CR50: add a constant time buffer equals implementation

Various cryptographic operations leak timing information if comparisons are not executed in constant time. This change adds DCRYPTO_equals(), a constant runtime comparator. Also replace crypto related callsites that used memcmp() as a binary comparator. BUG=none BRANCH=none TEST=tcg tests pass Change-Id: I3d3da3c0524c3a349d60675902d1f2d338ad455f Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/410163 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Marius Schilder <mschilder@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>
author: nagendra modadugu <ngm@google.com> 2016-11-10 15:19:09 -0800
committer: chrome-bot <chrome-bot@chromium.org> 2016-11-11 14:27:23 -0800
commit: d7222a4956de9412fcca8a0d34c206e5dbd79abb (patch)
tree: 3e83ecf417cc421523f85dc5e19799a21bc23f9a /board/cr50/tpm2/NVMem.c
parent: d558d2bee1322c925364e46ae3cc5ed2bb5075d6 (diff)
download: chrome-ec-d7222a4956de9412fcca8a0d34c206e5dbd79abb.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/board/cr50/tpm2/NVMem.c b/board/cr50/tpm2/NVMem.c
index f78308033c..7874a89e86 100644
--- a/board/cr50/tpm2/NVMem.c
+++ b/board/cr50/tpm2/NVMem.c
@@ -135,8 +135,7 @@ _plat__NvIsDifferent(unsigned int startOffset,
 #ifdef CONFIG_FLASH_NVMEM
 	return (nvmem_is_different(startOffset, size, data, NVMEM_TPM) != 0);
 #else
-	/* Do we need a safe memcmp here? */
-	return (memcmp(&s_NV[startOffset], data, size) != 0);
+	return !DCRYPTO_equals(&s_NV[startOffset], data, size);
 #endif
 }
author	nagendra modadugu <ngm@google.com>	2016-11-10 15:19:09 -0800
committer	chrome-bot <chrome-bot@chromium.org>	2016-11-11 14:27:23 -0800
commit	d7222a4956de9412fcca8a0d34c206e5dbd79abb (patch)
tree	3e83ecf417cc421523f85dc5e19799a21bc23f9a /board/cr50/tpm2/NVMem.c
parent	d558d2bee1322c925364e46ae3cc5ed2bb5075d6 (diff)
download	chrome-ec-d7222a4956de9412fcca8a0d34c206e5dbd79abb.tar.gz