GH #1412: added Poco::DigestEngine::constantTimeEquals()

Foundation/include/Poco/DigestEngine.h

@@ -40,19 +40,19 @@ public:
 
 	DigestEngine();
 	virtual ~DigestEngine();
-		
+
 	void update(const void* data, std::size_t length);
 	void update(char data);
 	void update(const std::string& data);
 		/// Updates the digest with the given data.
-		
+
 	virtual std::size_t digestLength() const = 0;
 		/// Returns the length of the digest in bytes.
 
 	virtual void reset() = 0;
 		/// Resets the engine so that a new
 		/// digest can be computed.
-		
+
 	virtual const Digest& digest() = 0;
 		/// Finishes the computation of the digest and
 		/// returns the message digest. Resets the engine
@@ -66,11 +66,16 @@ public:
 	static Digest digestFromHex(const std::string& digest);
 		/// Converts a string created by digestToHex back to its Digest presentation
 
+	static bool constantTimeEquals(const Digest& d1, const Digest& d2);
+		/// Compares two Digest values using a constant-time comparison
+		/// algorithm. This can be used to prevent timing attacks
+		/// (as discussed in <https://codahale.com/a-lesson-in-timing-attacks/>).
+
 protected:
 	virtual void updateImpl(const void* data, std::size_t length) = 0;
 		/// Updates the digest with the given data. Must be implemented
 		/// by subclasses.
-		
+
 private:
 	DigestEngine(const DigestEngine&);
 	DigestEngine& operator = (const DigestEngine&);
@@ -96,7 +101,7 @@ inline void DigestEngine::update(char data)
 
 inline void DigestEngine::update(const std::string& data)
 {
-	updateImpl(data.data(), data.size());	
+	updateImpl(data.data(), data.size());
 }