Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0fa107a6aa
Branches Tags
tor
/
src
/
common
/
di_ops.c

di_ops.c 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. /* Copyright (c) 2011-2012, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. /**
    5. 

  5.  * \file di_ops.c
    6. 

  6.  * \brief Functions for data-independent operations.
    7. 

  7.  **/
    8. 

  8. 

  9. #include "orconfig.h"
    10. 

  10. #include "di_ops.h"
    11. 

  11. 

  12. /**
    13. 

  13.  * Timing-safe version of memcmp.  As memcmp, compare the <b>sz</b> bytes at
    14. 

  14.  * <b>a</b> with the <b>sz</b> bytes at <b>b</b>, and return less than 0 if
    15. 

  15.  * the bytes at <b>a</b> lexically precede those at <b>b</b>, 0 if the byte
    16. 

  16.  * ranges are equal, and greater than zero if the bytes at <b>a</b> lexically
    17. 

  17.  * follow those at <b>b</b>.
    18. 

  18.  *
    19. 

  19.  * This implementation differs from memcmp in that its timing behavior is not
    20. 

  20.  * data-dependent: it should return in the same amount of time regardless of
    21. 

  21.  * the contents of <b>a</b> and <b>b</b>.
    22. 

  22.  */
    23. 

  23. int
    24. 

  24. tor_memcmp(const void *a, const void *b, size_t len)
    25. 

  25. {
    26. 

  26.   const uint8_t *x = a;
    27. 

  27.   const uint8_t *y = b;
    28. 

  28.   size_t i = len;
    29. 

  29.   int retval = 0;
    30. 

  30. 

  31.   /* This loop goes from the end of the arrays to the start.  At the
    32. 

  32.    * start of every iteration, before we decrement i, we have set
    33. 

  33.    * "retval" equal to the result of memcmp(a+i,b+i,len-i).  During the
    34. 

  34.    * loop, we update retval by leaving it unchanged if x[i]==y[i] and
    35. 

  35.    * setting it to x[i]-y[i] if x[i]!= y[i].
    36. 

  36.    *
    37. 

  37.    * The following assumes we are on a system with two's-complement
    38. 

  38.    * arithmetic.  We check for this at configure-time with the check
    39. 

  39.    * that sets USING_TWOS_COMPLEMENT.  If we aren't two's complement, then
    40. 

  40.    * torint.h will stop compilation with an error.
    41. 

  41.    */
    42. 

  42.   while (i--) {
    43. 

  43.     int v1 = x[i];
    44. 

  44.     int v2 = y[i];
    45. 

  45.     int equal_p = v1 ^ v2;
    46. 

  46. 

  47.     /* The following sets bits 8 and above of equal_p to 'equal_p ==
    48. 

  48.      * 0', and thus to v1 == v2.  (To see this, note that if v1 ==
    49. 

  49.      * v2, then v1^v2 == equal_p == 0, so equal_p-1 == -1, which is the
    50. 

  50.      * same as ~0 on a two's-complement machine.  Then note that if
    51. 

  51.      * v1 != v2, then 0 < v1 ^ v2 < 256, so 0 <= equal_p - 1 < 255.)
    52. 

  52.      */
    53. 

  53.     --equal_p;
    54. 

  54. 

  55.     equal_p >>= 8;
    56. 

  56.     /* Thanks to (sign-preserving) arithmetic shift, equal_p is now
    57. 

  57.      * equal to -(v1 == v2), which is exactly what we need below.
    58. 

  58.      * (Since we're assuming two's-complement arithmetic, -1 is the
    59. 

  59.      * same as ~0 (all bits set).)
    60. 

  60.      *
    61. 

  61.      * (The result of an arithmetic shift on a negative value is
    62. 

  62.      * actually implementation-defined in standard C.  So how do we
    63. 

  63.      * get away with assuming it?  Easy.  We check.) */
    64. 

  64. #if ((-60 >> 8) != -1)
    65. 

