The only secure compare function currently needed is one to compare 2 public keys.

author: irungentoo <irungentoo@gmail.com> 2015-04-18 13:13:29 -0400
committer: irungentoo <irungentoo@gmail.com> 2015-04-18 13:13:29 -0400
commit: b4fc0809a7b42ba5d104793e909aecf85951f100 (patch)
tree: 0e56a65760b37fc5f2323df512f8d21818e1e0c6 /toxcore/crypto_core.c
parent: 453548f18149594af977dc63c8a1924d8a6bb2e6 (diff)
1 files changed, 6 insertions, 16 deletions
diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c
index a364084a..418edcad 100644
--- a/toxcore/crypto_core.c
+++ b/toxcore/crypto_core.c
@@ -29,26 +29,16 @@
 #include "crypto_core.h"
+#if crypto_box_PUBLICKEYBYTES != 32
+#error crypto_box_PUBLICKEYBYTES is required to be 32 bytes for public_key_cmp to work,
+#endif
-/* Use this instead of memcmp; not vulnerable to timing attacks.
+/* compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks.
   returns 0 if both mem locations of length are equal,
   return -1 if they are not. */
-int crypto_cmp(const uint8_t *mem1, const uint8_t *mem2, size_t length)
+int public_key_cmp(const uint8_t *pk1, const uint8_t *pk2)
 {
-    if (length == 16) {
+    return crypto_verify_32(pk1, pk2);
-        return crypto_verify_16(mem1, mem2);
-    } else if (length == 32) {
-        return crypto_verify_32(mem1, mem2);
-    }
-    unsigned int check = 0;
-    size_t i;
-    for (i = 0; i < length; ++i) {
-        check |= mem1[i] ^ mem2[i];
-    }
-    return (1 & ((check - 1) >> 8)) - 1;
 }
 /*  return a random number.
author	irungentoo <irungentoo@gmail.com>	2015-04-18 13:13:29 -0400
committer	irungentoo <irungentoo@gmail.com>	2015-04-18 13:13:29 -0400
commit	b4fc0809a7b42ba5d104793e909aecf85951f100 (patch)
tree	0e56a65760b37fc5f2323df512f8d21818e1e0c6 /toxcore/crypto_core.c
parent	453548f18149594af977dc63c8a1924d8a6bb2e6 (diff)