From: Kai Ji <kai.ji@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, konstantin.ananyev@huawei.com,
bruce.richardson@intel.com, thomas@monjalon.net,
stephen@networkplumber.org, mb@smartsharesystems.com,
Kai Ji <kai.ji@intel.com>
Subject: [dpdk-dev v6 2/2] crypto/ipsec-mb: use constant-time memory comparison
Date: Thu, 2 Oct 2025 15:32:29 +0000 [thread overview]
Message-ID: <20251002153229.98158-2-kai.ji@intel.com> (raw)
In-Reply-To: <20251002153229.98158-1-kai.ji@intel.com>
Replace memcmp() with rte_timingsafe_memcmp() in cryptographic
authentication verification operations across iipsec-mb drivers.
Note: OpenSSL crypto driver already uses CRYPTO_memcmp() which
provides equivalent timing attack resistance and is left unchanged.
Note: scheduler driver memcmp stays unchanged as its not secret data
comparison and actually faster with no timing attack risk.
Bugzilla ID: 1773
https://bugs.dpdk.org/show_bug.cgi?id=1773
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 5 ++---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 6 +++---
drivers/crypto/ipsec_mb/pmd_snow3g.c | 4 ++--
drivers/crypto/ipsec_mb/pmd_zuc.c | 4 ++--
4 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index 8d40bd9169..8c35820ef7 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -206,7 +206,7 @@ post_process_gcm_crypto_op(struct ipsec_mb_qp *qp,
tag, session->req_digest_length);
#endif
- if (memcmp(tag, digest, session->req_digest_length) != 0)
+ if (!rte_memeq_timingsafe(tag, digest, session->req_digest_length))
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} else {
if (session->req_digest_length != session->gen_digest_length) {
@@ -558,8 +558,7 @@ aesni_gcm_sgl_op_finalize_decryption(const struct aesni_gcm_session *s,
ops.finalize_dec(&s->gdata_key, gdata_ctx, tmpdigest,
s->gen_digest_length);
- return memcmp(digest, tmpdigest, s->req_digest_length) == 0 ? 0
- : EBADMSG;
+ return rte_memeq_timingsafe(digest, tmpdigest, s->req_digest_length) ? 0 : EBADMSG;
}
static inline void
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index a6c3f09b6f..251e2b42e2 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1902,7 +1902,7 @@ verify_docsis_sec_crc(IMB_JOB *job, uint8_t *status)
crc = job->dst + crc_offset;
/* Verify CRC (at the end of the message) */
- if (memcmp(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN) != 0)
+ if (!rte_memeq_timingsafe(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN))
*status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
@@ -1910,7 +1910,7 @@ static inline void
verify_digest(IMB_JOB *job, void *digest, uint16_t len, uint8_t *status)
{
/* Verify digest if required */
- if (memcmp(job->auth_tag_output, digest, len) != 0)
+ if (!rte_memeq_timingsafe(job->auth_tag_output, digest, len))
*status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
@@ -2305,7 +2305,7 @@ verify_sync_dgst(struct rte_crypto_sym_vec *vec,
for (i = 0, k = 0; i != vec->num; i++) {
if (vec->status[i] == 0) {
- if (memcmp(vec->digest[i].va, dgst[i], len) != 0)
+ if (!rte_memeq_timingsafe(vec->digest[i].va, dgst[i], len))
vec->status[i] = EBADMSG;
else
k++;
diff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c
index 65f0e5c568..b3c3b05a8a 100644
--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c
+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c
@@ -269,8 +269,8 @@ process_snow3g_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,
&session->pKeySched_hash,
iv, src, length_in_bits, dst);
/* Verify digest. */
- if (memcmp(dst, ops[i]->sym->auth.digest.data,
- SNOW3G_DIGEST_LENGTH) != 0)
