memneq.c 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
  1. /*
  2. * Constant-time equality testing of memory regions.
  3. *
  4. * Authors:
  5. *
  6. * James Yonan <james@openvpn.net>
  7. * Daniel Borkmann <dborkman@redhat.com>
  8. *
  9. * This file is provided under a dual BSD/GPLv2 license. When using or
  10. * redistributing this file, you may do so under either license.
  11. *
  12. * GPL LICENSE SUMMARY
  13. *
  14. * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
  15. *
  16. * This program is free software; you can redistribute it and/or modify
  17. * it under the terms of version 2 of the GNU General Public License as
  18. * published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful, but
  21. * WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  23. * General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU General Public License
  26. * along with this program; if not, write to the Free Software
  27. * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
  28. * The full GNU General Public License is included in this distribution
  29. * in the file called LICENSE.GPL.
  30. *
  31. * BSD LICENSE
  32. *
  33. * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
  34. *
  35. * Redistribution and use in source and binary forms, with or without
  36. * modification, are permitted provided that the following conditions
  37. * are met:
  38. *
  39. * * Redistributions of source code must retain the above copyright
  40. * notice, this list of conditions and the following disclaimer.
  41. * * Redistributions in binary form must reproduce the above copyright
  42. * notice, this list of conditions and the following disclaimer in
  43. * the documentation and/or other materials provided with the
  44. * distribution.
  45. * * Neither the name of OpenVPN Technologies nor the names of its
  46. * contributors may be used to endorse or promote products derived
  47. * from this software without specific prior written permission.
  48. *
  49. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  50. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  51. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  52. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  53. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  54. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  55. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  56. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  57. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  58. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  59. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  60. */
  61. #include <crypto/algapi.h>
  62. #include <linux/export.h>
  63. #include <linux/module.h>
  64. #include <linux/unaligned.h>
  65. /* Generic path for arbitrary size */
  66. static inline unsigned long
  67. __crypto_memneq_generic(const void *a, const void *b, size_t size)
  68. {
  69. unsigned long neq = 0;
  70. #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
  71. while (size >= sizeof(unsigned long)) {
  72. neq |= get_unaligned((unsigned long *)a) ^
  73. get_unaligned((unsigned long *)b);
  74. OPTIMIZER_HIDE_VAR(neq);
  75. a += sizeof(unsigned long);
  76. b += sizeof(unsigned long);
  77. size -= sizeof(unsigned long);
  78. }
  79. #endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
  80. while (size > 0) {
  81. neq |= *(unsigned char *)a ^ *(unsigned char *)b;
  82. OPTIMIZER_HIDE_VAR(neq);
  83. a += 1;
  84. b += 1;
  85. size -= 1;
  86. }
  87. return neq;
  88. }
  89. /* Loop-free fast-path for frequently used 16-byte size */
  90. static inline unsigned long __crypto_memneq_16(const void *a, const void *b)
  91. {
  92. unsigned long neq = 0;
  93. #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
  94. if (sizeof(unsigned long) == 8) {
  95. neq |= get_unaligned((unsigned long *)a) ^
  96. get_unaligned((unsigned long *)b);
  97. OPTIMIZER_HIDE_VAR(neq);
  98. neq |= get_unaligned((unsigned long *)(a + 8)) ^
  99. get_unaligned((unsigned long *)(b + 8));
  100. OPTIMIZER_HIDE_VAR(neq);
  101. } else if (sizeof(unsigned int) == 4) {
  102. neq |= get_unaligned((unsigned int *)a) ^
  103. get_unaligned((unsigned int *)b);
  104. OPTIMIZER_HIDE_VAR(neq);
  105. neq |= get_unaligned((unsigned int *)(a + 4)) ^
  106. get_unaligned((unsigned int *)(b + 4));
  107. OPTIMIZER_HIDE_VAR(neq);
  108. neq |= get_unaligned((unsigned int *)(a + 8)) ^
  109. get_unaligned((unsigned int *)(b + 8));
  110. OPTIMIZER_HIDE_VAR(neq);
  111. neq |= get_unaligned((unsigned int *)(a + 12)) ^
  112. get_unaligned((unsigned int *)(b + 12));
  113. OPTIMIZER_HIDE_VAR(neq);
  114. } else
  115. #endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
  116. {
  117. neq |= *(unsigned char *)(a) ^ *(unsigned char *)(b);
  118. OPTIMIZER_HIDE_VAR(neq);
  119. neq |= *(unsigned char *)(a+1) ^ *(unsigned char *)(b+1);
  120. OPTIMIZER_HIDE_VAR(neq);
  121. neq |= *(unsigned char *)(a+2) ^ *(unsigned char *)(b+2);
  122. OPTIMIZER_HIDE_VAR(neq);
  123. neq |= *(unsigned char *)(a+3) ^ *(unsigned char *)(b+3);
  124. OPTIMIZER_HIDE_VAR(neq);
  125. neq |= *(unsigned char *)(a+4) ^ *(unsigned char *)(b+4);
  126. OPTIMIZER_HIDE_VAR(neq);
  127. neq |= *(unsigned char *)(a+5) ^ *(unsigned char *)(b+5);
  128. OPTIMIZER_HIDE_VAR(neq);
  129. neq |= *(unsigned char *)(a+6) ^ *(unsigned char *)(b+6);
  130. OPTIMIZER_HIDE_VAR(neq);
  131. neq |= *(unsigned char *)(a+7) ^ *(unsigned char *)(b+7);
  132. OPTIMIZER_HIDE_VAR(neq);
  133. neq |= *(unsigned char *)(a+8) ^ *(unsigned char *)(b+8);
  134. OPTIMIZER_HIDE_VAR(neq);
  135. neq |= *(unsigned char *)(a+9) ^ *(unsigned char *)(b+9);
  136. OPTIMIZER_HIDE_VAR(neq);
  137. neq |= *(unsigned char *)(a+10) ^ *(unsigned char *)(b+10);
  138. OPTIMIZER_HIDE_VAR(neq);
  139. neq |= *(unsigned char *)(a+11) ^ *(unsigned char *)(b+11);
  140. OPTIMIZER_HIDE_VAR(neq);
  141. neq |= *(unsigned char *)(a+12) ^ *(unsigned char *)(b+12);
  142. OPTIMIZER_HIDE_VAR(neq);
  143. neq |= *(unsigned char *)(a+13) ^ *(unsigned char *)(b+13);
  144. OPTIMIZER_HIDE_VAR(neq);
  145. neq |= *(unsigned char *)(a+14) ^ *(unsigned char *)(b+14);
  146. OPTIMIZER_HIDE_VAR(neq);
  147. neq |= *(unsigned char *)(a+15) ^ *(unsigned char *)(b+15);
  148. OPTIMIZER_HIDE_VAR(neq);
  149. }
  150. return neq;
  151. }
  152. /* Compare two areas of memory without leaking timing information,
  153. * and with special optimizations for common sizes. Users should
  154. * not call this function directly, but should instead use
  155. * crypto_memneq defined in crypto/algapi.h.
  156. */
  157. noinline unsigned long __crypto_memneq(const void *a, const void *b,
  158. size_t size)
  159. {
  160. switch (size) {
  161. case 16:
  162. return __crypto_memneq_16(a, b);
  163. default:
  164. return __crypto_memneq_generic(a, b, size);
  165. }
  166. }
  167. EXPORT_SYMBOL(__crypto_memneq);