From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B55FA46F8A; Fri, 26 Sep 2025 17:49:14 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3FBB840677; Fri, 26 Sep 2025 17:49:14 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) by mails.dpdk.org (Postfix) with ESMTP id 2EF7F40261; Fri, 26 Sep 2025 17:49:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1758901753; x=1790437753; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=sFppT/r/jCVCp7Hb2FiajDqh1oSiczFHlUGodYrmazE=; b=SfrvDUGirXOTkiFEQpafxj5tEp+3A35tvs9KJ9Cz0ZKzmTFn8/wg9knJ gSjal1iPTY2YSm2xbErxQJrkL19zWegrO3hDuhrQXBVK+2eqw1s7zmVZb 5ZfHTO4YUORrdyzuOgzN+Fn8I79dGvoVDxkD4fi+OuqVnmfVuI/cKU7RQ G0xEWxEAtiaNAC4KcGnzNqYONAiedXMsl0JP4au4cqjp6TeenYgX1iLjr 5sohVhsQyLCuBsz4/riF72V7K3A+3GF+PfzcmfIap1I3Im/9JEeLpPnHq CqGWF/+tEk+cNfx1JEUSxe62YUq76aIIyiXZNYkm5z9Ht7e6GmVa4ei4A A==; X-CSE-ConnectionGUID: M10HspbIRBK2A0ZEkZOccA== X-CSE-MsgGUID: SBJSasJRQG+bq5RRQteVag== X-IronPort-AV: E=McAfee;i="6800,10657,11565"; a="61405462" X-IronPort-AV: E=Sophos;i="6.18,295,1751266800"; d="scan'208";a="61405462" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Sep 2025 08:49:12 -0700 X-CSE-ConnectionGUID: OYT6+IOuRzOvBMVhwHlMtw== X-CSE-MsgGUID: YdzpjdINRTatMU6USJpZfQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.18,295,1751266800"; d="scan'208";a="177694255" Received: from silpixa00401840.ir.intel.com ([10.20.224.243]) by orviesa008.jf.intel.com with ESMTP; 26 Sep 2025 08:49:10 -0700 From: Kai Ji To: dev@dpdk.org Cc: gakhil@marvell.com, konstantin.ananyev@huawei.com, bruce.richardson@intel.com, thomas@monjalon.net, stephen@networkplumber.org, Kai Ji , stable@dpdk.org Subject: [dpdk-dev v2 1/2] eal: Add rte_consttime_memsq() to prevent timing attacks memcmp. Date: Fri, 26 Sep 2025 15:49:04 +0000 Message-Id: <20250926154905.54416-1-kai.ji@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250925102223.145471-1-kai.ji@intel.com> References: <20250925102223.145471-1-kai.ji@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Bugzilla ID: 1773 Cc: stable@dpdk.org [0] https://bugs.dpdk.org/show_bug.cgi?id=1773 Signed-off-by: Kai Ji --- lib/eal/include/rte_common.h | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/lib/eal/include/rte_common.h b/lib/eal/include/rte_common.h index 9e7d84f929..ddbba083be 100644 --- a/lib/eal/include/rte_common.h +++ b/lib/eal/include/rte_common.h @@ -700,6 +700,40 @@ rte_is_aligned(const void * const __rte_restrict ptr, const unsigned int align) return ((uintptr_t)ptr & (align - 1)) == 0; } +/** + * Constant-time memory inequality comparison. + * + * This function compares two memory regions in constant time, making it + * resistant to timing side-channel attacks. The execution time depends only + * on the length parameter, not on the actual data values being compared. + * + * This is particularly important for cryptographic operations where timing + * differences could leak information about secret keys, passwords, or other + * sensitive data. + * + * @param a + * Pointer to the first memory region to compare + * @param b + * Pointer to the second memory region to compare + * @param n + * Number of bytes to compare + * @return + * false if the memory regions are identical, true if they differ + */ +static inline bool +rte_consttime_memneq(const void *a, const void *b, size_t n) +{ + const volatile uint8_t *pa = (const volatile uint8_t *)a; + const volatile uint8_t *pb = (const volatile uint8_t *)b; + uint8_t result = 0; + size_t i; + + for (i = 0; i < n; i++) + result |= pa[i] ^ pb[i]; + + return result != 0; +} + /*********** Macros for compile type checks ********/ /* Workaround for toolchain issues with missing C11 macro in FreeBSD */ -- 2.34.1