The only secure compare function currently needed is one to compare 2 public keys.

This commit is contained in:
irungentoo 2015-04-18 13:13:29 -04:00
parent 453548f181
commit b4fc0809a7
No known key found for this signature in database
GPG Key ID: 10349DC9BED89E98
3 changed files with 9 additions and 19 deletions

View File

@ -29,26 +29,16 @@
#include "crypto_core.h"
#if crypto_box_PUBLICKEYBYTES != 32
#error crypto_box_PUBLICKEYBYTES is required to be 32 bytes for public_key_cmp to work,
#endif
/* Use this instead of memcmp; not vulnerable to timing attacks.
/* compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks.
returns 0 if both mem locations of length are equal,
return -1 if they are not. */
int crypto_cmp(const uint8_t *mem1, const uint8_t *mem2, size_t length)
int public_key_cmp(const uint8_t *pk1, const uint8_t *pk2)
{
if (length == 16) {
return crypto_verify_16(mem1, mem2);
} else if (length == 32) {
return crypto_verify_32(mem1, mem2);
}
unsigned int check = 0;
size_t i;
for (i = 0; i < length; ++i) {
check |= mem1[i] ^ mem2[i];
}
return (1 & ((check - 1) >> 8)) - 1;
return crypto_verify_32(pk1, pk2);
}
/* return a random number.

View File

@ -40,10 +40,10 @@
#define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES)
/* Use this instead of memcmp; not vulnerable to timing attacks.
/* compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks.
returns 0 if both mem locations of length are equal,
return -1 if they are not. */
int crypto_cmp(const uint8_t *mem1, const uint8_t *mem2, size_t length);
int public_key_cmp(const uint8_t *pk1, const uint8_t *pk2);
/* return a random number.
*

View File

@ -341,7 +341,7 @@ static int handle_crypto_handshake(const Net_Crypto *c, uint8_t *nonce, uint8_t
return -1;
if (expected_real_pk)
if (crypto_cmp(cookie_plain, expected_real_pk, crypto_box_PUBLICKEYBYTES) != 0)
if (public_key_cmp(cookie_plain, expected_real_pk) != 0)
return -1;
uint8_t cookie_hash[crypto_hash_sha512_BYTES];