wifi: check tkip/ccmp mac and crc in constant time avoiding timing side channels
This commit is contained in:
parent
a57a6e511f
commit
4a47b264ac
|
@ -1429,8 +1429,7 @@ tkipdecrypt(Wkey *k, Wifipkt *w, Block *b, uvlong tsc)
|
||||||
(ulong)b->wp[2]<<16 |
|
(ulong)b->wp[2]<<16 |
|
||||||
(ulong)b->wp[3]<<24;
|
(ulong)b->wp[3]<<24;
|
||||||
crc = ~crc;
|
crc = ~crc;
|
||||||
if(ethercrc(b->rp, BLEN(b)) != crc)
|
crc ^= ethercrc(b->rp, BLEN(b));
|
||||||
return -1;
|
|
||||||
|
|
||||||
b->wp -= 8;
|
b->wp -= 8;
|
||||||
micsetup(&ms, k->key+16);
|
micsetup(&ms, k->key+16);
|
||||||
|
@ -1440,7 +1439,7 @@ tkipdecrypt(Wkey *k, Wifipkt *w, Block *b, uvlong tsc)
|
||||||
micupdate(&ms, b->rp, BLEN(b));
|
micupdate(&ms, b->rp, BLEN(b));
|
||||||
micfinish(&ms, mic);
|
micfinish(&ms, mic);
|
||||||
|
|
||||||
return memcmp(b->wp, mic, 8) != 0;
|
return tsmemcmp(b->wp, mic, 8) | crc;
|
||||||
}
|
}
|
||||||
|
|
||||||
static uchar*
|
static uchar*
|
||||||
|
@ -1561,7 +1560,7 @@ aesCCMdecrypt(int L, int M, uchar *N /* N[15-L] */,
|
||||||
for(p = sblock(L, N, 0, b, s), x = t; p < &b[M]; x++, p++)
|
for(p = sblock(L, N, 0, b, s), x = t; p < &b[M]; x++, p++)
|
||||||
*x ^= *p;
|
*x ^= *p;
|
||||||
|
|
||||||
return memcmp(m, t, M) != 0;
|
return tsmemcmp(m, t, M);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
|
Loading…
Reference in a new issue