Use constant-time TPM secret checks

F/2248

Author: danielinux

include/tpm.h

@@ -79,6 +79,10 @@ int wolfBoot_load_pubkey(const uint8_t* pubkey_hint, WOLFTPM2_KEY* pubKey,
     TPM_ALG_ID* pAlg);
 #endif
 
+#if defined(WOLFBOOT_TPM_KEYSTORE) || defined(WOLFBOOT_TPM_SEAL)
+int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b, uint32_t len);
+#endif
+
 #ifdef WOLFBOOT_TPM_KEYSTORE
 int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint);
 #endif

src/tpm.c

@@ -44,7 +44,7 @@ WOLFTPM2_KEY     wolftpm_srk;
 #endif
 
 #if defined(WOLFBOOT_TPM_SEAL) || defined(WOLFBOOT_TPM_KEYSTORE)
-static int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b,
+int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b,
     uint32_t len)
 {
     uint32_t i;

src/update_flash.c

@@ -1265,7 +1265,8 @@ int wolfBoot_unlock_disk(void)
                     secretCheck, &secretCheckSz);
                 if (ret == 0) {
                     if (secretSz != secretCheckSz ||
-                        memcmp(secret, secretCheck, secretSz) != 0)
+                        wolfBoot_constant_compare(secret, secretCheck,
+                            (uint32_t)secretSz) != 0)
                     {
                         wolfBoot_printf("secret check mismatch!\n");
                         ret = -1;

src/x86/ahci.c

@@ -296,7 +296,8 @@ static int sata_create_and_seal_unlock_secret(const uint8_t *pubkey_hint,
                               secret_check, &secret_check_sz);
         if (ret == 0) {
             if (*secret_size != secret_check_sz ||
-                memcmp(secret, secret_check, secret_check_sz) != 0)
+                wolfBoot_constant_compare(secret, secret_check,
+                    (uint32_t)secret_check_sz) != 0)
                 {
                     wolfBoot_printf("secret check mismatch!\n");
                     ret = -1;