Commit 8d5a38a5 authored by Niels Möller's avatar Niels Möller

New function memeql_sec.

parent b175384e
2015-03-14 Niels Möller <nisse@diamant.hack.org>
* ccm.c (memeql_sec): New function, more side-channel silent than
memcmp.
(ccm_decrypt_message): Use it.
2015-03-12 Niels Möller <nisse@diamant.hack.org>
* base64.h (struct base64_encode_ctx): Micro optimization of
......
......@@ -246,6 +246,19 @@ ccm_encrypt_message(const void *cipher, nettle_cipher_func *f,
ccm_digest(&ctx, cipher, f, tlength, tag);
}
/* FIXME: Should be made public, under some suitable name. */
static int
memeql_sec (const void *a, const void *b, size_t n)
{
volatile const unsigned char *ap = (const unsigned char *) a;
volatile const unsigned char *bp = (const unsigned char *) b;
volatile unsigned char d;
size_t i;
for (d = i = 0; i < n; i++)
d |= (ap[i] ^ bp[i]);
return d == 0;
}
int
ccm_decrypt_message(const void *cipher, nettle_cipher_func *f,
size_t nlength, const uint8_t *nonce,
......@@ -258,5 +271,5 @@ ccm_decrypt_message(const void *cipher, nettle_cipher_func *f,
ccm_update(&ctx, cipher, f, alength, adata);
ccm_decrypt(&ctx, cipher, f, mlength, dst, src);
ccm_digest(&ctx, cipher, f, tlength, tag);
return (memcmp(tag, src + mlength, tlength) == 0);
return memeql_sec(tag, src + mlength, tlength);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment