zig

fork of https://codeberg.org/ziglang/zig
Log | Files | Refs | README | LICENSE

commit 5f9953f41ff7761cdf86c211c91de7470425771c (tree)
parent 3f0d80f25eccd12759bad21fb8429e646eff070b
Author: Frank Denis <github@pureftpd.org>
Date:   Fri, 14 Aug 2020 16:08:26 +0200

Remove mem.timingSafeEqual() for now

This requires assembly implementations, and is not needed for
signature verification.

Thanks @daurnimator

Diffstat:
Mlib/std/crypto/25519/ed25519.zig | 2+-
Mlib/std/mem.zig | 25-------------------------
2 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/lib/std/crypto/25519/ed25519.zig b/lib/std/crypto/25519/ed25519.zig @@ -96,7 +96,7 @@ pub const Ed25519 = struct { const p = try a.neg().mul(hram); const check = (try Curve.basePoint().mul(s.*)).add(p).toBytes(); - if (mem.timingSafeEqual(u8, &check, r) == false) { + if (mem.eql(u8, &check, r) == false) { return error.InvalidSignature; } } diff --git a/lib/std/mem.zig b/lib/std/mem.zig @@ -334,31 +334,6 @@ test "mem.secureZero" { testing.expectEqualSlices(u8, a[0..], b[0..]); } -/// Constant-time (for a given length) comparison. -pub fn timingSafeEqual(comptime T: type, a: []const T, b: []const T) bool { - const length = a.len; - if (length != b.len) { - return false; - } - const ap = @ptrCast([*]const volatile T, a.ptr); - const bp = @ptrCast([*]const volatile T, b.ptr); - var c: u8 = 0; - var i: usize = 0; - while (i < length) : (i += 1) { - c |= a[i] ^ b[i]; - } - return c == 0; -} - -test "mem.timingSafeEqual" { - var a = [_]u8{0xfe} ** 8; - var b = [_]u8{0xfe} ** 8; - - testing.expect(timingSafeEqual(u8, &a, &b)); - a[0] += 1; - testing.expect(!timingSafeEqual(u8, &a, &b)); -} - /// Initializes all fields of the struct with their default value, or zero values if no default value is present. /// If the field is present in the provided initial values, it will have that value instead. /// Structs are initialized recursively.