1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
//! Utilities to safely compare cryptographic values.
//!
//! Extra care must be taken when comparing values in
//! cryptographic code. If done incorrectly, it can lead
//! to a [timing attack](https://en.wikipedia.org/wiki/Timing_attack).
//! By analyzing the time taken to execute parts of a cryptographic
//! algorithm, and attacker can attempt to compromise the
//! cryptosystem.
//!
//! The utilities in this module are designed to be resistant
//! to this type of attack.
//!
//! # Examples
//!
//! To perform a constant-time comparision of two arrays of the same length but different
//! values:
//!
//! ```
//! use openssl::memcmp::eq;
//!
//! // We want to compare `a` to `b` and `c`, without giving
//! // away through timing analysis that `c` is more similar to `a`
//! // than `b`.
//! let a = [0, 0, 0];
//! let b = [1, 1, 1];
//! let c = [0, 0, 1];
//!
//! // These statements will execute in the same amount of time.
//! assert!(!eq(&a, &b));
//! assert!(!eq(&a, &c));
//! ```
use ffi;
use libc::size_t;

/// Returns `true` iff `a` and `b` contain the same bytes.
///
/// This operation takes an amount of time dependent on the length of the two
/// arrays given, but is independent of the contents of a and b.
///
/// # Panics
///
/// This function will panic the current task if `a` and `b` do not have the same
/// length.
///
/// # Examples
///
/// To perform a constant-time comparision of two arrays of the same length but different
/// values:
///
/// ```
/// use openssl::memcmp::eq;
///
/// // We want to compare `a` to `b` and `c`, without giving
/// // away through timing analysis that `c` is more similar to `a`
/// // than `b`.
/// let a = [0, 0, 0];
/// let b = [1, 1, 1];
/// let c = [0, 0, 1];
///
/// // These statements will execute in the same amount of time.
/// assert!(!eq(&a, &b));
/// assert!(!eq(&a, &c));
/// ```
pub fn eq(a: &[u8], b: &[u8]) -> bool {
    assert!(a.len() == b.len());
    let ret = unsafe {
        ffi::CRYPTO_memcmp(
            a.as_ptr() as *const _,
            b.as_ptr() as *const _,
            a.len() as size_t,
        )
    };
    ret == 0
}

#[cfg(test)]
mod tests {
    use super::eq;

    #[test]
    fn test_eq() {
        assert!(eq(&[], &[]));
        assert!(eq(&[1], &[1]));
        assert!(!eq(&[1, 2, 3], &[1, 2, 4]));
    }

    #[test]
    #[should_panic]
    fn test_diff_lens() {
        eq(&[], &[1]);
    }
}