mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:55:41 +00:00
Move contatnt-time memcmp functions to the contant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
parent
e41e3e8a8b
commit
944c107744
|
@ -1212,26 +1212,6 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
|||
int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
||||
const mbedtls_ssl_session *src );
|
||||
|
||||
/* constant-time buffer comparison */
|
||||
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||
volatile unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
{
|
||||
/* Read volatile data in order before computing diff.
|
||||
* This avoids IAR compiler warning:
|
||||
* 'the order of volatile accesses is undefined ..' */
|
||||
unsigned char x = A[i], y = B[i];
|
||||
diff |= x ^ y;
|
||||
}
|
||||
|
||||
return( diff );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
#include "mbedtls/cipher_internal.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -74,27 +75,6 @@
|
|||
#define CIPHER_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
|
||||
/* Compare the contents of two buffers in constant time.
|
||||
* Returns 0 if the contents are bitwise identical, otherwise returns
|
||||
* a non-zero value.
|
||||
* This is currently only used by GCM and ChaCha20+Poly1305.
|
||||
*/
|
||||
static int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
|
||||
size_t len )
|
||||
{
|
||||
const unsigned char *p1 = (const unsigned char*) v1;
|
||||
const unsigned char *p2 = (const unsigned char*) v2;
|
||||
size_t i;
|
||||
unsigned char diff;
|
||||
|
||||
for( diff = 0, i = 0; i < len; i++ )
|
||||
diff |= p1[i] ^ p2[i];
|
||||
|
||||
return( (int)diff );
|
||||
}
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
|
||||
static int supported_init = 0;
|
||||
|
||||
const int *mbedtls_cipher_list( void )
|
||||
|
|
|
@ -18,3 +18,77 @@
|
|||
*/
|
||||
|
||||
#include "common.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
/* constant-time buffer comparison */
|
||||
int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||
volatile unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
{
|
||||
/* Read volatile data in order before computing diff.
|
||||
* This avoids IAR compiler warning:
|
||||
* 'the order of volatile accesses is undefined ..' */
|
||||
unsigned char x = A[i], y = B[i];
|
||||
diff |= x ^ y;
|
||||
}
|
||||
|
||||
return( diff );
|
||||
}
|
||||
|
||||
/* Compare the contents of two buffers in constant time.
|
||||
* Returns 0 if the contents are bitwise identical, otherwise returns
|
||||
* a non-zero value.
|
||||
* This is currently only used by GCM and ChaCha20+Poly1305.
|
||||
*/
|
||||
int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
|
||||
size_t len )
|
||||
{
|
||||
const unsigned char *p1 = (const unsigned char*) v1;
|
||||
const unsigned char *p2 = (const unsigned char*) v2;
|
||||
size_t i;
|
||||
unsigned char diff;
|
||||
|
||||
for( diff = 0, i = 0; i < len; i++ )
|
||||
diff |= p1[i] ^ p2[i];
|
||||
|
||||
return( (int)diff );
|
||||
}
|
||||
|
||||
/* constant-time buffer comparison */
|
||||
unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||
volatile unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
{
|
||||
/* Read volatile data in order before computing diff.
|
||||
* This avoids IAR compiler warning:
|
||||
* 'the order of volatile accesses is undefined ..' */
|
||||
unsigned char x = A[i], y = B[i];
|
||||
diff |= x ^ y;
|
||||
}
|
||||
|
||||
return( diff );
|
||||
}
|
||||
|
||||
/* constant-time buffer comparison */
|
||||
int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
const unsigned char *A = (const unsigned char *) a;
|
||||
const unsigned char *B = (const unsigned char *) b;
|
||||
unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
diff |= A[i] ^ B[i];
|
||||
|
||||
return( diff );
|
||||
}
|
||||
|
|
30
library/constant_time.h
Normal file
30
library/constant_time.h
Normal file
|
@ -0,0 +1,30 @@
|
|||
/**
|
||||
* Constant-time functions
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n );
|
||||
|
||||
int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t len );
|
||||
|
||||
unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n );
|
||||
|
||||
int mbedtls_safer_memcmp( const void *a, const void *b, size_t n );
|
|
@ -34,6 +34,7 @@
|
|||
#include "mbedtls/nist_kw.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
|
@ -52,26 +53,6 @@
|
|||
#define KW_SEMIBLOCK_LENGTH 8
|
||||
#define MIN_SEMIBLOCKS_COUNT 3
|
||||
|
||||
/* constant-time buffer comparison */
|
||||
static inline unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||
volatile unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
{
|
||||
/* Read volatile data in order before computing diff.
|
||||
* This avoids IAR compiler warning:
|
||||
* 'the order of volatile accesses is undefined ..' */
|
||||
unsigned char x = A[i], y = B[i];
|
||||
diff |= x ^ y;
|
||||
}
|
||||
|
||||
return( diff );
|
||||
}
|
||||
|
||||
/*! The 64-bit default integrity check value (ICV) for KW mode. */
|
||||
static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
|
||||
/*! The 32-bit default integrity check value (ICV) for KWP mode. */
|
||||
|
|
|
@ -44,6 +44,7 @@
|
|||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -72,22 +73,6 @@
|
|||
#define RSA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
/* constant-time buffer comparison */
|
||||
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
const unsigned char *A = (const unsigned char *) a;
|
||||
const unsigned char *B = (const unsigned char *) b;
|
||||
unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
diff |= A[i] ^ B[i];
|
||||
|
||||
return( diff );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V15 */
|
||||
|
||||
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
||||
const mbedtls_mpi *N,
|
||||
const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#include "mbedtls/ssl_internal.h"
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/psa_util.h"
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
#include "mbedtls/ssl_internal.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
|
|
@ -44,6 +44,7 @@
|
|||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/version.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#include "ssl_invasive.h"
|
||||
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/version.h"
|
||||
#include "constant_time.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
|
Loading…
Reference in a new issue