diff options
author | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-07 17:02:48 +0000 |
---|---|---|
committer | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-07 17:02:48 +0000 |
commit | 3cdf6d45936b29b4a412b94a599a93f6e181f210 (patch) | |
tree | 13cc95603495aba95e1add06a2adbde7776dff25 /crypto/hmac.cc | |
parent | 11da0c8d10cc58194f07b48b428ed16d14b08f9d (diff) | |
download | chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.zip chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.tar.gz chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.tar.bz2 |
Make constant-time comparison operators for cryptographic uses public.
Review URL: http://codereview.chromium.org/8124011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104502 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/hmac.cc')
-rw-r--r-- | crypto/hmac.cc | 24 |
1 files changed, 3 insertions, 21 deletions
diff --git a/crypto/hmac.cc b/crypto/hmac.cc index 74d1f91..9131313 100644 --- a/crypto/hmac.cc +++ b/crypto/hmac.cc @@ -7,28 +7,10 @@ #include <algorithm> #include "base/logging.h" +#include "crypto/secure_util.h" namespace crypto { -// Performs a constant-time comparison of two strings, returning true if the -// strings are equal. -// -// For cryptographic operations, comparison functions such as memcmp() may -// expose side-channel information about input, allowing an attacker to -// perform timing analysis to determine what the expected bits should be. In -// order to avoid such attacks, the comparison must execute in constant time, -// so as to not to reveal to the attacker where the difference(s) are. -// For an example attack, see -// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13 -static bool SecureMemcmp(const void* s1, const void* s2, size_t n) { - const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1); - const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2); - unsigned char tmp = 0; - for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr) - tmp |= *s1_ptr ^ *s2_ptr; - return (tmp == 0); -} - size_t HMAC::DigestLength() const { switch (hash_alg_) { case SHA1: @@ -58,8 +40,8 @@ bool HMAC::VerifyTruncated(const base::StringPiece& data, if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length))) return false; - return SecureMemcmp(digest.data(), computed_digest.get(), - std::min(digest.size(), digest_length)); + return SecureMemEqual(digest.data(), computed_digest.get(), + std::min(digest.size(), digest_length)); } } // namespace crypto |