| From eed0e3d305530066b4fc5370107cff8ef1a0d229 Mon Sep 17 00:00:00 2001 |
| From: Eric Biggers <ebiggers@kernel.org> |
| Date: Sat, 9 Aug 2025 10:19:39 -0700 |
| Subject: KEYS: trusted_tpm1: Compare HMAC values in constant time |
| |
| From: Eric Biggers <ebiggers@kernel.org> |
| |
| commit eed0e3d305530066b4fc5370107cff8ef1a0d229 upstream. |
| |
| To prevent timing attacks, HMAC value comparison needs to be constant |
| time. Replace the memcmp() with the correct function, crypto_memneq(). |
| |
| [For the Fixes commit I used the commit that introduced the memcmp(). |
| It predates the introduction of crypto_memneq(), but it was still a bug |
| at the time even though a helper function didn't exist yet.] |
| |
| Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Eric Biggers <ebiggers@kernel.org> |
| Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> |
| Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| security/keys/trusted-keys/trusted_tpm1.c | 7 ++++--- |
| 1 file changed, 4 insertions(+), 3 deletions(-) |
| |
| --- a/security/keys/trusted-keys/trusted_tpm1.c |
| +++ b/security/keys/trusted-keys/trusted_tpm1.c |
| @@ -7,6 +7,7 @@ |
| */ |
| |
| #include <crypto/hash_info.h> |
| +#include <crypto/utils.h> |
| #include <linux/init.h> |
| #include <linux/slab.h> |
| #include <linux/parser.h> |
| @@ -241,7 +242,7 @@ int TSS_checkhmac1(unsigned char *buffer |
| if (ret < 0) |
| goto out; |
| |
| - if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) |
| + if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) |
| ret = -EINVAL; |
| out: |
| kfree_sensitive(sdesc); |
| @@ -334,7 +335,7 @@ static int TSS_checkhmac2(unsigned char |
| TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); |
| if (ret < 0) |
| goto out; |
| - if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { |
| + if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { |
| ret = -EINVAL; |
| goto out; |
| } |
| @@ -343,7 +344,7 @@ static int TSS_checkhmac2(unsigned char |
| TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); |
| if (ret < 0) |
| goto out; |
| - if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) |
| + if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) |
| ret = -EINVAL; |
| out: |
| kfree_sensitive(sdesc); |