diff options
| author | irungentoo <irungentoo@gmail.com> | 2015-04-18 13:13:29 -0400 |
|---|---|---|
| committer | irungentoo <irungentoo@gmail.com> | 2015-04-18 13:13:29 -0400 |
| commit | b4fc0809a7b42ba5d104793e909aecf85951f100 (patch) | |
| tree | 0e56a65760b37fc5f2323df512f8d21818e1e0c6 | |
| parent | 453548f18149594af977dc63c8a1924d8a6bb2e6 (diff) | |
The only secure compare function currently needed is one to compare 2 public keys.
| -rw-r--r-- | toxcore/crypto_core.c | 22 | ||||
| -rw-r--r-- | toxcore/crypto_core.h | 4 | ||||
| -rw-r--r-- | toxcore/net_crypto.c | 2 |
3 files changed, 9 insertions, 19 deletions
diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c index a364084a..418edcad 100644 --- a/toxcore/crypto_core.c +++ b/toxcore/crypto_core.c | |||
| @@ -29,26 +29,16 @@ | |||
| 29 | 29 | ||
| 30 | #include "crypto_core.h" | 30 | #include "crypto_core.h" |
| 31 | 31 | ||
| 32 | #if crypto_box_PUBLICKEYBYTES != 32 | ||
| 33 | #error crypto_box_PUBLICKEYBYTES is required to be 32 bytes for public_key_cmp to work, | ||
| 34 | #endif | ||
| 32 | 35 | ||
| 33 | /* Use this instead of memcmp; not vulnerable to timing attacks. | 36 | /* compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks. |
| 34 | returns 0 if both mem locations of length are equal, | 37 | returns 0 if both mem locations of length are equal, |
| 35 | return -1 if they are not. */ | 38 | return -1 if they are not. */ |
| 36 | int crypto_cmp(const uint8_t *mem1, const uint8_t *mem2, size_t length) | 39 | int public_key_cmp(const uint8_t *pk1, const uint8_t *pk2) |
| 37 | { | 40 | { |
| 38 | if (length == 16) { | 41 | return crypto_verify_32(pk1, pk2); |
| 39 | return crypto_verify_16(mem1, mem2); | ||
| 40 | } else if (length == 32) { | ||
| 41 | return crypto_verify_32(mem1, mem2); | ||
| 42 | } | ||
| 43 | |||
| 44 | unsigned int check = 0; | ||
| 45 | size_t i; | ||
| 46 | |||
| 47 | for (i = 0; i < length; ++i) { | ||
| 48 | check |= mem1[i] ^ mem2[i]; | ||
| 49 | } | ||
| 50 | |||
| 51 | return (1 & ((check - 1) >> 8)) - 1; | ||
| 52 | } | 42 | } |
| 53 | 43 | ||
| 54 | /* return a random number. | 44 | /* return a random number. |
diff --git a/toxcore/crypto_core.h b/toxcore/crypto_core.h index decc7fb9..d7306a8a 100644 --- a/toxcore/crypto_core.h +++ b/toxcore/crypto_core.h | |||
| @@ -40,10 +40,10 @@ | |||
| 40 | 40 | ||
| 41 | #define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES) | 41 | #define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES) |
| 42 | 42 | ||
| 43 | /* Use this instead of memcmp; not vulnerable to timing attacks. | 43 | /* compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks. |
| 44 | returns 0 if both mem locations of length are equal, | 44 | returns 0 if both mem locations of length are equal, |
| 45 | return -1 if they are not. */ | 45 | return -1 if they are not. */ |
| 46 | int crypto_cmp(const uint8_t *mem1, const uint8_t *mem2, size_t length); | 46 | int public_key_cmp(const uint8_t *pk1, const uint8_t *pk2); |
| 47 | 47 | ||
| 48 | /* return a random number. | 48 | /* return a random number. |
| 49 | * | 49 | * |
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index bd9969f5..38fd85b7 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
| @@ -341,7 +341,7 @@ static int handle_crypto_handshake(const Net_Crypto *c, uint8_t *nonce, uint8_t | |||
| 341 | return -1; | 341 | return -1; |
| 342 | 342 | ||
| 343 | if (expected_real_pk) | 343 | if (expected_real_pk) |
| 344 | if (crypto_cmp(cookie_plain, expected_real_pk, crypto_box_PUBLICKEYBYTES) != 0) | 344 | if (public_key_cmp(cookie_plain, expected_real_pk) != 0) |
| 345 | return -1; | 345 | return -1; |
| 346 | 346 | ||
| 347 | uint8_t cookie_hash[crypto_hash_sha512_BYTES]; | 347 | uint8_t cookie_hash[crypto_hash_sha512_BYTES]; |