mirror of /home/gitosis/repositories/libowfat.git
parent
f56460eebc
commit
966c3f4d2f
8 changed files with 125 additions and 2 deletions
@ -0,0 +1,17 @@ |
||||
.TH byte_equal_notimingattack 3 |
||||
.SH NAME |
||||
byte_equal_notimingattack \- compare two strings |
||||
.SH SYNTAX |
||||
.B #include <libowfat/byte.h> |
||||
|
||||
int \fBbyte_equal_notimingattack\fP(const char *\fIone\fR,size_t \fIlen\fR,const char *\fItwo\fR); |
||||
.SH DESCRIPTION |
||||
\fIbyte_equal_notimingattack\fR returns 1 if the strings are equal, 0 otherwise. |
||||
|
||||
When the strings are different, byte_equal_notimingattack will still |
||||
read and compare all the other bytes. That way, an attacker observing |
||||
the timing of the execution can not learn where the first mismatch |
||||
occurred. |
||||
|
||||
.SH "SEE ALSO" |
||||
byte_diff(3), byte_equal(3) |
@ -0,0 +1,20 @@ |
||||
.TH byte_start 3 |
||||
.SH NAME |
||||
byte_start \- find out if string b is prefix of string a |
||||
.SH SYNTAX |
||||
.B #include <libowfat/byte.h> |
||||
|
||||
int \fBbyte_start\fP(const char *\fIa\fR,size_t \fIalen\fR,const char *\fIb\fR,size_t blen); |
||||
.SH DESCRIPTION |
||||
\fIbyte_start\fR returns 1 if \fIalen\fR >= \fIblen\fR and the first \fIblen\fR bytes from |
||||
\fIa\fR and \fIb\fR are equal. |
||||
|
||||
When \fIblen\fR is too large or the strings are different, \fIbyte_start\fR does not |
||||
read bytes past the first difference. An attacker observing the |
||||
execution timing can thus learn where the first mismatch happened. |
||||
|
||||
Use \fIbyte_equal_notimingattack\fR to compare keys, passphrases, cookies or |
||||
hashes instead. |
||||
|
||||
.SH "SEE ALSO" |
||||
byte_equal(3), byte_equal_notimingattack(3), byte_starts(3) |
@ -0,0 +1,16 @@ |
||||
#include <byte.h> |
||||
#include <string.h> |
||||
|
||||
int byte_start(const void* a,size_t alen,const void* b,size_t blen) { |
||||
return blen<=alen && !memcmp(a,b,blen); |
||||
} |
||||
|
||||
#ifdef UNITTEST |
||||
#include <assert.h> |
||||
int main() { |
||||
static char buf[]="The quick brown fox jumps over the lazy dog"; |
||||
assert(byte_start(buf,sizeof(buf)-1,"The ",4)); |
||||
assert(!byte_start(buf,sizeof(buf)-1,"the ",4)); |
||||
assert(!byte_start(buf,3,buf,9)); |
||||
} |
||||
#endif |
@ -0,0 +1,24 @@ |
||||
.TH byte_starts 3 |
||||
.SH NAME |
||||
byte_starts \- find out if a buffer starts with a string |
||||
.SH SYNTAX |
||||
.B #include <libowfat/byte.h> |
||||
|
||||
int \fBbyte_starts\fP(const char *\fIbuf\fR,size_t \fIbuflen\fR,const char *\fIstr\fR); |
||||
.SH DESCRIPTION |
||||
\fIbyte_starts\fR returns 1 if the \fIbuflen\fR>=strlen(\fIstr\fR) and the first |
||||
strlen(\fIstr\fR) bytes of \fIbuf\fR match the contents of \fIstr\fR, or |
||||
0 otherwise. |
||||
|
||||
This function is meant to be used in protocol parsing and with a string |
||||
constant for \fIstr\fR and will use gcc/clang macro trickery to reduce to a call to |
||||
\fImemcmp\fR then. |
||||
|
||||
\fIbyte_starts\fR compares as few bytes as possible. An attacker observing |
||||
the execution timing can thus learn where the first mismatch happened. |
||||
|
||||
Use \fIbyte_equal_notimingattack\fR to compare keys, passphrases, cookies or |
||||
hashes instead. |
||||
|
||||
.SH "SEE ALSO" |
||||
byte_equal(3), byte_equal_notimingattack(3), byte_start(3) |
@ -0,0 +1,24 @@ |
||||
#include <byte.h> |
||||
#undef byte_starts |
||||
#include <string.h> |
||||
|
||||
int byte_starts(const void* a,size_t alen,const char* s) { |
||||
size_t i; |
||||
for (i=0; i<alen; ++i) { |
||||
if (s[i]==0) return 1; |
||||
if (((const char*)a)[i] != s[i]) return 0; |
||||
} |
||||
return s[i]==0; |
||||
} |
||||
|
||||
#ifdef UNITTEST |
||||
#include <assert.h> |
||||
|
||||
int main() { |
||||
static char buf[]="The quick brown fox jumps over the lazy dog"; |
||||
assert(byte_starts(buf,sizeof(buf)-1,"The ")); |
||||
assert(!byte_starts(buf,sizeof(buf)-1,"the ")); |
||||
assert(!byte_starts(buf,2,"The ")); |
||||
assert(byte_starts("The ",4,"The ")); |
||||
} |
||||
#endif |
Loading…
Reference in new issue