New function memeql_sec.

8d5a38a5 · Niels Möller · b175384e · 8d5a38a5 · 8d5a38a5
Commit 8d5a38a5 authored Mar 14, 2015 by Niels Möller
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 1 deletion

ChangeLog ChangeLog +6 -0

ccm.c ccm.c +14 -1

No files found.
--- a/ChangeLog
+++ b/ChangeLog
+2015-03-14  Niels Möller  <nisse@diamant.hack.org>
+
+	* ccm.c (memeql_sec): New function, more side-channel silent than
+	memcmp.
+	(ccm_decrypt_message): Use it.
+
 2015-03-12  Niels Möller  <nisse@diamant.hack.org>

 	* base64.h (struct base64_encode_ctx): Micro optimization of

--- a/ccm.c
+++ b/ccm.c
@@ -246,6 +246,19 @@ ccm_encrypt_message(const void *cipher, nettle_cipher_func *f,
  ccm_digest(&ctx, cipher, f, tlength, tag);
 }

+/* FIXME: Should be made public, under some suitable name. */
+static int
+memeql_sec (const void *a, const void *b, size_t n)
+{
+  volatile const unsigned char *ap = (const unsigned char *) a;
+  volatile const unsigned char *bp = (const unsigned char *) b;
+  volatile unsigned char d;
+  size_t i;
+  for (d = i = 0; i < n; i++)
+    d |= (ap[i] ^ bp[i]);
+  return d == 0;
+}
+
 int
 ccm_decrypt_message(const void *cipher, nettle_cipher_func *f,
 		    size_t nlength, const uint8_t *nonce,
@@ -258,5 +271,5 @@ ccm_decrypt_message(const void *cipher, nettle_cipher_func *f,
  ccm_update(&ctx, cipher, f, alength, adata);
  ccm_decrypt(&ctx, cipher, f, mlength, dst, src);
  ccm_digest(&ctx, cipher, f, tlength, tag);
-  return (memcmp(tag, src + mlength, tlength) == 0);
+  return memeql_sec(tag, src + mlength, tlength);
 }