Make constant-time comparison operators for cryptographic uses public.

Review URL: http://codereview.chromium.org/8124011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104502 0039d316-1c4b-4281-b951-d872f2087c98
author: palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-10-07 17:02:48 +0000
committer: palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-10-07 17:02:48 +0000
commit: 3cdf6d45936b29b4a412b94a599a93f6e181f210 (patch)
tree: 13cc95603495aba95e1add06a2adbde7776dff25 /crypto
parent: 11da0c8d10cc58194f07b48b428ed16d14b08f9d (diff)
download: chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.zip
chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.tar.gz
chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.tar.bz2
4 files changed, 54 insertions, 21 deletions
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
index e909e90..7b031b2 100644
--- a/crypto/crypto.gyp
+++ b/crypto/crypto.gyp
@@ -149,6 +149,8 @@
         'secure_hash.h',
         'secure_hash_default.cc',
         'secure_hash_openssl.cc',
+        'secure_util.cc',
+        'secure_util.h',
         'sha2.cc',
         'sha2.h',
         'signature_creator.h',
diff --git a/crypto/hmac.cc b/crypto/hmac.cc
index 74d1f91..9131313 100644
--- a/crypto/hmac.cc
+++ b/crypto/hmac.cc
@@ -7,28 +7,10 @@
 #include <algorithm>
 
 #include "base/logging.h"
+#include "crypto/secure_util.h"
 
 namespace crypto {
 
-// Performs a constant-time comparison of two strings, returning true if the
-// strings are equal.
-//
-// For cryptographic operations, comparison functions such as memcmp() may
-// expose side-channel information about input, allowing an attacker to
-// perform timing analysis to determine what the expected bits should be. In
-// order to avoid such attacks, the comparison must execute in constant time,
-// so as to not to reveal to the attacker where the difference(s) are.
-// For an example attack, see
-// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13
-static bool SecureMemcmp(const void* s1, const void* s2, size_t n) {
-  const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1);
-  const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2);
-  unsigned char tmp = 0;
-  for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr)
-    tmp |= *s1_ptr ^ *s2_ptr;
-  return (tmp == 0);
-}
-
 size_t HMAC::DigestLength() const {
   switch (hash_alg_) {
     case SHA1:
@@ -58,8 +40,8 @@ bool HMAC::VerifyTruncated(const base::StringPiece& data,
   if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length)))
     return false;
 
-  return SecureMemcmp(digest.data(), computed_digest.get(),
-                      std::min(digest.size(), digest_length));
+  return SecureMemEqual(digest.data(), computed_digest.get(),
+                        std::min(digest.size(), digest_length));
 }
 
 }  // namespace crypto
diff --git a/crypto/secure_util.cc b/crypto/secure_util.cc
new file mode 100644
index 0000000..3fe8aa9
--- /dev/null
+++ b/crypto/secure_util.cc
@@ -0,0 +1,19 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/secure_util.h"
+
+namespace crypto {
+
+bool SecureMemEqual(const void* s1, const void* s2, size_t n) {
+  const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1);
+  const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2);
+  unsigned char tmp = 0;
+  for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr)
+    tmp |= *s1_ptr ^ *s2_ptr;
+  return (tmp == 0);
+}
+
+}  // namespace crypto
+
diff --git a/crypto/secure_util.h b/crypto/secure_util.h
new file mode 100644
index 0000000..1db38ac
--- /dev/null
+++ b/crypto/secure_util.h
@@ -0,0 +1,30 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CRYPTO_SECURE_UTIL_H_
+#define CRYPTO_SECURE_UTIL_H_
+#pragma once
+
+#include <stddef.h>
+
+#include "crypto/crypto_export.h"
+
+namespace crypto {
+
+// Performs a constant-time comparison of two strings, returning true if the
+// strings are equal.
+//
+// For cryptographic operations, comparison functions such as memcmp() may
+// expose side-channel information about input, allowing an attacker to
+// perform timing analysis to determine what the expected bits should be. In
+// order to avoid such attacks, the comparison must execute in constant time,
+// so as to not to reveal to the attacker where the difference(s) are.
+// For an example attack, see
+// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13
+CRYPTO_EXPORT bool SecureMemEqual(const void* s1, const void* s2, size_t n);
+
+}  // namespace crypto
+
+#endif  // CRYPTO_SECURE_UTIL_H_
+
author	palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-10-07 17:02:48 +0000
committer	palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-10-07 17:02:48 +0000
commit	3cdf6d45936b29b4a412b94a599a93f6e181f210 (patch)
tree	13cc95603495aba95e1add06a2adbde7776dff25 /crypto
parent	11da0c8d10cc58194f07b48b428ed16d14b08f9d (diff)
download	chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.zip chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.tar.gz chromium_src-3cdf6d45936b29b4a412b94a599a93f6e181f210.tar.bz2