1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun * Constant-time equality testing of memory regions.
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Authors:
5*4882a593Smuzhiyun *
6*4882a593Smuzhiyun * James Yonan <james@openvpn.net>
7*4882a593Smuzhiyun * Daniel Borkmann <dborkman@redhat.com>
8*4882a593Smuzhiyun *
9*4882a593Smuzhiyun * This file is provided under a dual BSD/GPLv2 license. When using or
10*4882a593Smuzhiyun * redistributing this file, you may do so under either license.
11*4882a593Smuzhiyun *
12*4882a593Smuzhiyun * GPL LICENSE SUMMARY
13*4882a593Smuzhiyun *
14*4882a593Smuzhiyun * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
15*4882a593Smuzhiyun *
16*4882a593Smuzhiyun * This program is free software; you can redistribute it and/or modify
17*4882a593Smuzhiyun * it under the terms of version 2 of the GNU General Public License as
18*4882a593Smuzhiyun * published by the Free Software Foundation.
19*4882a593Smuzhiyun *
20*4882a593Smuzhiyun * This program is distributed in the hope that it will be useful, but
21*4882a593Smuzhiyun * WITHOUT ANY WARRANTY; without even the implied warranty of
22*4882a593Smuzhiyun * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23*4882a593Smuzhiyun * General Public License for more details.
24*4882a593Smuzhiyun *
25*4882a593Smuzhiyun * You should have received a copy of the GNU General Public License
26*4882a593Smuzhiyun * along with this program; if not, write to the Free Software
27*4882a593Smuzhiyun * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
28*4882a593Smuzhiyun * The full GNU General Public License is included in this distribution
29*4882a593Smuzhiyun * in the file called LICENSE.GPL.
30*4882a593Smuzhiyun *
31*4882a593Smuzhiyun * BSD LICENSE
32*4882a593Smuzhiyun *
33*4882a593Smuzhiyun * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
34*4882a593Smuzhiyun *
35*4882a593Smuzhiyun * Redistribution and use in source and binary forms, with or without
36*4882a593Smuzhiyun * modification, are permitted provided that the following conditions
37*4882a593Smuzhiyun * are met:
38*4882a593Smuzhiyun *
39*4882a593Smuzhiyun * * Redistributions of source code must retain the above copyright
40*4882a593Smuzhiyun * notice, this list of conditions and the following disclaimer.
41*4882a593Smuzhiyun * * Redistributions in binary form must reproduce the above copyright
42*4882a593Smuzhiyun * notice, this list of conditions and the following disclaimer in
43*4882a593Smuzhiyun * the documentation and/or other materials provided with the
44*4882a593Smuzhiyun * distribution.
45*4882a593Smuzhiyun * * Neither the name of OpenVPN Technologies nor the names of its
46*4882a593Smuzhiyun * contributors may be used to endorse or promote products derived
47*4882a593Smuzhiyun * from this software without specific prior written permission.
48*4882a593Smuzhiyun *
49*4882a593Smuzhiyun * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
50*4882a593Smuzhiyun * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
51*4882a593Smuzhiyun * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
52*4882a593Smuzhiyun * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
53*4882a593Smuzhiyun * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
54*4882a593Smuzhiyun * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
55*4882a593Smuzhiyun * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
56*4882a593Smuzhiyun * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
57*4882a593Smuzhiyun * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
58*4882a593Smuzhiyun * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
59*4882a593Smuzhiyun * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
60*4882a593Smuzhiyun */
61*4882a593Smuzhiyun
62*4882a593Smuzhiyun #include <crypto/algapi.h>
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun #ifndef __HAVE_ARCH_CRYPTO_MEMNEQ
65*4882a593Smuzhiyun
66*4882a593Smuzhiyun /* Generic path for arbitrary size */
67*4882a593Smuzhiyun static inline unsigned long
__crypto_memneq_generic(const void * a,const void * b,size_t size)68*4882a593Smuzhiyun __crypto_memneq_generic(const void *a, const void *b, size_t size)
69*4882a593Smuzhiyun {
70*4882a593Smuzhiyun unsigned long neq = 0;
71*4882a593Smuzhiyun
72*4882a593Smuzhiyun #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
73*4882a593Smuzhiyun while (size >= sizeof(unsigned long)) {
74*4882a593Smuzhiyun neq |= *(unsigned long *)a ^ *(unsigned long *)b;
75*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
76*4882a593Smuzhiyun a += sizeof(unsigned long);
77*4882a593Smuzhiyun b += sizeof(unsigned long);
78*4882a593Smuzhiyun size -= sizeof(unsigned long);
79*4882a593Smuzhiyun }
80*4882a593Smuzhiyun #endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
81*4882a593Smuzhiyun while (size > 0) {
82*4882a593Smuzhiyun neq |= *(unsigned char *)a ^ *(unsigned char *)b;
83*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
