generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-04-16 23:12:57 +02:00
Code Issues Projects Releases Wiki Activity

GH #1412: added Poco::DigestEngine::constantTimeEquals()

Browse Source
This commit is contained in:
Guenter Obiltschnig 2017-11-01 17:37:35 +01:00
parent 5b4c803e5d
commit 646c22c586
4 changed files with 40 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Foundation/include/Poco/DigestEngine.h
View File

@ -66,6 +66,11 @@ public:
static Digest digestFromHex(const std::string& digest); static Digest digestFromHex(const std::string& digest);
/// Converts a string created by digestToHex back to its Digest presentation /// Converts a string created by digestToHex back to its Digest presentation
static bool constantTimeEquals(const Digest& d1, const Digest& d2);
/// Compares two Digest values using a constant-time comparison
/// algorithm. This can be used to prevent timing attacks
/// (as discussed in <https://codahale.com/a-lesson-in-timing-attacks/>).
protected: protected:
virtual void updateImpl(const void* data, std::size_t length) = 0; virtual void updateImpl(const void* data, std::size_t length) = 0;
/// Updates the digest with the given data. Must be implemented /// Updates the digest with the given data. Must be implemented

16
Foundation/src/DigestEngine.cpp
View File

@ -79,5 +79,21 @@ DigestEngine::Digest DigestEngine::digestFromHex(const std::string& digest)
} }
bool DigestEngine::constantTimeEquals(const Digest& d1, const Digest& d2)
{
if (d1.size() != d2.size()) return false;
int result = 0;
Digest::const_iterator it1 = d1.begin();
Digest::const_iterator it2 = d2.begin();
Digest::const_iterator end1 = d1.end();
while (it1 != end1)
{
result |= *it1++ ^ *it2++;
}
return result == 0;
}
} // namespace Poco } // namespace Poco

12
Foundation/testsuite/src/MD5EngineTest.cpp
View File

@ -58,6 +58,17 @@ void MD5EngineTest::testMD5()
} }
void MD5EngineTest::testConstantTimeEquals()
{
DigestEngine::Digest d1 = DigestEngine::digestFromHex("d41d8cd98f00b204e9800998ecf8427e");
DigestEngine::Digest d2 = DigestEngine::digestFromHex("d41d8cd98f00b204e9800998ecf8427e");
DigestEngine::Digest d3 = DigestEngine::digestFromHex("0cc175b9c0f1b6a831c399e269772661");
assert (DigestEngine::constantTimeEquals(d1, d2));
assert (!DigestEngine::constantTimeEquals(d1, d3));
}
void MD5EngineTest::setUp() void MD5EngineTest::setUp()
{ {
} }
@ -73,6 +84,7 @@ CppUnit::Test* MD5EngineTest::suite()
CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("MD5EngineTest"); CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("MD5EngineTest");
CppUnit_addTest(pSuite, MD5EngineTest, testMD5); CppUnit_addTest(pSuite, MD5EngineTest, testMD5);
CppUnit_addTest(pSuite, MD5EngineTest, testConstantTimeEquals);
return pSuite; return pSuite;
} }

1
Foundation/testsuite/src/MD5EngineTest.h
View File

@ -25,6 +25,7 @@ public:
~MD5EngineTest(); ~MD5EngineTest();
void testMD5(); void testMD5();
void testConstantTimeEquals();
void setUp(); void setUp();
void tearDown(); void tearDown();