foster/bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-03-05 14:06:27 -05:00
Code Issues Activity

crypto: chacha20: always use our fallback timingsafe_bcmp rather than libc's

Browse source 
Looking at apple/freebsd/openbsd sources, their implementations match our naive
fallback. It's not worth the hassle of using a platform-specific function for
no gain.
This commit is contained in:
Cory Fields 2024-04-04 19:56:21 +00:00
parent 23ba39470c
commit 2d1819455c
2 changed files with 2 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configure.ac
View file

@ -968,8 +968,6 @@ AC_CHECK_DECLS([setsid])
AC_CHECK_DECLS([pipe2]) AC_CHECK_DECLS([pipe2])
AC_CHECK_FUNCS([timingsafe_bcmp])
AC_MSG_CHECKING([for __builtin_clzl]) AC_MSG_CHECKING([for __builtin_clzl])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[
(void) __builtin_clzl(0); (void) __builtin_clzl(0);

13
src/crypto/chacha20poly1305.cpp
View file

@ -2,10 +2,6 @@
// Distributed under the MIT software license, see the accompanying // Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
#if defined(HAVE_CONFIG_H)
#include <config/bitcoin-config.h>
#endif
#include <crypto/chacha20poly1305.h> #include <crypto/chacha20poly1305.h>
#include <crypto/common.h> #include <crypto/common.h>
@ -30,10 +26,7 @@ void AEADChaCha20Poly1305::SetKey(Span<const std::byte> key) noexcept
namespace { namespace {
#ifndef HAVE_TIMINGSAFE_BCMP int timingsafe_bcmp_internal(const unsigned char* b1, const unsigned char* b2, size_t n) noexcept
#define HAVE_TIMINGSAFE_BCMP
int timingsafe_bcmp(const unsigned char* b1, const unsigned char* b2, size_t n) noexcept
{ {
const unsigned char *p1 = b1, *p2 = b2; const unsigned char *p1 = b1, *p2 = b2;
int ret = 0; int ret = 0;
@ -42,8 +35,6 @@ int timingsafe_bcmp(const unsigned char* b1, const unsigned char* b2, size_t n)
return (ret != 0); return (ret != 0);
} }
#endif
/** Compute poly1305 tag. chacha20 must be set to the right nonce, block 0. Will be at block 1 after. */ /** Compute poly1305 tag. chacha20 must be set to the right nonce, block 0. Will be at block 1 after. */
void ComputeTag(ChaCha20& chacha20, Span<const std::byte> aad, Span<const std::byte> cipher, Span<std::byte> tag) noexcept void ComputeTag(ChaCha20& chacha20, Span<const std::byte> aad, Span<const std::byte> cipher, Span<std::byte> tag) noexcept
{ {
@ -97,7 +88,7 @@ bool AEADChaCha20Poly1305::Decrypt(Span<const std::byte> cipher, Span<const std:
m_chacha20.Seek(nonce, 0); m_chacha20.Seek(nonce, 0);
std::byte expected_tag[EXPANSION]; std::byte expected_tag[EXPANSION];
ComputeTag(m_chacha20, aad, cipher.first(cipher.size() - EXPANSION), expected_tag); ComputeTag(m_chacha20, aad, cipher.first(cipher.size() - EXPANSION), expected_tag);
if (timingsafe_bcmp(UCharCast(expected_tag), UCharCast(cipher.last(EXPANSION).data()), EXPANSION)) return false; if (timingsafe_bcmp_internal(UCharCast(expected_tag), UCharCast(cipher.last(EXPANSION).data()), EXPANSION)) return false;
// Decrypt (starting at block 1). // Decrypt (starting at block 1).
m_chacha20.Crypt(cipher.first(plain1.size()), plain1); m_chacha20.Crypt(cipher.first(plain1.size()), plain1);