Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // returns 1 is same, 0 otherwise
- int timing_safe_compare(char *known, size_t known_len, char *unknown, size_t unknown_len) {
- // Safe since all strings **will** be null terminated
- size_t mod_len = known_len + 1;
- size_t i;
- int result = 0;
- result = known_len - unknown_len;
- for (i = 0; i < unknown_len; i++) {
- result |= known[i % mod_len] ^ unknown[i];
- }
- return result == 0 ? 1 : 0;
- }
- int check(char *known, size_t known_len, char *unknown, size_t unknown_len, size_t max_len) {
- size_t i;
- int result = 0;
- // Constant time check, only gives away maximum length.
- if (unknown_len > max_len)
- return 0;
- // Will only give away the length of the attackers string, unless it was already too large (condition above). Don't bother doing an extra memcpy on your known or the attackers.
- for (i = 0; i < unknown_len; i++) {
- result |= known[i] ^ unknown[i];
- }
- return result == 0 ? 1 : 0;
- }
- bool timing_safe_equal(const std::string &s1, const std::string &s2)
- {
- const std::string hash1=sha384(s1);
- const std::string hash2=sha384(s2);
- int result=0;
- for (uint i = 0; i < 48; ++i)
- {
- result |= hash1[i] ^ hash2[i];
- }
- return (result == 0);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement