diff options
| -rw-r--r-- | crypto/crypto.gyp | 2 | ||||
| -rw-r--r-- | crypto/hmac.cc | 24 | ||||
| -rw-r--r-- | crypto/secure_util.cc | 19 | ||||
| -rw-r--r-- | crypto/secure_util.h | 30 |
4 files changed, 54 insertions, 21 deletions
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index e909e90..7b031b2 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -149,6 +149,8 @@ 'secure_hash.h', 'secure_hash_default.cc', 'secure_hash_openssl.cc', + 'secure_util.cc', + 'secure_util.h', 'sha2.cc', 'sha2.h', 'signature_creator.h', diff --git a/crypto/hmac.cc b/crypto/hmac.cc index 74d1f91..9131313 100644 --- a/crypto/hmac.cc +++ b/crypto/hmac.cc @@ -7,28 +7,10 @@ #include <algorithm> #include "base/logging.h" +#include "crypto/secure_util.h" namespace crypto { -// Performs a constant-time comparison of two strings, returning true if the -// strings are equal. -// -// For cryptographic operations, comparison functions such as memcmp() may -// expose side-channel information about input, allowing an attacker to -// perform timing analysis to determine what the expected bits should be. In -// order to avoid such attacks, the comparison must execute in constant time, -// so as to not to reveal to the attacker where the difference(s) are. -// For an example attack, see -// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13 -static bool SecureMemcmp(const void* s1, const void* s2, size_t n) { - const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1); - const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2); - unsigned char tmp = 0; - for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr) - tmp |= *s1_ptr ^ *s2_ptr; - return (tmp == 0); -} - size_t HMAC::DigestLength() const { switch (hash_alg_) { case SHA1: @@ -58,8 +40,8 @@ bool HMAC::VerifyTruncated(const base::StringPiece& data, if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length))) return false; - return SecureMemcmp(digest.data(), computed_digest.get(), - std::min(digest.size(), digest_length)); + return SecureMemEqual(digest.data(), computed_digest.get(), + std::min(digest.size(), digest_length)); } } // namespace crypto diff --git a/crypto/secure_util.cc b/crypto/secure_util.cc new file mode 100644 index 0000000..3fe8aa9 --- /dev/null +++ b/crypto/secure_util.cc @@ -0,0 +1,19 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/secure_util.h" + +namespace crypto { + +bool SecureMemEqual(const void* s1, const void* s2, size_t n) { + const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1); + const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2); + unsigned char tmp = 0; + for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr) + tmp |= *s1_ptr ^ *s2_ptr; + return (tmp == 0); +} + +} // namespace crypto + diff --git a/crypto/secure_util.h b/crypto/secure_util.h new file mode 100644 index 0000000..1db38ac --- /dev/null +++ b/crypto/secure_util.h @@ -0,0 +1,30 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_SECURE_UTIL_H_ +#define CRYPTO_SECURE_UTIL_H_ +#pragma once + +#include <stddef.h> + +#include "crypto/crypto_export.h" + +namespace crypto { + +// Performs a constant-time comparison of two strings, returning true if the +// strings are equal. +// +// For cryptographic operations, comparison functions such as memcmp() may +// expose side-channel information about input, allowing an attacker to +// perform timing analysis to determine what the expected bits should be. In +// order to avoid such attacks, the comparison must execute in constant time, +// so as to not to reveal to the attacker where the difference(s) are. +// For an example attack, see +// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13 +CRYPTO_EXPORT bool SecureMemEqual(const void* s1, const void* s2, size_t n); + +} // namespace crypto + +#endif // CRYPTO_SECURE_UTIL_H_ + |