• Antonio Nino Diaz's avatar
    Revert "tbbr: Use constant-time bcmp() to compare hashes" · fabd21ad
    Antonio Nino Diaz authored
    This reverts commit b621fb50
    
    .
    
    Because of the Trusted Firmware design, timing-safe functions are not
    needed. Using them may be misleading as it could be interpreted as being
    a protection against private data leakage, which isn't the case here.
    
    For each image, the SHA-256 hash is calculated. Some padding is appended
    and the result is encrypted with a private key using RSA-2048. This is
    the signature of the image. The public key is stored along with BL1 in
    read-only memory and the encrypted hash is stored in the FIP.
    
    When authenticating an image, the TF decrypts the hash stored in the FIP
    and recalculates the hash of the image. If they don't match, the boot
    sequence won't continue.
    
    A constant-time comparison does not provide additional security as all
    the data involved in this process is already known to any attacker.
    There is no private data that can leaked through a timing attack when
    authenticating an image.
    
    `timingsafe_bcmp()` is kept in the codebase because it could be useful
    in the future.
    
    Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888
    Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
    fabd21ad
mbedtls_x509_parser.c 12.4 KB