Re: Imminent bugfix release (1.97.1)

[Bean]

On Tue, Nov 10, 2009 at 10:25 PM, Duboucher Thomas <address@hidden> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bean a écrit :
>> Hi,
>>
>> Oh, I just come up with a better way to do this:
>>
>> typedef char grub_password_t[1024];
>>
>> int
>> grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)
>> {
>>  char r1 = 0;
>>  char r2 = 0;
>>  char *p;
>>  int i, c;
>>
>>  p = &r1;
>>  c = 0;
>>  for (i = 0; i < sizeof (grub_password_t); i++, s1++, s2++)
>>    {
>>      *p | = (*s1 ^ *s2);
>>      if ((int) *s1 == c)
>>        {
>>        p = &r2;
>>        c = 0x100;
>>        }
>>    }
>>
>>  return (r1 != 0);
>> }
>>
>> The condition (int) *s1 == c would be true exactly once.
>>
>
>        Well, it seems I lost something somewhere. I don't understand the need
> of doing it exactly sizeof (grub_password_t) times, except from having a
> perfectly symetric function. IMHO, stopping the comparison when the
> input buffer is done reading, or when the maximum size of a passphrase
> is reached does not leak any information to the attacker. So I would
> stick to
>
> typedef char grub_password_t[1024];
>
> int
> auth_strcmp (const grub_password_t input, grub_password_t key)
> {
>  int retval, it;
>
>  for (it = retval = 0; it < PASSPHRASE_MAXSIZE; it++, input++, key++)
>  {
>    retval |= (*input != *key);
>
>    if (*input == '\0')
>      break;
>  }
>
>  return !retval;
> }
>
>        Also, take care that it requires to check how the function is
> optimized; sometimes you have surprises ... ;)

Hi,

My previous function ensures that execution time is the same
regardless of the input. Although it's not necessary, I guess it's a
nice feature to have. BTW, the simpler function does leak one
information, the size of buffer as the execution time would increase
until the buffer size is reached.


-- 
Bean

My repository: https://launchpad.net/burg
Document: https://help.ubuntu.com/community/Burg