Skip to content

mbedtls should provide a constant time MD / HMAC check function #3040

New issue
New issue
Open
#9461
Open
mbedtls should provide a constant time MD / HMAC check function#3040
#9461
Assignees
tom-cosgrove-arm
Labels
component-cryptoCrypto primitives and low-level interfacesenhancementhelp-wantedThis issue is not being actively worked on, but PRs welcome.
@JaapKeuter

Description

@JaapKeuter
JaapKeuter
opened on Feb 12, 2020
  • Type: Enhancement\Feature Request
  • Priority: Minor

With the focus on creating the MD / HMAC it is easy to forget that before further processing a received packet one should check the MD / HMAC first, and that this check should be done in a constant-time manner. This in order not to reveil any partial correctness of the MD / HMAC, therefore a simple memcmp() won't do. It would be nice if mbedtls, besides helping to generate the MD / HMAC, provides a safe way to check the MD / HMAC on a received packet.

Metadata

Metadata

Assignees

Labels

component-cryptoCrypto primitives and low-level interfacesenhancementhelp-wantedThis issue is not being actively worked on, but PRs welcome.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions