[linux.git] / crypto / memneq.c

/*
 * Constant-time equality testing of memory regions.
 *
 * Authors:
 *
 *   James Yonan <[email protected]>
 *   Daniel Borkmann <[email protected]>
 *
 * This file is provided under a dual BSD/GPLv2 license.  When using or
 * redistributing this file, you may do so under either license.
 *
 * GPL LICENSE SUMMARY
 *
 * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
 * The full GNU General Public License is included in this distribution
 * in the file called LICENSE.GPL.
 *
 * BSD LICENSE
 *
 * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of OpenVPN Technologies nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <crypto/algapi.h>
#include <asm/unaligned.h>

#ifndef __HAVE_ARCH_CRYPTO_MEMNEQ

/* Generic path for arbitrary size */
static inline unsigned long
__crypto_memneq_generic(const void *a, const void *b, size_t size)
{
	unsigned long neq = 0;

#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
	while (size >= sizeof(unsigned long)) {
		neq |= get_unaligned((unsigned long *)a) ^
		       get_unaligned((unsigned long *)b);
		OPTIMIZER_HIDE_VAR(neq);
		a += sizeof(unsigned long);
		b += sizeof(unsigned long);
		size -= sizeof(unsigned long);
	}
#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
	while (size > 0) {
		neq |= *(unsigned char *)a ^ *(unsigned char *)b;
		OPTIMIZER_HIDE_VAR(neq);
		a += 1;
		b += 1;
		size -= 1;
	}
	return neq;
}

/* Loop-free fast-path for frequently used 16-byte size */
static inline unsigned long __crypto_memneq_16(const void *a, const void *b)
{
	unsigned long neq = 0;

#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
	if (sizeof(unsigned long) == 8) {
		neq |= get_unaligned((unsigned long *)a) ^
		       get_unaligned((unsigned long *)b);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= get_unaligned((unsigned long *)(a + 8)) ^
		       get_unaligned((unsigned long *)(b + 8));
		OPTIMIZER_HIDE_VAR(neq);
	} else if (sizeof(unsigned int) == 4) {
		neq |= get_unaligned((unsigned int *)a) ^
		       get_unaligned((unsigned int *)b);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= get_unaligned((unsigned int *)(a + 4)) ^
		       get_unaligned((unsigned int *)(b + 4));
		OPTIMIZER_HIDE_VAR(neq);
		neq |= get_unaligned((unsigned int *)(a + 8)) ^
		       get_unaligned((unsigned int *)(b + 8));
		OPTIMIZER_HIDE_VAR(neq);
		neq |= get_unaligned((unsigned int *)(a + 12)) ^
		       get_unaligned((unsigned int *)(b + 12));
		OPTIMIZER_HIDE_VAR(neq);
	} else
#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
	{
		neq |= *(unsigned char *)(a)    ^ *(unsigned char *)(b);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+1)  ^ *(unsigned char *)(b+1);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+2)  ^ *(unsigned char *)(b+2);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+3)  ^ *(unsigned char *)(b+3);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+4)  ^ *(unsigned char *)(b+4);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+5)  ^ *(unsigned char *)(b+5);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+6)  ^ *(unsigned char *)(b+6);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+7)  ^ *(unsigned char *)(b+7);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+8)  ^ *(unsigned char *)(b+8);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+9)  ^ *(unsigned char *)(b+9);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+10) ^ *(unsigned char *)(b+10);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+11) ^ *(unsigned char *)(b+11);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+12) ^ *(unsigned char *)(b+12);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+13) ^ *(unsigned char *)(b+13);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+14) ^ *(unsigned char *)(b+14);
		OPTIMIZER_HIDE_VAR(neq);
		neq |= *(unsigned char *)(a+15) ^ *(unsigned char *)(b+15);
		OPTIMIZER_HIDE_VAR(neq);
	}

	return neq;
}

/* Compare two areas of memory without leaking timing information,
 * and with special optimizations for common sizes.  Users should
 * not call this function directly, but should instead use
 * crypto_memneq defined in crypto/algapi.h.
 */
noinline unsigned long __crypto_memneq(const void *a, const void *b,
				       size_t size)
{
	switch (size) {
	case 16:
		return __crypto_memneq_16(a, b);
	default:
		return __crypto_memneq_generic(a, b, size);
	}
}
EXPORT_SYMBOL(__crypto_memneq);

#endif /* __HAVE_ARCH_CRYPTO_MEMNEQ */
Commit	Line	Data
6bf37e5a JY	1	/*
	2	* Constant-time equality testing of memory regions.
	3	*
	4	* Authors:
	5	*
	6	* James Yonan <[email protected]>
	7	* Daniel Borkmann <[email protected]>
	8	*
	9	* This file is provided under a dual BSD/GPLv2 license. When using or
	10	* redistributing this file, you may do so under either license.
	11	*
	12	* GPL LICENSE SUMMARY
	13	*
	14	* Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
	15	*
	16	* This program is free software; you can redistribute it and/or modify
	17	* it under the terms of version 2 of the GNU General Public License as
	18	* published by the Free Software Foundation.
	19	*
	20	* This program is distributed in the hope that it will be useful, but
	21	* WITHOUT ANY WARRANTY; without even the implied warranty of
	22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	23	* General Public License for more details.
	24	*
	25	* You should have received a copy of the GNU General Public License
	26	* along with this program; if not, write to the Free Software
	27	* Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
	28	* The full GNU General Public License is included in this distribution
	29	* in the file called LICENSE.GPL.
	30	*
	31	* BSD LICENSE
	32	*
	33	* Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved.
	34	*
	35	* Redistribution and use in source and binary forms, with or without
	36	* modification, are permitted provided that the following conditions
	37	* are met:
	38	*
	39	* * Redistributions of source code must retain the above copyright
	40	* notice, this list of conditions and the following disclaimer.
	41	* * Redistributions in binary form must reproduce the above copyright
	42	* notice, this list of conditions and the following disclaimer in
	43	* the documentation and/or other materials provided with the
	44	* distribution.
	45	* * Neither the name of OpenVPN Technologies nor the names of its
	46	* contributors may be used to endorse or promote products derived
	47	* from this software without specific prior written permission.
	48	*
	49	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	50	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	51	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	52	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	53	* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	54	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	55	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	56	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	57	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	58	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	59	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	60	*/
	61
	62	#include <crypto/algapi.h>
1c16dfbe	63	#include <asm/unaligned.h>
6bf37e5a JY	64
	65	#ifndef __HAVE_ARCH_CRYPTO_MEMNEQ
	66
	67	/* Generic path for arbitrary size */
	68	static inline unsigned long
	69	__crypto_memneq_generic(const void a, const void b, size_t size)
	70	{
	71	unsigned long neq = 0;
	72
	73	#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
	74	while (size >= sizeof(unsigned long)) {
1c16dfbe AB	75	neq \|= get_unaligned((unsigned long *)a) ^
1c16dfbe AB	76	get_unaligned((unsigned long *)b);
fe8c8a12	77	OPTIMIZER_HIDE_VAR(neq);
6bf37e5a JY	78	a += sizeof(unsigned long);
	79	b += sizeof(unsigned long);
	80	size -= sizeof(unsigned long);
	81	}
	82	#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
	83	while (size > 0) {
	84	neq \|= (unsigned char )a ^ (unsigned char )b;
fe8c8a12	85	OPTIMIZER_HIDE_VAR(neq);
6bf37e5a JY	86	a += 1;
