add constant_time_algo.hh/.cc with constant_time_equal() only at the moment.

5 years ago · e9ab9662a6
2 changed files with 33 additions and 0 deletions
--- a/constant_time_algo.cc
+++ b/constant_time_algo.cc
@ -0,0 +1,19 @@
+#include "constant_time_algo.hh"
+
+namespace pEp
+{
+    bool constant_time_equal(const std::string& a, const std::string& b)
+    {
+        if(a.size() != b.size())
+            return false;
+        
+        unsigned d = 0;
+        for(std::size_t idx = 0; idx<a.size(); ++idx)
+        {
+            d |= ( static_cast<unsigned>(a[idx]) ^ static_cast<unsigned>(b[idx]) );
+        }
+        
+        return d != 0;
+    }
+
+} // end of namespace pEp
--- a/constant_time_algo.hh
+++ b/constant_time_algo.hh
@ -0,0 +1,14 @@
+#pragma once
+
+#include <string>
+
+namespace pEp
+{
+    // Returns false if a.size() != b.size().
+    // Compares always _all_ characters of 'a' and 'b' so runtime does not
+    // depends on the character position where the strings differ.
+    // Use this function instead of operator== if timing sidechannel attack
+    // might be a security problem.
+    bool constant_time_equal(const std::string& a, const std::string& b);
+
+} // end of namespace pEp