From 8123ce62094bf88a4107506d7acd3e8e2866bc1f Mon Sep 17 00:00:00 2001
From: Mark Haines <mark.haines@matrix.org>
Date: Tue, 3 Mar 2015 15:08:56 +0000
Subject: Constant time comparison for mac

---
 src/memory.cpp  | 20 +++++++++++++++++---
 src/ratchet.cpp |  2 +-
 2 files changed, 18 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/memory.cpp b/src/memory.cpp
index 14c95dd..07e8de2 100644
--- a/src/memory.cpp
+++ b/src/memory.cpp
@@ -1,11 +1,25 @@
 #include "axolotl/memory.hh"
 
+
 void axolotl::unset(
-    volatile void * buffer, std::size_t buffer_length
+    void volatile * buffer, std::size_t buffer_length
 ) {
-    volatile char * pos = reinterpret_cast<volatile char *>(buffer);
-    volatile char * end = pos + buffer_length;
+    char volatile * pos = reinterpret_cast<char volatile *>(buffer);
+    char volatile * end = pos + buffer_length;
     while (pos != end) {
         *(pos++) = 0;
     }
 }
+
+
+bool axolotl::is_equal(
+    std::uint8_t const * buffer_a,
+    std::uint8_t const * buffer_b,
+    std::size_t length
+) {
+    std::uint8_t volatile result = 0;
+    while (length--) {
+        result |= (*(buffer_a++)) ^ (*(buffer_b++));
+    }
+    return result == 0;
+}
diff --git a/src/ratchet.cpp b/src/ratchet.cpp
index d2903bb..ccb8e73 100644
--- a/src/ratchet.cpp
+++ b/src/ratchet.cpp
@@ -104,7 +104,7 @@ bool verify_mac(
         mac
     );
 
-    bool result = std::memcmp(mac, reader.mac, MAC_LENGTH) == 0;
+    bool result = axolotl::is_equal(mac, reader.mac, MAC_LENGTH);
     axolotl::unset(mac);
     return result;
 }
-- 
cgit v1.2.3