Import: module 'constant_time_algo' from libpEpAdapter

3 years ago · 8d6ca210d0
2 changed files with 40 additions and 0 deletions
--- a/src/constant_time_algo.cc
+++ b/src/constant_time_algo.cc
@ -0,0 +1,21 @@
+// This file is under GNU General Public License 3.0
+// see LICENSE.txt
+
+#include "constant_time_algo.hh"
+
+namespace pEp {
+    bool constant_time_equal(const std::string &a, const std::string &b)
+    {
+        if (a.size() != b.size())
+            return false;
+
+        unsigned d = 0;
+        for (std::size_t idx = 0; idx < a.size(); ++idx) {
+            d |= (static_cast<unsigned>(a[idx]) ^ static_cast<unsigned>(b[idx]));
+        }
+
+        // if d is still 0, the strings are equal.
+        return d == 0;
+    }
+
+} // end of namespace pEp
--- a/src/constant_time_algo.hh
+++ b/src/constant_time_algo.hh
@ -0,0 +1,19 @@
+// This file is under GNU General Public License 3.0
+// see LICENSE.txt
+
+#ifndef LIBPEPADAPTER_CONSTANT_TIME_ALGO_HH
+#define LIBPEPADAPTER_CONSTANT_TIME_ALGO_HH
+
+#include <string>
+
+namespace pEp {
+    // Returns false if a.size() != b.size().
+    // Compares always _all_ characters of 'a' and 'b' so runtime does not
+    // depends on the character position where the strings differ.
+    // Use this function instead of operator== if timing sidechannel attack
+    // might be a security problem.
+    bool constant_time_equal(const std::string &a, const std::string &b);
+
+} // end of namespace pEp
+
+#endif // LIBPEPADAPTER_CONSTANT_TIME_ALGO_HH