	87	b += 1;
	88	size -= 1;
	89	}
	90	return neq;
	91	}
	92
	93	/* Loop-free fast-path for frequently used 16-byte size */
	94	static inline unsigned long __crypto_memneq_16(const void a, const void b)
	95	{
fe8c8a12 CEB	96	unsigned long neq = 0;
fe8c8a12 CEB	97
6bf37e5a	98	#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
fe8c8a12	99	if (sizeof(unsigned long) == 8) {
1c16dfbe AB	100	neq \|= get_unaligned((unsigned long *)a) ^
1c16dfbe AB	101	get_unaligned((unsigned long *)b);
fe8c8a12	102	OPTIMIZER_HIDE_VAR(neq);
1c16dfbe AB	103	neq \|= get_unaligned((unsigned long *)(a + 8)) ^
1c16dfbe AB	104	get_unaligned((unsigned long *)(b + 8));
fe8c8a12 CEB	105	OPTIMIZER_HIDE_VAR(neq);
fe8c8a12 CEB	106	} else if (sizeof(unsigned int) == 4) {
1c16dfbe AB	107	neq \|= get_unaligned((unsigned int *)a) ^
1c16dfbe AB	108	get_unaligned((unsigned int *)b);
fe8c8a12	109	OPTIMIZER_HIDE_VAR(neq);
1c16dfbe AB	110	neq \|= get_unaligned((unsigned int *)(a + 4)) ^
1c16dfbe AB	111	get_unaligned((unsigned int *)(b + 4));
fe8c8a12	112	OPTIMIZER_HIDE_VAR(neq);
1c16dfbe AB	113	neq \|= get_unaligned((unsigned int *)(a + 8)) ^
1c16dfbe AB	114	get_unaligned((unsigned int *)(b + 8));
fe8c8a12	115	OPTIMIZER_HIDE_VAR(neq);
1c16dfbe AB	116	neq \|= get_unaligned((unsigned int *)(a + 12)) ^
1c16dfbe AB	117	get_unaligned((unsigned int *)(b + 12));
fe8c8a12	118	OPTIMIZER_HIDE_VAR(neq);
e37b94eb	119	} else
6bf37e5a	120	#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */
e37b94eb	121	{
fe8c8a12 CEB	122	neq \|= (unsigned char )(a) ^ (unsigned char )(b);
	123	OPTIMIZER_HIDE_VAR(neq);
	124	neq \|= (unsigned char )(a+1) ^ (unsigned char )(b+1);
	125	OPTIMIZER_HIDE_VAR(neq);
	126	neq \|= (unsigned char )(a+2) ^ (unsigned char )(b+2);
	127	OPTIMIZER_HIDE_VAR(neq);
	128	neq \|= (unsigned char )(a+3) ^ (unsigned char )(b+3);
	129	OPTIMIZER_HIDE_VAR(neq);
	130	neq \|= (unsigned char )(a+4) ^ (unsigned char )(b+4);
	131	OPTIMIZER_HIDE_VAR(neq);
	132	neq \|= (unsigned char )(a+5) ^ (unsigned char )(b+5);
	133	OPTIMIZER_HIDE_VAR(neq);
	134	neq \|= (unsigned char )(a+6) ^ (unsigned char )(b+6);
	135	OPTIMIZER_HIDE_VAR(neq);
	136	neq \|= (unsigned char )(a+7) ^ (unsigned char )(b+7);
	137	OPTIMIZER_HIDE_VAR(neq);
	138	neq \|= (unsigned char )(a+8) ^ (unsigned char )(b+8);
	139	OPTIMIZER_HIDE_VAR(neq);
	140	neq \|= (unsigned char )(a+9) ^ (unsigned char )(b+9);
	141	OPTIMIZER_HIDE_VAR(neq);
	142	neq \|= (unsigned char )(a+10) ^ (unsigned char )(b+10);
	143	OPTIMIZER_HIDE_VAR(neq);
	144	neq \|= (unsigned char )(a+11) ^ (unsigned char )(b+11);
	145	OPTIMIZER_HIDE_VAR(neq);
	146	neq \|= (unsigned char )(a+12) ^ (unsigned char )(b+12);
	147	OPTIMIZER_HIDE_VAR(neq);
	148	neq \|= (unsigned char )(a+13) ^ (unsigned char )(b+13);
	149	OPTIMIZER_HIDE_VAR(neq);
	150	neq \|= (unsigned char )(a+14) ^ (unsigned char )(b+14);
	151	OPTIMIZER_HIDE_VAR(neq);
	152	neq \|= (unsigned char )(a+15) ^ (unsigned char )(b+15);
	153	OPTIMIZER_HIDE_VAR(neq);
	154	}
	155
	156	return neq;
6bf37e5a JY	157	}
	158
	159	/* Compare two areas of memory without leaking timing information,
	160	* and with special optimizations for common sizes. Users should
	161	* not call this function directly, but should instead use
	162	* crypto_memneq defined in crypto/algapi.h.
	163	*/
	164	noinline unsigned long __crypto_memneq(const void a, const void b,
	165	size_t size)
	166	{
	167	switch (size) {
	168	case 16:
	169	return __crypto_memneq_16(a, b);
	170	default:
	171	return __crypto_memneq_generic(a, b, size);
	172	}
	173	}
	174	EXPORT_SYMBOL(__crypto_memneq);
	175
	176	#endif /* __HAVE_ARCH_CRYPTO_MEMNEQ */