Please sign in to comment.
libutee: TEE_MemCompare(): use constant time algorithm
TEE_MemCompare() currently calls memcmp() which returns as soon as a difference is found in the compared buffers. The fact that the comparison is not constant time for a given buffer size can reveal information on the buffer content and lead to side-channel attacks. Although the GlobalPlatform TEE Internal Core API specification says nothing about this timing aspect, it is unsafe not to propose a constant time implementation to TAs. A member of the GP specification working group confirmed in an informal discussion. Therefore, replace memcmp() with consttime_memcmp() for constant time comparison. If a TA needs the fastest possible buffer comparison it can call the C library function memcmp() (from <string.h>), which we provide in libutils. Signed-off-by: Jerome Forissier <firstname.lastname@example.org> Reported-by: Bastien Simondi <email@example.com> [3.2] Reviewed-by: Jens Wiklander <firstname.lastname@example.org> Reviewed-by: Joakim Bech <email@example.com>
- Loading branch information...
Showing with 7 additions and 1 deletion.