Make constant-time comparison operators for cryptographic uses public.
Review URL: http://codereview.chromium.org/8124011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104502 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
@ -149,6 +149,8 @@
|
||||
'secure_hash.h',
|
||||
'secure_hash_default.cc',
|
||||
'secure_hash_openssl.cc',
|
||||
'secure_util.cc',
|
||||
'secure_util.h',
|
||||
'sha2.cc',
|
||||
'sha2.h',
|
||||
'signature_creator.h',
|
||||
|
@ -7,28 +7,10 @@
|
||||
#include <algorithm>
|
||||
|
||||
#include "base/logging.h"
|
||||
#include "crypto/secure_util.h"
|
||||
|
||||
namespace crypto {
|
||||
|
||||
// Performs a constant-time comparison of two strings, returning true if the
|
||||
// strings are equal.
|
||||
//
|
||||
// For cryptographic operations, comparison functions such as memcmp() may
|
||||
// expose side-channel information about input, allowing an attacker to
|
||||
// perform timing analysis to determine what the expected bits should be. In
|
||||
// order to avoid such attacks, the comparison must execute in constant time,
|
||||
// so as to not to reveal to the attacker where the difference(s) are.
|
||||
// For an example attack, see
|
||||
// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13
|
||||
static bool SecureMemcmp(const void* s1, const void* s2, size_t n) {
|
||||
const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1);
|
||||
const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2);
|
||||
unsigned char tmp = 0;
|
||||
for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr)
|
||||
tmp |= *s1_ptr ^ *s2_ptr;
|
||||
return (tmp == 0);
|
||||
}
|
||||
|
||||
size_t HMAC::DigestLength() const {
|
||||
switch (hash_alg_) {
|
||||
case SHA1:
|
||||
@ -58,8 +40,8 @@ bool HMAC::VerifyTruncated(const base::StringPiece& data,
|
||||
if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length)))
|
||||
return false;
|
||||
|
||||
return SecureMemcmp(digest.data(), computed_digest.get(),
|
||||
std::min(digest.size(), digest_length));
|
||||
return SecureMemEqual(digest.data(), computed_digest.get(),
|
||||
std::min(digest.size(), digest_length));
|
||||
}
|
||||
|
||||
} // namespace crypto
|
||||
|
19
crypto/secure_util.cc
Normal file
19
crypto/secure_util.cc
Normal file
@ -0,0 +1,19 @@
|
||||
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#include "crypto/secure_util.h"
|
||||
|
||||
namespace crypto {
|
||||
|
||||
bool SecureMemEqual(const void* s1, const void* s2, size_t n) {
|
||||
const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1);
|
||||
const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2);
|
||||
unsigned char tmp = 0;
|
||||
for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr)
|
||||
tmp |= *s1_ptr ^ *s2_ptr;
|
||||
return (tmp == 0);
|
||||
}
|
||||
|
||||
} // namespace crypto
|
||||
|
30
crypto/secure_util.h
Normal file
30
crypto/secure_util.h
Normal file
@ -0,0 +1,30 @@
|
||||
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#ifndef CRYPTO_SECURE_UTIL_H_
|
||||
#define CRYPTO_SECURE_UTIL_H_
|
||||
#pragma once
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#include "crypto/crypto_export.h"
|
||||
|
||||
namespace crypto {
|
||||
|
||||
// Performs a constant-time comparison of two strings, returning true if the
|
||||
// strings are equal.
|
||||
//
|
||||
// For cryptographic operations, comparison functions such as memcmp() may
|
||||
// expose side-channel information about input, allowing an attacker to
|
||||
// perform timing analysis to determine what the expected bits should be. In
|
||||
// order to avoid such attacks, the comparison must execute in constant time,
|
||||
// so as to not to reveal to the attacker where the difference(s) are.
|
||||
// For an example attack, see
|
||||
// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13
|
||||
CRYPTO_EXPORT bool SecureMemEqual(const void* s1, const void* s2, size_t n);
|
||||
|
||||
} // namespace crypto
|
||||
|
||||
#endif // CRYPTO_SECURE_UTIL_H_
|
||||
|
Reference in New Issue
Block a user