TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 25b857a27e6859e19cb802f43278385543adbc40^! / . / bl2 / ext / mcuboot / bootutil / src / image_validate.c
commit25b857a27e6859e19cb802f43278385543adbc40[log] [tgz]
authorRaef Coles <raef.coles@arm.com>Thu Sep 05 13:59:55 2019 +0100
committerTamas Ban <tamas.ban@arm.com>Fri Sep 27 14:28:29 2019 +0000
tree2cce191283bf7f1070b68e7a62a238a027f39081
parent6bd5b8138c1081b81817a32514304ecf5400b4da [diff] [blame]
Boot: Add constant time memory equality function

Add boot_secure_memequal function which runs in constant time,
mitigating the risk of timing side channel attacks. Replace calls to
memcmp where applicable (where they test only equality).

Change-Id: I062a433a67a1a865d6e890ba06a75bfb6b13deb3
Signed-off-by: Raef Coles <raef.coles@arm.com>

diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c
index 931f459..d471155 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_validate.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c

@@ -146,7 +146,7 @@
     if (plat_err != TFM_PLAT_ERR_SUCCESS) {
         return -1;
     }
-    if (!memcmp(hash, key_hash, key_hash_size)) {
+    if (!boot_secure_memequal(hash, key_hash, key_hash_size)) {
         bootutil_keys[0].key = key;
         pub_key_len = key_len;
         return 0;
@@ -169,7 +169,7 @@
         bootutil_sha256_init(&sha256_ctx);
         bootutil_sha256_update(&sha256_ctx, key->key, *key->len);
         bootutil_sha256_finish(&sha256_ctx, hash);
-        if (!memcmp(hash, keyhash, keyhash_len)) {
+        if (!boot_secure_memequal(hash, keyhash, keyhash_len)) {
             return i;
         }
     }
@@ -229,7 +229,7 @@
                 return -1;
             }
 
-            if (memcmp(hash, (uint32_t *)(load_address + off + tlv_sz),
+            if (boot_secure_memequal(hash, (uint32_t *)(load_address + off + tlv_sz),
                        sizeof(hash))) {
                 return -1;
             }
@@ -419,7 +419,7 @@
             if (rc) {
                 return rc;
             }
-            if (memcmp(hash, buf, sizeof(hash))) {
+            if (boot_secure_memequal(hash, buf, sizeof(hash))) {
                 return -1;
             }