mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-12 18:15:27 +00:00
Move contatnt-time memcmp functions to the contant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
parent
e41e3e8a8b
commit
944c107744
|
@ -1212,26 +1212,6 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
||||||
const mbedtls_ssl_session *src );
|
const mbedtls_ssl_session *src );
|
||||||
|
|
||||||
/* constant-time buffer comparison */
|
|
||||||
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
|
||||||
{
|
|
||||||
size_t i;
|
|
||||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
|
||||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
|
||||||
volatile unsigned char diff = 0;
|
|
||||||
|
|
||||||
for( i = 0; i < n; i++ )
|
|
||||||
{
|
|
||||||
/* Read volatile data in order before computing diff.
|
|
||||||
* This avoids IAR compiler warning:
|
|
||||||
* 'the order of volatile accesses is undefined ..' */
|
|
||||||
unsigned char x = A[i], y = B[i];
|
|
||||||
diff |= x ^ y;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( diff );
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||||
|
|
|
@ -29,6 +29,7 @@
|
||||||
#include "mbedtls/cipher_internal.h"
|
#include "mbedtls/cipher_internal.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
@ -74,27 +75,6 @@
|
||||||
#define CIPHER_VALIDATE( cond ) \
|
#define CIPHER_VALIDATE( cond ) \
|
||||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
|
|
||||||
/* Compare the contents of two buffers in constant time.
|
|
||||||
* Returns 0 if the contents are bitwise identical, otherwise returns
|
|
||||||
* a non-zero value.
|
|
||||||
* This is currently only used by GCM and ChaCha20+Poly1305.
|
|
||||||
*/
|
|
||||||
static int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
|
|
||||||
size_t len )
|
|
||||||
{
|
|
||||||
const unsigned char *p1 = (const unsigned char*) v1;
|
|
||||||
const unsigned char *p2 = (const unsigned char*) v2;
|
|
||||||
size_t i;
|
|
||||||
unsigned char diff;
|
|
||||||
|
|
||||||
for( diff = 0, i = 0; i < len; i++ )
|
|
||||||
diff |= p1[i] ^ p2[i];
|
|
||||||
|
|
||||||
return( (int)diff );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
|
|
||||||
|
|
||||||
static int supported_init = 0;
|
static int supported_init = 0;
|
||||||
|
|
||||||
const int *mbedtls_cipher_list( void )
|
const int *mbedtls_cipher_list( void )
|
||||||
|
|
|
@ -18,3 +18,77 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
|
/* constant-time buffer comparison */
|
||||||
|
int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||||
|
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||||
|
volatile unsigned char diff = 0;
|
||||||
|
|
||||||
|
for( i = 0; i < n; i++ )
|
||||||
|
{
|
||||||
|
/* Read volatile data in order before computing diff.
|
||||||
|
* This avoids IAR compiler warning:
|
||||||
|
* 'the order of volatile accesses is undefined ..' */
|
||||||
|
unsigned char x = A[i], y = B[i];
|
||||||
|
diff |= x ^ y;
|
||||||
|
}
|
||||||
|
|
||||||
|
return( diff );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Compare the contents of two buffers in constant time.
|
||||||
|
* Returns 0 if the contents are bitwise identical, otherwise returns
|
||||||
|
* a non-zero value.
|
||||||
|
* This is currently only used by GCM and ChaCha20+Poly1305.
|
||||||
|
*/
|
||||||
|
int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
|
||||||
|
size_t len )
|
||||||
|
{
|
||||||
|
const unsigned char *p1 = (const unsigned char*) v1;
|
||||||
|
const unsigned char *p2 = (const unsigned char*) v2;
|
||||||
|
size_t i;
|
||||||
|
unsigned char diff;
|
||||||
|
|
||||||
|
for( diff = 0, i = 0; i < len; i++ )
|
||||||
|
diff |= p1[i] ^ p2[i];
|
||||||
|
|
||||||
|
return( (int)diff );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* constant-time buffer comparison */
|
||||||
|
unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||||
|
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||||
|
volatile unsigned char diff = 0;
|
||||||
|
|
||||||
|
for( i = 0; i < n; i++ )
|
||||||
|
{
|
||||||
|
/* Read volatile data in order before computing diff.
