Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a constEq (or similar) function for security use cases #697

Open
Vlix opened this issue Oct 19, 2024 · 0 comments
Open

Adding a constEq (or similar) function for security use cases #697

Vlix opened this issue Oct 19, 2024 · 0 comments

Comments

@Vlix
Copy link

Vlix commented Oct 19, 2024
edited
Loading

To prevent timing attacks, sometimes you'd want to compare bytes (like hashes) in constant time, since this can give the attacker information on how far they have matched the bytes.

This is a semi-quick example of what it might/would look like (did not compile, might have errors)
(based it off of constEq from the memory package)

constEq :: ByteString -> ByteString -> Bool
constEq (BS fptr1 len1) (BS fptr2 len2)
    | len1 /= len2 = False
    | otherwise = accursedUnutterablePerformIO $ do
        withForeignPtr fptr1 $ \ptr1 ->
        withForeignPtr fptr2 $ \ptr2 ->
          let loop i !acc
                  | i == len1 = pure $! acc == 0
                  | otherwise = do
                      mZero <- xor <$> peekByteOff i ptr1 <*> (peekByteOff i ptr2 :: IO Word8)
                      loop (i + 1) (acc .|. mZero)
           in loop 0 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Vlix