extern/encfs
1
0
Fork 0
mirror of https://github.com/vgough/encfs.git synced 2024-11-22 16:03:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare MACs in constant time to prevent timing attacks

Browse Source 
Fixes bug #12.
This commit is contained in:
Jakob Unterwurzacher 2014-10-16 22:18:02 +02:00
parent 8bda1c8a46
commit 87fac6af57
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
encfs/MACFileIO.cpp
View File

@ -206,11 +206,17 @@ ssize_t MACFileIO::readOneBlock( const IORequest &req ) const
uint64_t mac = cipher->MAC_64( tmp.data + macBytes, uint64_t mac = cipher->MAC_64( tmp.data + macBytes,
readSize - macBytes, key ); readSize - macBytes, key );
// Constant time comparision to prevent timing attacks
unsigned char fail = 0;
for(int i=0; i<macBytes; ++i, mac >>= 8) for(int i=0; i<macBytes; ++i, mac >>= 8)
{ {
int test = mac & 0xff; int test = mac & 0xff;
int stored = tmp.data[i]; int stored = tmp.data[i];
if(test != stored)
fail |= (test ^ stored);
}
if( fail > 0 )
{ {
// uh oh.. // uh oh..
long blockNum = req.offset / bs; long blockNum = req.offset / bs;
@ -222,8 +228,6 @@ ssize_t MACFileIO::readOneBlock( const IORequest &req ) const
throw ERROR( throw ERROR(
_("MAC comparison failure, refusing to read")); _("MAC comparison failure, refusing to read"));
} }
break;
}
} }
} }