memneq.c 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
  1. /*
  2. * Constant-time equality testing of memory regions.
  3. *
  4. * Authors:
  5. *
  6. * James Yonan <[email protected]>
  7. * Daniel Borkmann <[email protected]>
  8. *
  9. * This file is provided under a dual BSD/GPLv2 license. When using or
  10. * redistributing this file, you may do so under either license.
  11. *
  12. * GPL LICENSE SUMMARY
  13. *
  14. * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
  15. *
  16. * This program is free software; you can redistribute it and/or modify
  17. * it under the terms of version 2 of the GNU General Public License as
  18. * published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful, but
  21. * WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  23. * General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU General Public License
  26. * along with this program; if not, write to the Free Software
  27. * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
  28. * The full GNU General Public License is included in this distribution
  29. * in the file called LICENSE.GPL.
  30. *
  31. * BSD LICENSE
  32. *
  33. * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
  34. *
  35. * Redistribution and use in source and binary forms, with or without
  36. * modification, are permitted provided that the following conditions
  37. * are met:
  38. *
  39. * * Redistributions of source code must retain the above copyright
  40. * notice, this list of conditions and the following disclaimer.
  41. * * Redistributions in binary form must reproduce the above copyright
  42. * notice, this list of conditions and the following disclaimer in
  43. * the documentation and/or other materials provided with the
  44. * distribution.
  45. * * Neither the name of OpenVPN Technologies nor the names of its
  46. * contributors may be used to endorse or promote products derived
  47. * from this software without specific prior written permission.
  48. *
  49. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  50. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  51. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  52. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  53. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  54. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  55. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  56. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  57. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  58. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  59. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  60. */
  61. #include <crypto/algapi.h>
  62. #ifndef __HAVE_ARCH_CRYPTO_MEMNEQ
  63. /* Generic path for arbitrary size */
  64. static inline unsigned long
  65. __crypto_memneq_generic(const void *a, const void *b, size_t size)
  66. {
  67. unsigned long neq = 0;
  68. #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
  69. while (size >= sizeof(unsigned long)) {
  70. neq |= *(unsigned long *)a ^ *(unsigned long *)b;
  71. OPTIMIZER_HIDE_VAR(neq);
  72. a += sizeof(unsigned long);
  73. b += sizeof(unsigned long);
  74. size -= sizeof(unsigned long);
  75. }
  76. #endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
  77. while (size > 0) {
  78. neq |= *(unsigned char *)a ^ *(unsigned char *)b;
  79. OPTIMIZER_HIDE_VAR(neq);
  80. a += 1;
  81. b += 1;
  82. size -= 1;
  83. }
  84. return neq;
  85. }
  86. /* Loop-free fast-path for frequently used 16-byte size */
  87. static inline unsigned long __crypto_memneq_16(const void *a, const void *b)
  88. {
  89. unsigned long neq = 0;
  90. #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
  91. if (sizeof(unsigned long) == 8) {
  92. neq |= *(unsigned long *)(a) ^ *(unsigned long *)(b);
  93. OPTIMIZER_HIDE_VAR(neq);
  94. neq |= *(unsigned long *)(a+8) ^ *(unsigned long *)(b+8);
  95. OPTIMIZER_HIDE_VAR(neq);
  96. } else if (sizeof(unsigned int) == 4) {
  97. neq |= *(unsigned int *)(a) ^ *(unsigned int *)(b);
  98. OPTIMIZER_HIDE_VAR(neq);
  99. neq |= *(unsigned int *)(a+4) ^ *(unsigned int *)(b+4);
  100. OPTIMIZER_HIDE_VAR(neq);
  101. neq |= *(unsigned int *)(a+8) ^ *(unsigned int *)(b+8);
  102. OPTIMIZER_HIDE_VAR(neq);
  103. neq |= *(unsigned int *)(a+12) ^ *(unsigned int *)(b+12);
  104. OPTIMIZER_HIDE_VAR(neq);
  105. } else
  106. #endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
  107. {
  108. neq |= *(unsigned char *)(a) ^ *(unsigned char *)(b);
  109. OPTIMIZER_HIDE_VAR(neq);
  110. neq |= *(unsigned char *)(a+1) ^ *(unsigned char *)(b+1);
  111. OPTIMIZER_HIDE_VAR(neq);
  112. neq |= *(unsigned char *)(a+2) ^ *(unsigned char *)(b+2);
  113. OPTIMIZER_HIDE_VAR(neq);
  114. neq |= *(unsigned char *)(a+3) ^ *(unsigned char *)(b+3);
  115. OPTIMIZER_HIDE_VAR(neq);
  116. neq |= *(unsigned char *)(a+4) ^ *(unsigned char *)(b+4);
  117. OPTIMIZER_HIDE_VAR(neq);
  118. neq |= *(unsigned char *)(a+5) ^ *(unsigned char *)(b+5);
  119. OPTIMIZER_HIDE_VAR(neq);
  120. neq |= *(unsigned char *)(a+6) ^ *(unsigned char *)(b+6);
  121. OPTIMIZER_HIDE_VAR(neq);
  122. neq |= *(unsigned char *)(a+7) ^ *(unsigned char *)(b+7);
  123. OPTIMIZER_HIDE_VAR(neq);
  124. neq |= *(unsigned char *)(a+8) ^ *(unsigned char *)(b+8);
  125. OPTIMIZER_HIDE_VAR(neq);
  126. neq |= *(unsigned char *)(a+9) ^ *(unsigned char *)(b+9);
  127. OPTIMIZER_HIDE_VAR(neq);
  128. neq |= *(unsigned char *)(a+10) ^ *(unsigned char *)(b+10);
  129. OPTIMIZER_HIDE_VAR(neq);
  130. neq |= *(unsigned char *)(a+11) ^ *(unsigned char *)(b+11);
  131. OPTIMIZER_HIDE_VAR(neq);
  132. neq |= *(unsigned char *)(a+12) ^ *(unsigned char *)(b+12);
  133. OPTIMIZER_HIDE_VAR(neq);
  134. neq |= *(unsigned char *)(a+13) ^ *(unsigned char *)(b+13);
  135. OPTIMIZER_HIDE_VAR(neq);
  136. neq |= *(unsigned char *)(a+14) ^ *(unsigned char *)(b+14);
  137. OPTIMIZER_HIDE_VAR(neq);
  138. neq |= *(unsigned char *)(a+15) ^ *(unsigned char *)(b+15);
  139. OPTIMIZER_HIDE_VAR(neq);
  140. }
  141. return neq;
  142. }
  143. /* Compare two areas of memory without leaking timing information,
  144. * and with special optimizations for common sizes. Users should
  145. * not call this function directly, but should instead use
  146. * crypto_memneq defined in crypto/algapi.h.
  147. */
  148. noinline unsigned long __crypto_memneq(const void *a, const void *b,
  149. size_t size)
  150. {
  151. switch (size) {
  152. case 16:
  153. return __crypto_memneq_16(a, b);
  154. default:
  155. return __crypto_memneq_generic(a, b, size);
  156. }
  157. }
  158. EXPORT_SYMBOL(__crypto_memneq);
  159. #endif /* __HAVE_ARCH_CRYPTO_MEMNEQ */