Changeset a014918


Ignore:
Timestamp:
May 7, 2014 2:47:15 PM (7 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
2dc97b1
Parents:
fb9a4eb
Message:

Transports: Use constant time method for HMAC verification

Location:
core/java/src/net/i2p
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/HMACGenerator.java

    rfb9a4eb ra014918  
    110110        release(mac);
    111111       
    112         boolean eq = DataHelper.eq(rv, 0, origMAC, origMACOffset, origMACLength);
     112        boolean eq = DataHelper.eqCT(rv, 0, origMAC, origMACOffset, origMACLength);
    113113        releaseTmp(rv);
    114114        return eq;
  • core/java/src/net/i2p/data/DataHelper.java

    rfb9a4eb ra014918  
    984984     * and unequal length arrays as false.
    985985     *
     986     * Variable time.
     987     *
    986988     * @return Arrays.equals(lhs, rhs)
    987989     */
     
    10191021    /**
    10201022     *  Unlike eq(byte[], byte[]), this returns false if either lhs or rhs is null.
    1021      *  @throws AIOOBE if either array isn't long enough
     1023     *  Variable time.
     1024     *
     1025     *  @throws ArrayIndexOutOfBoundsException if either array isn't long enough
    10221026     */
    10231027    public final static boolean eq(byte lhs[], int offsetLeft, byte rhs[], int offsetRight, int length) {
    10241028        if ( (lhs == null) || (rhs == null) ) return false;
    1025         if (length <= 0) return true;
    10261029        for (int i = 0; i < length; i++) {
    10271030            if (lhs[offsetLeft + i] != rhs[offsetRight + i])
     
    10301033        return true;
    10311034    }
     1035
     1036    /**
     1037     *  Unlike eq(), this throws NPE if either lhs or rhs is null.
     1038     *  Constant time.
     1039     *
     1040     *  @throws NullPointerException if lhs or rhs is null
     1041     *  @throws ArrayIndexOutOfBoundsException if either array isn't long enough
     1042     *  @since 0.9.13
     1043     */
     1044    public final static boolean eqCT(byte lhs[], int offsetLeft, byte rhs[], int offsetRight, int length) {
     1045        int r = 0;
     1046        for (int i = 0; i < length; i++) {
     1047            r |=  lhs[offsetLeft + i] ^ rhs[offsetRight + i];
     1048        }
     1049        return r == 0;
     1050    }
    10321051   
    10331052    /**
     
    10351054     *  Shorter arg is lesser.
    10361055     *  Args may be null, null is less than non-null.
     1056     *  Variable time.
    10371057     */
    10381058    public final static int compareTo(byte lhs[], byte rhs[]) {
Note: See TracChangeset for help on using the changeset viewer.