diff options
author | Niels Möller <nisse@lysator.liu.se> | 2015-03-14 07:58:06 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2015-03-14 07:58:06 +0100 |
commit | 8d5a38a5f25b56b17b5f6cd1de10afacc792fbee (patch) | |
tree | 20ad8a930afbfbca142331c28d0da32b99ca1901 | |
parent | b175384e4312a9ee0b8432fd411f4b968da8d557 (diff) | |
download | nettle-8d5a38a5f25b56b17b5f6cd1de10afacc792fbee.tar.gz |
New function memeql_sec.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ccm.c | 15 |
2 files changed, 20 insertions, 1 deletions
@@ -1,3 +1,9 @@ +2015-03-14 Niels Möller <nisse@diamant.hack.org> + + * ccm.c (memeql_sec): New function, more side-channel silent than + memcmp. + (ccm_decrypt_message): Use it. + 2015-03-12 Niels Möller <nisse@diamant.hack.org> * base64.h (struct base64_encode_ctx): Micro optimization of @@ -246,6 +246,19 @@ ccm_encrypt_message(const void *cipher, nettle_cipher_func *f, ccm_digest(&ctx, cipher, f, tlength, tag); } +/* FIXME: Should be made public, under some suitable name. */ +static int +memeql_sec (const void *a, const void *b, size_t n) +{ + volatile const unsigned char *ap = (const unsigned char *) a; + volatile const unsigned char *bp = (const unsigned char *) b; + volatile unsigned char d; + size_t i; + for (d = i = 0; i < n; i++) + d |= (ap[i] ^ bp[i]); + return d == 0; +} + int ccm_decrypt_message(const void *cipher, nettle_cipher_func *f, size_t nlength, const uint8_t *nonce, @@ -258,5 +271,5 @@ ccm_decrypt_message(const void *cipher, nettle_cipher_func *f, ccm_update(&ctx, cipher, f, alength, adata); ccm_decrypt(&ctx, cipher, f, mlength, dst, src); ccm_digest(&ctx, cipher, f, tlength, tag); - return (memcmp(tag, src + mlength, tlength) == 0); + return memeql_sec(tag, src + mlength, tlength); } |