libutee: TEE_MemCompare(): use constant time algorithm

TEE_MemCompare() currently calls memcmp() which returns as soon as a
difference is found in the compared buffers. The fact that the
comparison is not constant time for a given buffer size can reveal
information on the buffer content and lead to side-channel attacks.
Although the GlobalPlatform TEE Internal Core API specification says
nothing about this timing aspect, it is unsafe not to propose a constant
time implementation to TAs. A member of the GP specification working
group confirmed in an informal discussion.

Therefore, replace memcmp() with consttime_memcmp() for constant time
comparison. If a TA needs the fastest possible buffer comparison it can
call the C library function memcmp() (from <string.h>), which we provide
in libutils.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com> [3.2]
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

lib/libutee/include/tee_api.h

@@ -95,6 +95,11 @@ void TEE_Free(void *buffer);
 
 void *TEE_MemMove(void *dest, const void *src, uint32_t size);
 
+/*
+ * Note: TEE_MemCompare() has a constant-time implementation (execution time
+ * does not depend on buffer content but only on buffer size). It is the main
+ * difference with memcmp().
+ */
 int32_t TEE_MemCompare(const void *buffer1, const void *buffer2, uint32_t size);
 
 void *TEE_MemFill(void *buff, uint32_t x, uint32_t size);

lib/libutee/tee_api.c

@@ -4,6 +4,7 @@
  */
 #include <stdlib.h>
 #include <string.h>
+#include <string_ext.h>
 
 #include <tee_api.h>
 #include <tee_internal_api_extensions.h>
@@ -216,7 +217,7 @@ void *TEE_MemMove(void *dest, const void *src, uint32_t size)
 
 int32_t TEE_MemCompare(const void *buffer1, const void *buffer2, uint32_t size)
 {
-	return memcmp(buffer1, buffer2, size);
+	return consttime_memcmp(buffer1, buffer2, size);
 }
 
 void *TEE_MemFill(void *buff, uint32_t x, uint32_t size)