extern/encfs
1
0
Fork 0
mirror of https://github.com/vgough/encfs.git synced 2024-11-22 07:53:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare MACs in constant time to prevent timing attacks

Browse Source 
Fixes bug #12.
This commit is contained in:
Jakob Unterwurzacher 2014-10-16 22:18:02 +02:00
parent 8bda1c8a46
commit 87fac6af57
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
encfs/MACFileIO.cpp
View File

@ -206,12 +206,18 @@ ssize_t MACFileIO::readOneBlock( const IORequest &req ) const
uint64_t mac = cipher->MAC_64( tmp.data + macBytes,
readSize - macBytes, key );
// Constant time comparision to prevent timing attacks
unsigned char fail = 0;
for(int i=0; i<macBytes; ++i, mac >>= 8)
{
int test = mac & 0xff;
int stored = tmp.data[i];
if(test != stored)
{
fail |= (test ^ stored);
}
if( fail > 0 )
{
// uh oh..
long blockNum = req.offset / bs;
rWarning(_("MAC comparison failure in block %li"),
@ -222,8 +228,6 @@ ssize_t MACFileIO::readOneBlock( const IORequest &req ) const
throw ERROR(
_("MAC comparison failure, refusing to read"));
}
break;
}
}
}