Maamoun TK maamoun.tk@googlemail.com writes:
You are right, modern operating systems are supposed to have this functionality but accessing some program's memory is pretty easy nowadays, I think it's a good practice to clean behind the cipher functions for what it makes sense and whenever possible.
I think it's futile to try to do that thoroughly, e.g., code generated by the compiler will not clear each stack frame on return (and I'm not even ware of any compiler option to generate code like that). We have to trust the operating system (where as usual, "trust" can also be read as "depend on").
For the specific case of key material, it might make sense to go to a little extra effort to not leave copies in memory, but other neetle code doesn't do that.
In another topic, I've optimized the SHA-512 algorithm for arm64 architecture but it turned out all CFarm variants don't support SHA-512 crypto extension so I can't do any performance or correctness testing for now. Do you know any CFarm alternative that supports SHA-512 and SHA3 extensions for arm64 architectures?
Can you do correctness tests on qemu? (I've been using a crosscompiler and qemu-user to test other ARM code, and that's also what the ci tests do).
I have access to the systems listed on https://gmplib.org/devel/testsystems, is any of those applicable? The arm64 machines available includes one Cortex-A73 and one Apple M1.
Regards, /Niels