+ if (!rte_memeq_timingsafe(dst, ops[i]->sym->auth.digest.data,
+ SNOW3G_DIGEST_LENGTH))
ops[i]->status =
RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} else {
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
index 44781be1d1..28ab6982f2 100644
--- a/drivers/crypto/ipsec_mb/pmd_zuc.c
+++ b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -185,8 +185,8 @@ process_zuc_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,
*/
for (i = 0; i < processed_ops; i++)
if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
- if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
- ZUC_DIGEST_LENGTH) != 0)
+ if (!rte_memeq_timingsafe(dst[i], ops[i]->sym->auth.digest.data,
+ ZUC_DIGEST_LENGTH))
ops[i]->status =
RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
--
2.34.1
next prev parent reply other threads:[~2025-10-02 15:32 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 10:22 [dpdk-dev v1] cryptodev: introduce constant-time memory comparison Kai Ji
2025-09-25 10:33 ` [EXTERNAL] " Akhil Goyal
2025-09-25 20:47 ` Thomas Monjalon
2025-09-26 7:55 ` Bruce Richardson
2025-09-26 7:58 ` Bruce Richardson
2025-09-26 12:34 ` Morten Brørup
2025-09-26 8:13 ` Konstantin Ananyev
2025-09-26 8:16 ` Konstantin Ananyev
2025-09-26 15:49 ` [dpdk-dev v2 1/2] eal: Add rte_consttime_memsq() to prevent timing attacks memcmp Kai Ji
2025-09-26 15:49 ` [dpdk-dev v2 2/2] crypto/ipsec-mb: use constant-time memory comparison Kai Ji
2025-09-26 16:02 ` [dpdk-dev v3 1/2] eal: Add rte_consttime_memneq() to prevent timing attacks memcmp Kai Ji
2025-09-26 16:02 ` [dpdk-dev v3 2/2] crypto/ipsec-mb: use constant-time memory comparison Kai Ji
2025-09-26 18:12 ` [dpdk-dev v3 1/2] eal: Add rte_consttime_memneq() to prevent timing attacks memcmp Stephen Hemminger
2025-09-26 19:17 ` Morten Brørup
2025-09-26 20:15 ` Stephen Hemminger
2025-09-29 14:50 ` [dpdk-dev v4 1/2] eal: Add mem equal and non-equal " Kai Ji
2025-09-29 14:50 ` [dpdk-dev v4 2/2] crypto/ipsec-mb: use constant-time memory comparison Kai Ji
2025-09-29 23:54 ` Stephen Hemminger
2025-09-29 16:32 ` [dpdk-dev v4 1/2] eal: Add mem equal and non-equal to prevent timing attacks memcmp Stephen Hemminger
2025-09-29 17:48 ` Morten Brørup
2025-09-29 22:48 ` Stephen Hemminger
2025-09-30 6:16 ` Morten Brørup
2025-10-01 15:32 ` [dpdk-dev v5 1/2] eal: introduce rte_timingsafe_memcmp() based on OpenBSD API Kai Ji
2025-10-01 15:32 ` [dpdk-dev v5 2/2] crypto/ipsec-mb: use constant-time memory comparison Kai Ji
2025-10-01 17:26 ` [dpdk-dev v5 1/2] eal: introduce rte_timingsafe_memcmp() based on OpenBSD API Bruce Richardson
2025-10-01 18:57 ` Morten Brørup
2025-10-02 8:09 ` Bruce Richardson
2025-10-02 8:37 ` Morten Brørup
2025-10-02 8:40 ` Bruce Richardson
2025-10-02 15:32 ` [dpdk-dev v6 1/2] eal: introduce rte_memeq_timingsafe() based on FreeBSD API Kai Ji
2025-10-02 15:32 ` Kai Ji [this message]
2025-10-15 16:37 ` [dpdk-dev v6 2/2] crypto/ipsec-mb: use constant-time memory comparison Thomas Monjalon
2025-10-03 7:35 ` [dpdk-dev v6 1/2] eal: introduce rte_memeq_timingsafe() based on FreeBSD API Morten Brørup
2025-10-10 11:22 ` Ji, Kai
2025-09-26 18:07 ` [dpdk-dev v2 1/2] eal: Add rte_consttime_memsq() to prevent timing attacks memcmp Stephen Hemminger
2025-09-29 7:39 ` Bruce Richardson
2025-09-29 23:43 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251002153229.98158-2-kai.ji@intel.com \
--to=kai.ji@intel.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=konstantin.ananyev@huawei.com \
--cc=mb@smartsharesystems.com \
--cc=stephen@networkplumber.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.