Gentwo Git Trees - linux/.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Fri, 1 Aug 2025 21:24:21 +0000 (14:24 -0700)
committer	Jarkko Sakkinen <jarkko@kernel.org>
	Fri, 10 Oct 2025 05:21:45 +0000 (08:21 +0300)
commit	2c2615c8423890b5ef8e0a186b65607ef5fdeda1
tree	5c5a8a6c0aaa04ae71f0d0cb5501d1215070a0c6	tree \| snapshot
parent	4bddf4587c131d7b8ce8952cd32b284dcda0dd1f	commit \| diff

tpm: Compare HMAC values in constant time

In tpm_buf_check_hmac_response(), compare the HMAC values in constant
time using crypto_memneq() instead of in variable time using memcmp().

This is worthwhile to follow best practices and to be consistent with
MAC comparisons elsewhere in the kernel. However, in this driver the
side channel seems to have been benign: the HMAC input data is
guaranteed to always be unique, which makes the usual MAC forgery via
timing side channel not possible. Specifically, the HMAC input data in
tpm_buf_check_hmac_response() includes the "our_nonce" field, which was
generated by the kernel earlier, remains under the control of the
kernel, and is unique for each call to tpm_buf_check_hmac_response().

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

drivers/char/tpm/Kconfig		diff \| blob \| blame \| history
drivers/char/tpm/tpm2-sessions.c		diff \| blob \| blame \| history