From 19a4b1e443f015e38d04decbe8e042acb17d8ae8 Mon Sep 17 00:00:00 2001 From: irungentoo Date: Thu, 1 May 2014 08:06:24 -0400 Subject: Improved the crypto_cmp function. It now uses the NaCl functions when the length is appropriate. Moved crypto defines to crypto_core.h --- toxcore/crypto_core.c | 25 ++++++++++--------------- toxcore/crypto_core.h | 18 +++++++++++++++--- toxcore/network.h | 13 ------------- 3 files changed, 25 insertions(+), 31 deletions(-) (limited to 'toxcore') diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c index 6e8b747a..3f3e7b48 100644 --- a/toxcore/crypto_core.c +++ b/toxcore/crypto_core.c @@ -29,30 +29,25 @@ #include "crypto_core.h" -/* Use this instead of memcmp; not vulnerable to timing attacks. */ -uint8_t crypto_iszero(uint8_t *mem, uint32_t length) -{ - uint8_t check = 0; - uint32_t i; - - for (i = 0; i < length; ++i) { - check |= mem[i]; - } - - return check; // We return zero if mem is made out of zeroes. -} /* Use this instead of memcmp; not vulnerable to timing attacks. - returns 0 if both mem locations of length are equal. */ + returns 0 if both mem locations of length are equal, + return -1 if they are not. */ unsigned int crypto_cmp(uint8_t *mem1, uint8_t *mem2, uint32_t length) { - unsigned int i, check = 0;; + if (length == 16) { + return crypto_verify_16(mem1, mem2); + } else if (length == 32) { + return crypto_verify_32(mem1, mem2); + } + + unsigned int i, check = 0; for (i = 0; i < length; ++i) { check |= mem1[i] ^ mem2[i]; } - return check; + return (1 & ((check - 1) >> 8)) - 1; } /* Precomputes the shared key from their public_key and our secret_key. diff --git a/toxcore/crypto_core.h b/toxcore/crypto_core.h index 1fca8078..7ee5f59e 100644 --- a/toxcore/crypto_core.h +++ b/toxcore/crypto_core.h @@ -25,12 +25,24 @@ #include "network.h" +#ifndef VANILLA_NACL +/* We use libsodium by default. */ +#include +#else +#include +#include +#include +#include +#include +#include +#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) +#endif -/* return zero if the buffer contains only zeros. */ -uint8_t crypto_iszero(uint8_t *buffer, uint32_t blen); +#define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES) /* Use this instead of memcmp; not vulnerable to timing attacks. - returns 0 if both mem locations of length are equal. */ + returns 0 if both mem locations of length are equal, + return -1 if they are not. */ unsigned int crypto_cmp(uint8_t *mem1, uint8_t *mem2, uint32_t length); /* Encrypts plain of length length to encrypted of length + 16 using the diff --git a/toxcore/network.h b/toxcore/network.h index 21e225a0..d19f144c 100644 --- a/toxcore/network.h +++ b/toxcore/network.h @@ -97,19 +97,6 @@ typedef int sock_t; #endif #endif -#ifndef VANILLA_NACL -/* We use libsodium by default. */ -#include -#else -#include -#include -#include -#include -#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) -#endif - -#define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES) - #ifndef IPV6_ADD_MEMBERSHIP #ifdef IPV6_JOIN_GROUP #define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP -- cgit v1.2.3