84*4882a593Smuzhiyun a += 1;
85*4882a593Smuzhiyun b += 1;
86*4882a593Smuzhiyun size -= 1;
87*4882a593Smuzhiyun }
88*4882a593Smuzhiyun return neq;
89*4882a593Smuzhiyun }
90*4882a593Smuzhiyun
91*4882a593Smuzhiyun /* Loop-free fast-path for frequently used 16-byte size */
__crypto_memneq_16(const void * a,const void * b)92*4882a593Smuzhiyun static inline unsigned long __crypto_memneq_16(const void *a, const void *b)
93*4882a593Smuzhiyun {
94*4882a593Smuzhiyun unsigned long neq = 0;
95*4882a593Smuzhiyun
96*4882a593Smuzhiyun #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
97*4882a593Smuzhiyun if (sizeof(unsigned long) == 8) {
98*4882a593Smuzhiyun neq |= *(unsigned long *)(a) ^ *(unsigned long *)(b);
99*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
100*4882a593Smuzhiyun neq |= *(unsigned long *)(a+8) ^ *(unsigned long *)(b+8);
101*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
102*4882a593Smuzhiyun } else if (sizeof(unsigned int) == 4) {
103*4882a593Smuzhiyun neq |= *(unsigned int *)(a) ^ *(unsigned int *)(b);
104*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
105*4882a593Smuzhiyun neq |= *(unsigned int *)(a+4) ^ *(unsigned int *)(b+4);
106*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
107*4882a593Smuzhiyun neq |= *(unsigned int *)(a+8) ^ *(unsigned int *)(b+8);
108*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
109*4882a593Smuzhiyun neq |= *(unsigned int *)(a+12) ^ *(unsigned int *)(b+12);
110*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
111*4882a593Smuzhiyun } else
112*4882a593Smuzhiyun #endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
113*4882a593Smuzhiyun {
114*4882a593Smuzhiyun neq |= *(unsigned char *)(a) ^ *(unsigned char *)(b);
115*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
116*4882a593Smuzhiyun neq |= *(unsigned char *)(a+1) ^ *(unsigned char *)(b+1);
117*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
118*4882a593Smuzhiyun neq |= *(unsigned char *)(a+2) ^ *(unsigned char *)(b+2);
119*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
120*4882a593Smuzhiyun neq |= *(unsigned char *)(a+3) ^ *(unsigned char *)(b+3);
121*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
122*4882a593Smuzhiyun neq |= *(unsigned char *)(a+4) ^ *(unsigned char *)(b+4);
123*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
124*4882a593Smuzhiyun neq |= *(unsigned char *)(a+5) ^ *(unsigned char *)(b+5);
125*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
126*4882a593Smuzhiyun neq |= *(unsigned char *)(a+6) ^ *(unsigned char *)(b+6);
127*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
128*4882a593Smuzhiyun neq |= *(unsigned char *)(a+7) ^ *(unsigned char *)(b+7);
129*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
130*4882a593Smuzhiyun neq |= *(unsigned char *)(a+8) ^ *(unsigned char *)(b+8);
131*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
132*4882a593Smuzhiyun neq |= *(unsigned char *)(a+9) ^ *(unsigned char *)(b+9);
133*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
134*4882a593Smuzhiyun neq |= *(unsigned char *)(a+10) ^ *(unsigned char *)(b+10);
135*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
136*4882a593Smuzhiyun neq |= *(unsigned char *)(a+11) ^ *(unsigned char *)(b+11);
137*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
138*4882a593Smuzhiyun neq |= *(unsigned char *)(a+12) ^ *(unsigned char *)(b+12);
139*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
140*4882a593Smuzhiyun neq |= *(unsigned char *)(a+13) ^ *(unsigned char *)(b+13);
141*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
142*4882a593Smuzhiyun neq |= *(unsigned char *)(a+14) ^ *(unsigned char *)(b+14);
143*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
144*4882a593Smuzhiyun neq |= *(unsigned char *)(a+15) ^ *(unsigned char *)(b+15);
145*4882a593Smuzhiyun OPTIMIZER_HIDE_VAR(neq);
146*4882a593Smuzhiyun }
147*4882a593Smuzhiyun
148*4882a593Smuzhiyun return neq;
149*4882a593Smuzhiyun }
150*4882a593Smuzhiyun
151*4882a593Smuzhiyun /* Compare two areas of memory without leaking timing information,
152*4882a593Smuzhiyun * and with special optimizations for common sizes. Users should
153*4882a593Smuzhiyun * not call this function directly, but should instead use
154*4882a593Smuzhiyun * crypto_memneq defined in crypto/algapi.h.
155*4882a593Smuzhiyun */
__crypto_memneq(const void * a,const void * b,size_t size)156*4882a593Smuzhiyun noinline unsigned long __crypto_memneq(const void *a, const void *b,
157*4882a593Smuzhiyun size_t size)
158*4882a593Smuzhiyun {
159*4882a593Smuzhiyun switch (size) {
160*4882a593Smuzhiyun case 16:
161*4882a593Smuzhiyun return __crypto_memneq_16(a, b);
162*4882a593Smuzhiyun default:
163*4882a593Smuzhiyun return __crypto_memneq_generic(a, b, size);
164*4882a593Smuzhiyun }
165*4882a593Smuzhiyun }
166*4882a593Smuzhiyun EXPORT_SYMBOL(__crypto_memneq);
167*4882a593Smuzhiyun
168*4882a593Smuzhiyun #endif /* __HAVE_ARCH_CRYPTO_MEMNEQ */
169