Re: Side-channel silet memcmp

Mon, 28 Apr 2014 02:44:28 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Niels Möller wrote:
> There are lots of authentication functions which end by comparing
> two digests. The recent ccm_decrypt_message is typical, ending with
> 
> return (memcmp(tag, src + mlength, tlength) == 0);

> int mem_equal (const void *ap, const void *bp, size_t n) { volatile
> const unsigned char *a = ap; volatile const unsigned char *b = bp

Missing semicolon for bp.


> volatile unsigned char d; size_t i; for (i = d = 0; i < n; i++) d |=
> a[i] ^ b[i]; return d == 0;

You should return d here if you want the behaviour to match memcmp.

FWIW I implemented the function above (minus changes to stdint types) in
my umactests. And for 100M messages, each 1024 Bytes I see something
like a few second total increase in performance in comparison to using
the memcmp provided in OSX. I can live with that.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          [email protected]
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTXiK6AAoJEF3cfFQkIuyNT34QAIq0XjYCKo8pNTNWXKTrS3mA
UVLuOiQR5ar4nEAm4vsaNBE014/mGo2Gp9xP1wEGK65T0KGIDVlrg/1A4fiilAcg
ORSBnHUI386+volf6Nld7qaVfbTtldXg7OTZKEyBZ7yrViZ0jyB6NPLOsb8li1D2
CDZz9EstEkPCtJ9zYWIjTQRNDJ7N/SfIBFVSFIElzCaa+jo1gY1jI79OHRGP3Vj/
2PcmzocMP/UHTHpWWRTmd+me059yiWZ2En6ZUWmaWvQegOWrLZyTF/3iX8rimjRB
tvL1mC0iSYRBHLb61J3SPVbxXujYcFQbICC8C7QXNDbtp+7h0q40xy9zaMFJkBMI
aBh93wpCAigAdwole7OA8z+OKBTnsH6YegAA6nelAuip83kq9AIKz0ETSHXfnwKr
IWai9nISq79qTkGUsL14etFrtGRGu985jcv+PMO2cHIbpHnU9D9hgo005eAJIhll
P1h9rATWrbJM5cyipvaZhDrVCClNUfKY20c3tCuY6lyieAnwYGND2rI5ARWMCBoD
3jrouwG27FSWeKthEd5LPvGDkBLrdc4fcD5oOATKTOrPc8GeASU+IpqITpYFD9Ak
VBDGltQoV90L/D1yFAEnj6pklz8OE3F+JQO7OEQ1NtyMtcH3aqA3JnR63odMTLyL
Bk3M7ZoBe7Dhh7YhoHSz
=ssYB
-----END PGP SIGNATURE-----
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

Reply via email to