Replace memcmp() with rte_timingsafe_memcmp() in cryptographic authentication verification operations across iipsec-mb drivers.
Note: OpenSSL crypto driver already uses CRYPTO_memcmp() which provides equivalent timing attack resistance and is left unchanged. Note: scheduler driver memcmp stays unchanged as its not secret data comparison and actually faster with no timing attack risk. Bugzilla ID: 1773 https://bugs.dpdk.org/show_bug.cgi?id=1773 Signed-off-by: Kai Ji <kai...@intel.com> --- drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 5 ++--- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 6 +++--- drivers/crypto/ipsec_mb/pmd_snow3g.c | 4 ++-- drivers/crypto/ipsec_mb/pmd_zuc.c | 4 ++-- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c index 8d40bd9169..8c35820ef7 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c @@ -206,7 +206,7 @@ post_process_gcm_crypto_op(struct ipsec_mb_qp *qp, tag, session->req_digest_length); #endif - if (memcmp(tag, digest, session->req_digest_length) != 0) + if (!rte_memeq_timingsafe(tag, digest, session->req_digest_length)) op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } else { if (session->req_digest_length != session->gen_digest_length) { @@ -558,8 +558,7 @@ aesni_gcm_sgl_op_finalize_decryption(const struct aesni_gcm_session *s, ops.finalize_dec(&s->gdata_key, gdata_ctx, tmpdigest, s->gen_digest_length); - return memcmp(digest, tmpdigest, s->req_digest_length) == 0 ? 0 - : EBADMSG; + return rte_memeq_timingsafe(digest, tmpdigest, s->req_digest_length) ? 0 : EBADMSG; } static inline void diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index a6c3f09b6f..251e2b42e2 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -1902,7 +1902,7 @@ verify_docsis_sec_crc(IMB_JOB *job, uint8_t *status) crc = job->dst + crc_offset; /* Verify CRC (at the end of the message) */ - if (memcmp(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN) != 0) + if (!rte_memeq_timingsafe(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN)) *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } @@ -1910,7 +1910,7 @@ static inline void verify_digest(IMB_JOB *job, void *digest, uint16_t len, uint8_t *status) { /* Verify digest if required */ - if (memcmp(job->auth_tag_output, digest, len) != 0) + if (!rte_memeq_timingsafe(job->auth_tag_output, digest, len)) *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } @@ -2305,7 +2305,7 @@ verify_sync_dgst(struct rte_crypto_sym_vec *vec, for (i = 0, k = 0; i != vec->num; i++) { if (vec->status[i] == 0) { - if (memcmp(vec->digest[i].va, dgst[i], len) != 0) + if (!rte_memeq_timingsafe(vec->digest[i].va, dgst[i], len)) vec->status[i] = EBADMSG; else k++; diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c index 65f0e5c568..b3c3b05a8a 100644 --- a/drivers/crypto/ipsec_mb/pmd_snow3g.c +++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c @@ -269,8 +269,8 @@ process_snow3g_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops, &session->pKeySched_hash, iv, src, length_in_bits, dst); /* Verify digest. */ - if (memcmp(dst, ops[i]->sym->auth.digest.data, - SNOW3G_DIGEST_LENGTH) != 0) + if (!rte_memeq_timingsafe(dst, ops[i]->sym->auth.digest.data, + SNOW3G_DIGEST_LENGTH)) ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } else { diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c index 44781be1d1..28ab6982f2 100644 --- a/drivers/crypto/ipsec_mb/pmd_zuc.c +++ b/drivers/crypto/ipsec_mb/pmd_zuc.c @@ -185,8 +185,8 @@ process_zuc_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops, */ for (i = 0; i < processed_ops; i++) if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) - if (memcmp(dst[i], ops[i]->sym->auth.digest.data, - ZUC_DIGEST_LENGTH) != 0) + if (!rte_memeq_timingsafe(dst[i], ops[i]->sym->auth.digest.data, + ZUC_DIGEST_LENGTH)) ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; -- 2.34.1
