| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/hmac.h" | 5 #include "crypto/hmac.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 | 10 |
| 11 namespace crypto { | 11 namespace crypto { |
| 12 | 12 |
| 13 // Performs a constant-time comparison of two strings, returning true if the | 13 // Performs a constant-time comparison of two strings, returning true if the |
| 14 // strings are equal. | 14 // strings are equal. |
| 15 // | 15 // |
| 16 // For cryptographic operations, comparison functions such as memcmp() may | 16 // For cryptographic operations, comparison functions such as memcmp() may |
| 17 // expose side-channel information about input, allowing an attacker to | 17 // expose side-channel information about input, allowing an attacker to |
| 18 // perform timing analysis to determine what the expected bits should be. In | 18 // perform timing analysis to determine what the expected bits should be. In |
| 19 // order to avoid such attacks, the comparison must execute in constant time, | 19 // order to avoid such attacks, the comparison must execute in constant time, |
| 20 // so as to not to reveal to the attacker where the difference(s) are. | 20 // so as to not to reveal to the attacker where the difference(s) are. |
| 21 // For an example attack, see | 21 // For an example attack, see |
| 22 // http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca09
48b2a13 | 22 // http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca09
48b2a13 |
| 23 static bool SecureMemcmp(const void* s1, const void* s2, size_t n) { | 23 bool SecureMemcmp(const void* s1, const void* s2, size_t n) { |
| 24 const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1); | 24 const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1); |
| 25 const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2); | 25 const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2); |
| 26 unsigned char tmp = 0; | 26 unsigned char tmp = 0; |
| 27 for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr) | 27 for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr) |
| 28 tmp |= *s1_ptr ^ *s2_ptr; | 28 tmp |= *s1_ptr ^ *s2_ptr; |
| 29 return (tmp == 0); | 29 return (tmp == 0); |
| 30 } | 30 } |
| 31 | 31 |
| 32 size_t HMAC::DigestLength() const { | 32 size_t HMAC::DigestLength() const { |
| 33 switch (hash_alg_) { | 33 switch (hash_alg_) { |
| (...skipping 22 matching lines...) Expand all Loading... |
| 56 scoped_array<unsigned char> computed_digest( | 56 scoped_array<unsigned char> computed_digest( |
| 57 new unsigned char[digest_length]); | 57 new unsigned char[digest_length]); |
| 58 if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length))) | 58 if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length))) |
| 59 return false; | 59 return false; |
| 60 | 60 |
| 61 return SecureMemcmp(digest.data(), computed_digest.get(), | 61 return SecureMemcmp(digest.data(), computed_digest.get(), |
| 62 std::min(digest.size(), digest_length)); | 62 std::min(digest.size(), digest_length)); |
| 63 } | 63 } |
| 64 | 64 |
| 65 } // namespace crypto | 65 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8124011:
Add constant-time comparison operators for cryptographic uses. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/