Re: [kernel-hardening] [PATCH 4/6] security/keys: use constant time memory comparison for macs

[James Morris]

On Sat, 10 Jun 2017, Jason A. Donenfeld wrote:

> Otherwise, we enable a MAC forgery via timing attack.
> 
> Signed-off-by: Jason A. Donenfeld 
> Cc: David Safford 
> Cc: Mimi Zohar 
> Cc: David Howells 
> Cc: keyri...@vger.kernel.org
> Cc: sta...@vger.kernel.org


Reviewed-by: James Morris 


-- 
James Morris

Re: [kernel-hardening] [PATCH 4/6] security/keys: use constant time memory comparison for macs

[James Morris]

On Sat, 10 Jun 2017, Jason A. Donenfeld wrote:

> Otherwise, we enable a MAC forgery via timing attack.
> 
> Signed-off-by: Jason A. Donenfeld 
> Cc: David Safford 
> Cc: Mimi Zohar 
> Cc: David Howells 
> Cc: keyri...@vger.kernel.org
> Cc: sta...@vger.kernel.org


Reviewed-by: James Morris 


-- 
James Morris

[PATCH 4/6] security/keys: use constant time memory comparison for macs

[Jason A. Donenfeld]

Otherwise, we enable a MAC forgery via timing attack.

Signed-off-by: Jason A. Donenfeld 
Cc: David Safford 
Cc: Mimi Zohar 
Cc: David Howells 
Cc: keyri...@vger.kernel.org
Cc: sta...@vger.kernel.org
---
 security/keys/trusted.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 2ae31c5a87de..df7d30b0a6f7 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -11,6 +11,7 @@
  * See Documentation/security/keys-trusted-encrypted.txt
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -243,7 +244,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
if (ret < 0)
goto out;
 
-   if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
+   if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE))
ret = -EINVAL;
 out:
kfree(sdesc);
@@ -335,7 +336,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
  TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
if (ret < 0)
goto out;
-   if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
+   if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
ret = -EINVAL;
goto out;
}
@@ -344,7 +345,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
  TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
if (ret < 0)
goto out;
-   if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
+   if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE))
ret = -EINVAL;
 out:
kfree(sdesc);
-- 
2.13.1

[PATCH 4/6] security/keys: use constant time memory comparison for macs

[Jason A. Donenfeld]

Otherwise, we enable a MAC forgery via timing attack.

Signed-off-by: Jason A. Donenfeld 
Cc: David Safford 
Cc: Mimi Zohar 
Cc: David Howells 
Cc: keyri...@vger.kernel.org
Cc: sta...@vger.kernel.org
---
 security/keys/trusted.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 2ae31c5a87de..df7d30b0a6f7 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -11,6 +11,7 @@
  * See Documentation/security/keys-trusted-encrypted.txt
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -243,7 +244,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
if (ret < 0)
goto out;
 
-   if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
+   if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE))
ret = -EINVAL;
 out:
kfree(sdesc);
@@ -335,7 +336,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
  TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
if (ret < 0)
goto out;
-   if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
+   if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
ret = -EINVAL;
goto out;
}
@@ -344,7 +345,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
  TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
if (ret < 0)
goto out;
-   if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
+   if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE))
ret = -EINVAL;
 out:
kfree(sdesc);
-- 
2.13.1