EAP-SIM/AKA: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index 8232be37c5e6ce9deaf0d3973e664158eb3e8070..2adc3b376a8effe22a1c93074d8fa4298f84622b 100644 (file)
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -198,7 +198,7 @@ int eap_sim_verify_mac(const u8 *k_aut, const struct wpabuf *req,
                    hmac, EAP_SIM_MAC_LEN);
        os_free(tmp);
 
-       return (os_memcmp(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1;
+       return (os_memcmp_const(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1;
 }
 
 
@@ -393,7 +393,7 @@ int eap_sim_verify_mac_sha256(const u8 *k_aut, const struct wpabuf *req,
                    hmac, EAP_SIM_MAC_LEN);
        os_free(tmp);
 
-       return (os_memcmp(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1;
+       return (os_memcmp_const(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1;
 }
 
 

diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index 04d7c89808ddf8ab98c5db4938833bfb50073186..28164fbb5ea8052636ca87b80dc48b228f197e1f 100644 (file)
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -294,7 +294,7 @@ static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
        {
                u8 autn[EAP_AKA_AUTN_LEN];
                os_memset(autn, '1', EAP_AKA_AUTN_LEN);
-               if (os_memcmp(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) {
+               if (os_memcmp_const(autn, data->autn, EAP_AKA_AUTN_LEN) != 0) {
                        wpa_printf(MSG_WARNING, "EAP-AKA: AUTN did not match "
                                   "with expected value");
                        return -1;
@@ -509,7 +509,7 @@ static int eap_aka_verify_checkcode(struct eap_aka_data *data,
 #endif /* EAP_AKA_PRIME */
                sha1_vector(1, &addr, &len, hash);
 
-       if (os_memcmp(hash, checkcode, hash_len) != 0) {
+       if (os_memcmp_const(hash, checkcode, hash_len) != 0) {
                wpa_printf(MSG_DEBUG, "EAP-AKA: Mismatch in AT_CHECKCODE");
                return -1;
        }

diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index 565c971edd1158555d48380ac8b9fda43f08e176..1907f2007e0b2e8cd4b8eb6f75ff6e86cecf85c8 100644 (file)
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -336,7 +336,7 @@ static int eap_aka_verify_checkcode(struct eap_aka_data *data,
        else
                sha1_vector(1, &addr, &len, hash);
 
-       if (os_memcmp(hash, checkcode, hash_len) != 0) {
+       if (os_memcmp_const(hash, checkcode, hash_len) != 0) {
                wpa_printf(MSG_DEBUG, "EAP-AKA: Mismatch in AT_CHECKCODE");
                return -1;
        }
@@ -963,7 +963,7 @@ static void eap_aka_process_challenge(struct eap_sm *sm,
         */
        if (attr->res == NULL || attr->res_len < data->res_len ||
            attr->res_len_bits != data->res_len * 8 ||
-           os_memcmp(attr->res, data->res, data->res_len) != 0) {
+           os_memcmp_const(attr->res, data->res, data->res_len) != 0) {
                wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not "
                           "include valid AT_RES (attr len=%lu, res len=%lu "
                           "bits, expected %lu bits)",