  65. #error "According to cpp, right-shift doesn't perform sign-extension."
    66. 

  66. #endif
    67. 

  67. #ifndef RSHIFT_DOES_SIGN_EXTEND
    68. 

  68. #error "According to configure, right-shift doesn't perform sign-extension."
    69. 

  69. #endif
    70. 

  70. 

  71.     /* If v1 == v2, equal_p is ~0, so this will leave retval
    72. 

  72.      * unchanged; otherwise, equal_p is 0, so this will zero it. */
    73. 

  73.     retval &= equal_p;
    74. 

  74. 

  75.     /* If v1 == v2, then this adds 0, and leaves retval unchanged.
    76. 

  76.      * Otherwise, we just zeroed retval, so this sets it to v1 - v2. */
    77. 

  77.     retval += (v1 - v2);
    78. 

  78. 

  79.     /* There.  Now retval is equal to its previous value if v1 == v2, and
    80. 

  80.      * equal to v1 - v2 if v1 != v2. */
    81. 

  81.   }
    82. 

  82. 

  83.   return retval;
    84. 

  84. }
    85. 

  85. 

  86. /**
    87. 

  87.  * Timing-safe memory comparison.  Return true if the <b>sz</b> bytes at
    88. 

  88.  * <b>a</b> are the same as the <b>sz</b> bytes at <b>b</b>, and 0 otherwise.
    89. 

  89.  *
    90. 

  90.  * This implementation differs from !memcmp(a,b,sz) in that its timing
    91. 

  91.  * behavior is not data-dependent: it should return in the same amount of time
    92. 

  92.  * regardless of the contents of <b>a</b> and <b>b</b>.  It differs from
    93. 

  93.  * !tor_memcmp(a,b,sz) by being faster.
    94. 

  94.  */
    95. 

  95. int
    96. 

  96. tor_memeq(const void *a, const void *b, size_t sz)
    97. 

  97. {
    98. 

  98.   /* Treat a and b as byte ranges. */
    99. 

  99.   const uint8_t *ba = a, *bb = b;
    100. 

  100.   uint32_t any_difference = 0;
    101. 

  101.   while (sz--) {
    102. 

  102.     /* Set byte_diff to all of those bits that are different in *ba and *bb,
    103. 

  103.      * and advance both ba and bb. */
    104. 

  104.     const uint8_t byte_diff = *ba++ ^ *bb++;
    105. 

  105. 

  106.     /* Set bits in any_difference if they are set in byte_diff. */
    107. 

  107.     any_difference |= byte_diff;
    108. 

  108.   }
    109. 

  109. 

  110.   /* Now any_difference is 0 if there are no bits different between
    111. 

  111.    * a and b, and is nonzero if there are bits different between a
    112. 

  112.    * and b.  Now for paranoia's sake, let's convert it to 0 or 1.
    113. 

  113.    *
    114. 

  114.    * (If we say "!any_difference", the compiler might get smart enough
    115. 

  115.    * to optimize-out our data-independence stuff above.)
    116. 

  116.    *
    117. 

  117.    * To unpack:
    118. 

  118.    *
    119. 

  119.    * If any_difference == 0:
    120. 

  120.    *            any_difference - 1 == ~0
    121. 

  121.    *     (any_difference - 1) >> 8 == 0x00ffffff
    122. 

  122.    *     1 & ((any_difference - 1) >> 8) == 1
    123. 

  123.    *
    124. 

  124.    * If any_difference != 0:
    125. 

  125.    *            0 < any_difference < 256, so
    126. 

  126.    *            0 < any_difference - 1 < 255
    127. 

  127.    *            (any_difference - 1) >> 8 == 0
    128. 

  128.    *            1 & ((any_difference - 1) >> 8) == 0
    129. 

  129.    */
    130. 

  130. 

  131.   return 1 & ((any_difference - 1) >> 8);
    132. 

  132. }
    133. 

  133.