[dpdk-dev v3 2/2] crypto/ipsec-mb: use constant-time memory comparison
Kai Ji
kai.ji at intel.com
Fri Sep 26 18:02:09 CEST 2025
Replace memcmp() with rte_consttime_memneq() in cryptographic
authentication verification operations in ipsec_mb crypto driver.
Note: OpenSSL crypto driver already uses CRYPTO_memcmp() which
provides equivalent timing attack resistance and is left unchanged.
Note: scheduler driver memcmp stays unchanged as its not secret data
comparison and actually faster with no timing attack risk.
Bugzilla ID: 1773
https://bugs.dpdk.org/show_bug.cgi?id=1773
Signed-off-by: Kai Ji <kai.ji at intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 5 ++---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 6 +++---
drivers/crypto/ipsec_mb/pmd_snow3g.c | 4 ++--
drivers/crypto/ipsec_mb/pmd_zuc.c | 4 ++--
4 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index 8d40bd9169..bfe119bf77 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -206,7 +206,7 @@ post_process_gcm_crypto_op(struct ipsec_mb_qp *qp,
tag, session->req_digest_length);
#endif
- if (memcmp(tag, digest, session->req_digest_length) != 0)
+ if (rte_consttime_memneq(tag, digest, session->req_digest_length))
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} else {
if (session->req_digest_length != session->gen_digest_length) {
@@ -558,8 +558,7 @@ aesni_gcm_sgl_op_finalize_decryption(const struct aesni_gcm_session *s,
ops.finalize_dec(&s->gdata_key, gdata_ctx, tmpdigest,
s->gen_digest_length);
- return memcmp(digest, tmpdigest, s->req_digest_length) == 0 ? 0
- : EBADMSG;
+ return rte_consttime_memneq(digest, tmpdigest, s->req_digest_length) ? EBADMSG : 0;
}
static inline void
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index a6c3f09b6f..f23a09376e 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1902,7 +1902,7 @@ verify_docsis_sec_crc(IMB_JOB *job, uint8_t *status)
crc = job->dst + crc_offset;
/* Verify CRC (at the end of the message) */
- if (memcmp(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN) != 0)
+ if (rte_consttime_memneq(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN))
*status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
@@ -1910,7 +1910,7 @@ static inline void
verify_digest(IMB_JOB *job, void *digest, uint16_t len, uint8_t *status)
{
/* Verify digest if required */
- if (memcmp(job->auth_tag_output, digest, len) != 0)
+ if (rte_consttime_memneq(job->auth_tag_output, digest, len))
*status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
@@ -2305,7 +2305,7 @@ verify_sync_dgst(struct rte_crypto_sym_vec *vec,
for (i = 0, k = 0; i != vec->num; i++) {
if (vec->status[i] == 0) {
- if (memcmp(vec->digest[i].va, dgst[i], len) != 0)
+ if (rte_consttime_memneq(vec->digest[i].va, dgst[i], len))
vec->status[i] = EBADMSG;
else
k++;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index 65f0e5c568..befb60e473 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -269,8 +269,8 @@ process_snow3g_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,
&session->pKeySched_hash,
iv, src, length_in_bits, dst);
/* Verify digest. */
- if (memcmp(dst, ops[i]->sym->auth.digest.data,
- SNOW3G_DIGEST_LENGTH) != 0)
+ if (rte_consttime_memneq(dst, ops[i]->sym->auth.digest.data,
+ SNOW3G_DIGEST_LENGTH))
ops[i]->status =
RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} else {
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
index 44781be1d1..8f0be0465a 100644
--- a/drivers/crypto/ipsec_mb/pmd_zuc.c
+++ b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -185,8 +185,8 @@ process_zuc_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,
*/
for (i = 0; i < processed_ops; i++)
if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
- if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
- ZUC_DIGEST_LENGTH) != 0)
+ if (rte_consttime_memneq(dst[i], ops[i]->sym->auth.digest.data,
+ ZUC_DIGEST_LENGTH))
ops[i]->status =
RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
--
2.34.1
More information about the dev
mailing list