|
||||||
|
* This avoids IAR compiler warning:
|
||||||
|
* 'the order of volatile accesses is undefined ..' */
|
||||||
|
unsigned char x = A[i], y = B[i];
|
||||||
|
diff |= x ^ y;
|
||||||
|
}
|
||||||
|
|
||||||
|
return( diff );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* constant-time buffer comparison */
|
||||||
|
int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
const unsigned char *A = (const unsigned char *) a;
|
||||||
|
const unsigned char *B = (const unsigned char *) b;
|
||||||
|
unsigned char diff = 0;
|
||||||
|
|
||||||
|
for( i = 0; i < n; i++ )
|
||||||
|
diff |= A[i] ^ B[i];
|
||||||
|
|
||||||
|
return( diff );
|
||||||
|
}
|
||||||
|
|
30
library/constant_time.h
Normal file
30
library/constant_time.h
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
/**
|
||||||
|
* Constant-time functions
|
||||||
|
*
|
||||||
|
* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
|
||||||
|
#include <stddef.h>
|
||||||
|
|
||||||
|
int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n );
|
||||||
|
|
||||||
|
int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t len );
|
||||||
|
|
||||||
|
unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n );
|
||||||
|
|
||||||
|
int mbedtls_safer_memcmp( const void *a, const void *b, size_t n );
|
|
@ -34,6 +34,7 @@
|
||||||
#include "mbedtls/nist_kw.h"
|
#include "mbedtls/nist_kw.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
@ -52,26 +53,6 @@
|
||||||
#define KW_SEMIBLOCK_LENGTH 8
|
#define KW_SEMIBLOCK_LENGTH 8
|
||||||
#define MIN_SEMIBLOCKS_COUNT 3
|
#define MIN_SEMIBLOCKS_COUNT 3
|
||||||
|
|
||||||
/* constant-time buffer comparison */
|
|
||||||
static inline unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n )
|
|
||||||
{
|
|
||||||
size_t i;
|
|
||||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
|
||||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
|
||||||
volatile unsigned char diff = 0;
|
|
||||||
|
|
||||||
for( i = 0; i < n; i++ )
|
|
||||||
{
|
|
||||||
/* Read volatile data in order before computing diff.
|
|
||||||
* This avoids IAR compiler warning:
|
|
||||||
* 'the order of volatile accesses is undefined ..' */
|
|
||||||
unsigned char x = A[i], y = B[i];
|
|
||||||
diff |= x ^ y;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( diff );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*! The 64-bit default integrity check value (ICV) for KW mode. */
|
/*! The 64-bit default integrity check value (ICV) for KW mode. */
|
||||||
static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
|
static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
|
||||||
/*! The 32-bit default integrity check value (ICV) for KWP mode. */
|
/*! The 32-bit default integrity check value (ICV) for KWP mode. */
|
||||||
|
|
|
@ -44,6 +44,7 @@
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
@ -72,22 +73,6 @@
|
||||||
#define RSA_VALIDATE( cond ) \
|
#define RSA_VALIDATE( cond ) \
|
||||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
#if defined(MBEDTLS_PKCS1_V15)
|
|
||||||
/* constant-time buffer comparison */
|
|
||||||
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
|
||||||
{
|
|
||||||
size_t i;
|
|
||||||
const unsigned char *A = (const unsigned char *) a;
|
|
||||||
const unsigned char *B = (const unsigned char *) b;
|
|
||||||
unsigned char diff = 0;
|
|
||||||
|
|
||||||
for( i = 0; i < n; i++ )
|
|
||||||
diff |= A[i] ^ B[i];
|
|
||||||
|
|
||||||
return( diff );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_PKCS1_V15 */
|
|
||||||
|
|
||||||
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
||||||
const mbedtls_mpi *N,
|
const mbedtls_mpi *N,
|
||||||
const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||||
|
|
|
@ -33,6 +33,7 @@
|
||||||
#include "mbedtls/ssl_internal.h"
|
#include "mbedtls/ssl_internal.h"
|
||||||
#include "mbedtls/debug.h"
|
#include "mbedtls/debug.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
|
|
|
@ -36,6 +36,7 @@
|
||||||
#include "mbedtls/ssl_internal.h"
|
#include "mbedtls/ssl_internal.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
|
|
@ -44,6 +44,7 @@
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
#include "mbedtls/version.h"
|
#include "mbedtls/version.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#include "ssl_invasive.h"
|
#include "ssl_invasive.h"
|
||||||
|
|
||||||
|
|
|
@ -34,6 +34,7 @@
|
||||||
#include "mbedtls/debug.h"
|
#include "mbedtls/debug.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
|
|
@ -43,6 +43,7 @@
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
#include "mbedtls/version.h"
|
#include "mbedtls/version.h"
|
||||||
|
#include "constant_time.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue