From a2a1b803da77e6a1fe3f059f2059280a97a95ca2 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 16:37:59 +0200 Subject: [PATCH] Make safer_memcmp available to all compile units under PSA Now renamed to mbedtls_psa_safer_memcmp, it provides a single location for buffer comparison. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 18 ++---------------- library/psa_crypto_core.h | 20 ++++++++++++++++++++ library/psa_crypto_mac.c | 14 +------------- 3 files changed, 23 insertions(+), 29 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 81770bff9..dbf05b9ec 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -93,20 +93,6 @@ #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) -/* constant-time buffer comparison */ -static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) -{ - size_t i; - unsigned char diff = 0; - - for( i = 0; i < n; i++ ) - diff |= a[i] ^ b[i]; - - return( diff ); -} - - - /****************************************************************/ /* Global data, support functions and library management */ /****************************************************************/ @@ -2235,7 +2221,7 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation, return( status ); if( actual_hash_length != hash_length ) return( PSA_ERROR_INVALID_SIGNATURE ); - if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) + if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) return( PSA_ERROR_INVALID_SIGNATURE ); return( PSA_SUCCESS ); } @@ -2271,7 +2257,7 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg, return( status ); if( actual_hash_length != hash_length ) return( PSA_ERROR_INVALID_SIGNATURE ); - if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) + if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) return( PSA_ERROR_INVALID_SIGNATURE ); return( PSA_SUCCESS ); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 90f9d1863..b75e59a81 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -30,6 +30,26 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +/** Constant-time buffer comparison + * + * \param[in] a Left-hand buffer for comparison. + * \param[in] b Right-hand buffer for comparison. + * \param n Amount of bytes to compare. + * + * \return 0 if the buffer contents are equal, non-zero otherwise + */ +static inline int mbedtls_psa_safer_memcmp( + const uint8_t *a, const uint8_t *b, size_t n ) +{ + size_t i; + unsigned char diff = 0; + + for( i = 0; i < n; i++ ) + diff |= a[i] ^ b[i]; + + return( diff ); +} + /** The data structure representing a key slot, containing key material * and metadata for one key. */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 7122ecdd3..854aee4f0 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -526,18 +526,6 @@ static psa_status_t mac_sign_finish( return( status ); } -/* constant-time buffer comparison */ -static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) -{ - size_t i; - unsigned char diff = 0; - - for( i = 0; i < n; i++ ) - diff |= a[i] ^ b[i]; - - return( diff ); -} - static psa_status_t mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, @@ -562,7 +550,7 @@ static psa_status_t mac_verify_finish( if( status != PSA_SUCCESS ) goto cleanup; - if( safer_memcmp( mac, actual_mac, mac_length ) != 0 ) + if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 ) status = PSA_ERROR_INVALID_SIGNATURE; cleanup: