From e9ab9662a6fee74254609e1de4b8cdf6a2e9300e Mon Sep 17 00:00:00 2001
From: Roker <roker@pep-project.org>
Date: Fri, 21 Aug 2020 11:58:00 +0200
Subject: [PATCH] add constant_time_algo.hh/.cc with constant_time_equal() only
 at the moment.

---
 constant_time_algo.cc | 19 +++++++++++++++++++
 constant_time_algo.hh | 14 ++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 constant_time_algo.cc
 create mode 100644 constant_time_algo.hh

diff --git a/constant_time_algo.cc b/constant_time_algo.cc
new file mode 100644
index 0000000..186a3e2
--- /dev/null
+++ b/constant_time_algo.cc
@@ -0,0 +1,19 @@
+#include "constant_time_algo.hh"
+
+namespace pEp
+{
+    bool constant_time_equal(const std::string& a, const std::string& b)
+    {
+        if(a.size() != b.size())
+            return false;
+        
+        unsigned d = 0;
+        for(std::size_t idx = 0; idx<a.size(); ++idx)
+        {
+            d |= ( static_cast<unsigned>(a[idx]) ^ static_cast<unsigned>(b[idx]) );
+        }
+        
+        return d != 0;
+    }
+
+} // end of namespace pEp
diff --git a/constant_time_algo.hh b/constant_time_algo.hh
new file mode 100644
index 0000000..d9b7ae2
--- /dev/null
+++ b/constant_time_algo.hh
@@ -0,0 +1,14 @@
+#pragma once
+
+#include <string>
+
+namespace pEp
+{
+    // Returns false if a.size() != b.size().
+    // Compares always _all_ characters of 'a' and 'b' so runtime does not
+    // depends on the character position where the strings differ.
+    // Use this function instead of operator== if timing sidechannel attack
+    // might be a security problem.
+    bool constant_time_equal(const std::string& a, const std::string& b);
+
+} // end of namespace pEp