Google Git
Sign in
android/platform/frameworks/native/ca8d670c16^!/.
commit
ca8d670c1656a6a47ef0f31fdfe1744d75fe5543
[log]
author
tyiu <tyiu@google.com>
Tue Feb 21 22:38:32 2023 +0000
committer
Timothy Yiu <tyiu@google.com>
Wed Mar 15 04:07:55 2023 +0000
tree
7abe60c0b7958e718226f4fac3ab4120693b5426
parent
0905d59160e5cd5ff7bf63261c7b5cad6b875b9a [diff]
RESTRICT AUTOMERGE: Fix HMAC Compare time attack

Added constant time HMAC comparison preventing attackers being able to
forge HMAC for input by measuring the time difference between
non-constant time comparison of HMAC

Bug: 261085213
Test: None
Tag: #security
Change-Id: I7cd6b68589fd0042b9396dc599b917a0f3220ff7

diff --git a/services/inputflinger/dispatcher/InputDispatcher.cpp b/services/inputflinger/dispatcher/InputDispatcher.cpp
index 5e9427a..da46128 100644
--- a/services/inputflinger/dispatcher/InputDispatcher.cpp
+++ b/services/inputflinger/dispatcher/InputDispatcher.cpp

@@ -27,6 +27,7 @@
 #include <ftl/enum.h>
 #include <gui/SurfaceComposerClient.h>
 #include <input/InputDevice.h>
+#include <openssl/mem.h>
 #include <powermanager/PowerManager.h>
 #include <unistd.h>
 #include <utils/Trace.h>
@@ -4422,7 +4423,7 @@
     if (calculatedHmac == INVALID_HMAC) {
         return nullptr;
     }
-    if (calculatedHmac != event.getHmac()) {
+    if (0 != CRYPTO_memcmp(calculatedHmac.data(), event.getHmac().data(), calculatedHmac.size())) {
         return nullptr;
     }
     return result;