };
Manuel Barbosa, David Castro, Paulo Silva 6/14](https://image.slidesharecdn.com/post14-140414104823-phpapp01/85/Compiling-CAO-From-Cryptographic-Specifications-to-C-Implementations-12-320.jpg)
![CAO Types (cont.)
〉 Rings or fields defined by an integer
def mo1 : mod [5];
def mo2 : mod [2] := [1];
〉 Extension fields defined by a type and a polynomial
def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ];
def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1];
〉 Vectors
def v1 : vector [10] of register int;
def v2 : vector [4] of unsigned bits [2] := {
0b00 , 0b01 , 0b10 , 0b11 };
〉 Matrices
def m1 : matrix [2, 3] of int;
def m2 : matrix [2, 2] of mod [2] := {
[1], [0], [0], [1] };
Manuel Barbosa, David Castro, Paulo Silva 6/14](https://image.slidesharecdn.com/post14-140414104823-phpapp01/85/Compiling-CAO-From-Cryptographic-Specifications-to-C-Implementations-13-320.jpg)
![Simple Example: Bubble Sort
typedef int_vector := vector [10] of int;
def bubble_sort (v : int_vector) : int_vector {
def temp : int;
seq i := 8 to 0 by -1 {
seq j := 0 to i {
if (v[j] > v[j+1]) {
temp := v[j];
v[j] := v[j+1];
v[j+1] := temp;
}
}
}
return v;
}
Manuel Barbosa, David Castro, Paulo Silva 7/14](https://image.slidesharecdn.com/post14-140414104823-phpapp01/85/Compiling-CAO-From-Cryptographic-Specifications-to-C-Implementations-14-320.jpg)
![Simple Example: Bubble Sort
def bubble_sort (const n : register int {1 < n}, v : vector[n] of int)
: vector[n] of int {
def temp : int;
seq i := n - 2 to 0 by -1 {
seq j := 0 to i {
if (v[j] > v[j+1]) {
temp := v[j];
v[j] := v[j+1];
v[j+1] := temp;
}
}
}
return v;
}
Manuel Barbosa, David Castro, Paulo Silva 8/14](https://image.slidesharecdn.com/post14-140414104823-phpapp01/85/Compiling-CAO-From-Cryptographic-Specifications-to-C-Implementations-15-320.jpg)
Uploaded byPaulo Silva
Compiling CAO: From Cryptographic Specifications to C Implementations
The document introduces CAO, a domain specific language for developing cryptographic software. CAO aims to generate efficient and secure implementations from high-level cryptographic specifications. It has types for booleans, integers, bit strings, vectors and matrices. A bubble sort example demonstrates the language. The document also discusses transforming CAO code, platform specification, using generated code, and protecting against side-channel attacks. Future work includes improving code efficiency and supporting more platforms/countermeasures.
More Related Content
Similar to Compiling CAO: From Cryptographic Specifications to C Implementations
![Polymer [ बहुलक ] Chemistry Notes PDF - Irfanullah Mehar - JJ Sir Chemistry.pdf](https://cdn.slidesharecdn.com/ss_thumbnails/polymerchemistrynotespdf-irfanullahmehar-jjsirchemistry-260210172118-3f9b37f7-thumbnail.jpg?width=640&height=640&fit=bounds)
Compiling CAO: From Cryptographic Specifications to C Implementations
- 1. Compiling CAO: fromCryptographic Specifications to C Implementations Manuel Barbosa David Castro Paulo Silva HASLab/INESC TEC Universidade do Minho Braga, Portugal April 8, 2014 Grenoble
- 2. Motivation 〉 Developing cryptographicsoftware is challenging 〉 Performance is usually critical 〉 Many implementations are done directly in assembly 〉 Aggressive optimizations must not change the semantics 〉 Error prone and time consuming Manuel Barbosa, David Castro, Paulo Silva 1/14
- 3. CAO Language 〉 Startedin the CACE project (FP7) in collaboration with Univ. Bristol 〉 Domain specific language for core cryptographic components 〉 Hash functions, authentication algorithms, signatures, . . . 〉 High level features closer to standards 〉 Supported by a tool chain to assist development Manuel Barbosa, David Castro, Paulo Silva 2/14
- 4. CAO Language 〉 Maindesign goals: 〉 Flexible and configurable for a wide range of platforms (machine architecture + operating system + compiler + extra libraries) 〉 Incorporate domain specific optimizations early in the compilation process 〉 Oriented to the implementation of cryptographic APIs Manuel Barbosa, David Castro, Paulo Silva 3/14
- 5. CAO Features 〉 Callby value semantics 〉 No input/output support 〉 No language construct to dynamically allocate memory 〉 Highly expressive native types and operators Manuel Barbosa, David Castro, Paulo Silva 4/14
- 6. CAO Types 〉 Booleans defb1 : bool; def b2 : bool := true; Manuel Barbosa, David Castro, Paulo Silva 5/14
- 7. CAO Types 〉 Booleans defb1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; Manuel Barbosa, David Castro, Paulo Silva 5/14
- 8. CAO Types 〉 Booleans defb1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; 〉 Machine integers def ri1 : register int; def ri2 : register int := 1; Manuel Barbosa, David Castro, Paulo Silva 5/14
- 9. CAO Types 〉 Booleans defb1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; 〉 Machine integers def ri1 : register int; def ri2 : register int := 1; 〉 Bit strings def ubs1 : unsigned bits [32]; def ubs2 : unsigned bits [4] := 0b0101; def sbs1 : signed bits [16]; def sbs2 : signed bits [8] := 1b01010010; Manuel Barbosa, David Castro, Paulo Silva 5/14
- 10. CAO Types (cont.) 〉Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; Manuel Barbosa, David Castro, Paulo Silva 6/14
- 11. CAO Types (cont.) 〉Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; Manuel Barbosa, David Castro, Paulo Silva 6/14
- 12. CAO Types (cont.) 〉Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; 〉 Vectors def v1 : vector [10] of register int; def v2 : vector [4] of unsigned bits [2] := { 0b00 , 0b01 , 0b10 , 0b11 }; Manuel Barbosa, David Castro, Paulo Silva 6/14
- 13. CAO Types (cont.) 〉Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; 〉 Vectors def v1 : vector [10] of register int; def v2 : vector [4] of unsigned bits [2] := { 0b00 , 0b01 , 0b10 , 0b11 }; 〉 Matrices def m1 : matrix [2, 3] of int; def m2 : matrix [2, 2] of mod [2] := { [1], [0], [0], [1] }; Manuel Barbosa, David Castro, Paulo Silva 6/14
- 14. Simple Example: BubbleSort typedef int_vector := vector [10] of int; def bubble_sort (v : int_vector) : int_vector { def temp : int; seq i := 8 to 0 by -1 { seq j := 0 to i { if (v[j] > v[j+1]) { temp := v[j]; v[j] := v[j+1]; v[j+1] := temp; } } } return v; } Manuel Barbosa, David Castro, Paulo Silva 7/14
- 15. Simple Example: BubbleSort def bubble_sort (const n : register int {1 < n}, v : vector[n] of int) : vector[n] of int { def temp : int; seq i := n - 2 to 0 by -1 { seq j := 0 to i { if (v[j] > v[j+1]) { temp := v[j]; v[j] := v[j+1]; v[j+1] := temp; } } } return v; } Manuel Barbosa, David Castro, Paulo Silva 8/14
- 16. Complete Algorithm: SHA1 〉(example sha1.cao) Manuel Barbosa, David Castro, Paulo Silva 9/14
- 17. Exploring Intermediate CAOCode 〉 Source to source transformations 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 10/14
- 18. Platform Specification 〉 (demo) ManuelBarbosa, David Castro, Paulo Silva 11/14
- 19. Using the GeneratedCode 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 12/14
- 20. Protection Against Side-channelAttacks 〉 Popular countermeasure against side-channel attacks 〉 Indistinguishable functions: 〉 Vulnerable functions execute the same sequence of native CAO operations 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 13/14
- 21. Conclusions 〉 The codeof the compiler is reasonably stable 〉 The source code is available from the Hackage repository: http://hackage.haskell.org/package/cao 〉 Future work: 〉 Improve efficiency of the generated code (more aggressive optimizations are possible) 〉 Additional protection countermeasures against side-channel attacks 〉 Provide support for other platforms (ongoing work for ARM architecture) 〉 Provide additional guarantees when compiling C using CompCert (ongoing work) Manuel Barbosa, David Castro, Paulo Silva 14/14