Check HMAC in constant-time in crypt_and_hash

2024-10-18 14:21:06 +00:00 · 2013-10-31 14:22:08 +01:00 · 2013-10-31 14:22:08 +01:00 · 424cd6943c
parent 0d7702c3ee
commit 424cd6943c
1 changed files with 7 additions and 1 deletions
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@ -76,6 +76,7 @@ int main( int argc, char *argv[] )
    unsigned char digest[POLARSSL_MD_MAX_SIZE];
    unsigned char buffer[1024];
    unsigned char output[1024];
+    unsigned char diff;

    const cipher_info_t *cipher_info;
    const md_info_t *md_info;
@ -476,7 +477,12 @@ int main( int argc, char *argv[] )
            goto exit;
        }

-        if( memcmp( digest, buffer, md_get_size( md_info ) ) != 0 )
+        /* Use constant-time buffer comparison */
+        diff = 0;
+        for( i = 0; i < md_get_size( md_info ); i++ )
+            diff |= digest[i] ^ buffer[i];
+
+        if( diff != 0 )
        {
            fprintf( stderr, "HMAC check failed: wrong key, "
                             "or file corrupted.\n" );