add constant_time_algo.hh/.cc with constant_time_equal() only at the moment. Release_2.1.0-RC26
authorRoker <roker@pep-project.org>
Fri, 21 Aug 2020 11:58:00 +0200
changeset 359af0be1e125a8
parent 358 fdc502f8bd44
child 360 835e8b9878bb
add constant_time_algo.hh/.cc with constant_time_equal() only at the moment.
constant_time_algo.cc
constant_time_algo.hh
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/constant_time_algo.cc	Fri Aug 21 11:58:00 2020 +0200
     1.3 @@ -0,0 +1,19 @@
     1.4 +#include "constant_time_algo.hh"
     1.5 +
     1.6 +namespace pEp
     1.7 +{
     1.8 +    bool constant_time_equal(const std::string& a, const std::string& b)
     1.9 +    {
    1.10 +        if(a.size() != b.size())
    1.11 +            return false;
    1.12 +        
    1.13 +        unsigned d = 0;
    1.14 +        for(std::size_t idx = 0; idx<a.size(); ++idx)
    1.15 +        {
    1.16 +            d |= ( static_cast<unsigned>(a[idx]) ^ static_cast<unsigned>(b[idx]) );
    1.17 +        }
    1.18 +        
    1.19 +        return d != 0;
    1.20 +    }
    1.21 +
    1.22 +} // end of namespace pEp
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/constant_time_algo.hh	Fri Aug 21 11:58:00 2020 +0200
     2.3 @@ -0,0 +1,14 @@
     2.4 +#pragma once
     2.5 +
     2.6 +#include <string>
     2.7 +
     2.8 +namespace pEp
     2.9 +{
    2.10 +    // Returns false if a.size() != b.size().
    2.11 +    // Compares always _all_ characters of 'a' and 'b' so runtime does not
    2.12 +    // depends on the character position where the strings differ.
    2.13 +    // Use this function instead of operator== if timing sidechannel attack
    2.14 +    // might be a security problem.
    2.15 +    bool constant_time_equal(const std::string& a, const std::string& b);
    2.16 +
    2.17 +} // end of namespace pEp