Skip to content
Permalink
Browse files

libutee: TEE_MemCompare(): use constant time algorithm

TEE_MemCompare() currently calls memcmp() which returns as soon as a
difference is found in the compared buffers. The fact that the
comparison is not constant time for a given buffer size can reveal
information on the buffer content and lead to side-channel attacks.
Although the GlobalPlatform TEE Internal Core API specification says
nothing about this timing aspect, it is unsafe not to propose a constant
time implementation to TAs. A member of the GP specification working
group confirmed in an informal discussion.

Therefore, replace memcmp() with consttime_memcmp() for constant time
comparison. If a TA needs the fastest possible buffer comparison it can
call the C library function memcmp() (from <string.h>), which we provide
in libutils.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com> [3.2]
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
  • Loading branch information...
jforissier committed Feb 6, 2019
1 parent b7da54b commit 65551e69a006c496fb18d8374389b7b3617c2076
Showing with 7 additions and 1 deletion.
  1. +5 −0 lib/libutee/include/tee_api.h
  2. +2 −1 lib/libutee/tee_api.c
@@ -95,6 +95,11 @@ void TEE_Free(void *buffer);

void *TEE_MemMove(void *dest, const void *src, uint32_t size);

/*
* Note: TEE_MemCompare() has a constant-time implementation (execution time
* does not depend on buffer content but only on buffer size). It is the main
* difference with memcmp().
*/
int32_t TEE_MemCompare(const void *buffer1, const void *buffer2, uint32_t size);

void *TEE_MemFill(void *buff, uint32_t x, uint32_t size);
@@ -4,6 +4,7 @@
*/
#include <stdlib.h>
#include <string.h>
#include <string_ext.h>

#include <tee_api.h>
#include <tee_internal_api_extensions.h>
@@ -216,7 +217,7 @@ void *TEE_MemMove(void *dest, const void *src, uint32_t size)

int32_t TEE_MemCompare(const void *buffer1, const void *buffer2, uint32_t size)
{
return memcmp(buffer1, buffer2, size);
return consttime_memcmp(buffer1, buffer2, size);
}

void *TEE_MemFill(void *buff, uint32_t x, uint32_t size)

0 comments on commit 65551e6

Please sign in to comment.
You can’t perform that action at this time.