diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/tests/suites/test_chunk.c | 27 | ||||
| -rw-r--r-- | src/libstrongswan/utils/chunk.h | 13 |
2 files changed, 40 insertions, 0 deletions
diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index b5d23658d..312a187ac 100644 --- a/src/libstrongswan/tests/suites/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -61,6 +61,32 @@ START_TEST(test_chunk_equals) END_TEST /******************************************************************************* + * equals_const + */ + +START_TEST(test_chunk_equals_const) +{ + chunk_t chunk = chunk_from_str("chunk"); + chunk_t chunk_a, chunk_b; + + chunk_a = chunk_empty; + chunk_b = chunk_empty; + ck_assert(!chunk_equals_const(chunk_a, chunk_b)); + + chunk_a = chunk; + ck_assert(!chunk_equals_const(chunk_a, chunk_b)); + chunk_b = chunk; + ck_assert(chunk_equals_const(chunk_a, chunk_b)); + + chunk_b = chunk_from_str("asdf"); + ck_assert(!chunk_equals_const(chunk_a, chunk_b)); + + chunk_b = chunk_from_str("chunk"); + ck_assert(chunk_equals_const(chunk_a, chunk_b)); +} +END_TEST + +/******************************************************************************* * chunk_compare test */ @@ -1013,6 +1039,7 @@ Suite *chunk_suite_create() tc = tcase_create("equals"); tcase_add_test(tc, test_chunk_equals); + tcase_add_test(tc, test_chunk_equals_const); suite_add_tcase(s, tc); tc = tcase_create("chunk_compare"); diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 48405b77e..2ec7f7543 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -310,6 +310,19 @@ static inline bool chunk_equals(chunk_t a, chunk_t b) } /** + * Compare two chunks for equality, constant time for cryptographic purposes. + * + * Note that this function is constant time only for chunks with the same + * length, i.e. it does not protect against guessing the length of one of the + * chunks. + */ +static inline bool chunk_equals_const(chunk_t a, chunk_t b) +{ + return a.ptr != NULL && b.ptr != NULL && + a.len == b.len && memeq_const(a.ptr, b.ptr, a.len); +} + +/** * Compare two chunks (given as pointers) for equality (useful as callback), * NULL chunks are never equal. */ |