crypto: Add an equal-time comparision function. (NIF candidate)

1 files changed, 36 insertions, 0 deletions

diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 0d85b94b57..60f257f49f 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -24,6 +24,7 @@
 
 -export([start/0, stop/0, info_lib/0, info_fips/0, supports/0, enable_fips_mode/1,
          version/0, bytes_to_integer/1]).
+-export([equal_const_time/2]).
 -export([hash/2, hash_init/1, hash_update/2, hash_final/1]).
 -export([sign/4, sign/5, verify/5, verify/6]).
 -export([generate_key/2, generate_key/3, compute_key/4]).
@@ -130,6 +131,41 @@ info_lib() -> ?nif_stub.
 
 info_fips() -> ?nif_stub.
 
+%%%================================================================
+%%%
+%%% Compare in constant time
+%%%
+%%%================================================================
+
+%%% Candidate for a NIF
+
+equal_const_time(X1, X2) ->
+    equal_const_time(X1, X2, true).
+
+
+equal_const_time(<<B1,R1/binary>>, <<B2,R2/binary>>, Truth) ->
+    equal_const_time(R1, R2, Truth and (B1 == B2));
+equal_const_time(<<_,R1/binary>>, <<>>, Truth) ->
+    equal_const_time(R1, <<>>, Truth and false);
+equal_const_time(<<>>, <<>>, Truth) ->
+    Truth;
+
+equal_const_time([H1|T1], [H2|T2], Truth) ->
+    equal_const_time(T1, T2, Truth and (H1 == H2));
+equal_const_time([_|T1], [], Truth) ->
+    equal_const_time(T1, [], Truth and false);
+equal_const_time([], [], Truth) ->
+    Truth;
+
+equal_const_time(_, _, _) ->
+    false.
+
+%%%================================================================
+%%%
+%%% Hashing
+%%%
+%%%================================================================
+
 -spec enable_fips_mode(boolean()) -> boolean().
 
 enable_fips_mode(_) -> ?nif_stub.