Crypto::Secret Timing safe ==

This commit is contained in:
Didactic Drunk 2021-06-13 12:52:05 -07:00
parent de11459cb1
commit f6737a766f
2 changed files with 28 additions and 2 deletions

View File

@ -4,7 +4,15 @@ require "../src/crypto-secret/not"
describe Crypto::Secret::Not do
it "works" do
ksize = 32
secret = Crypto::Secret::Not.new ksize
secret.to_slice.should eq Bytes.new ksize
key = Bytes.new ksize
key[1] = 1_u8
secret1 = Crypto::Secret::Not.new key.dup
secret1.to_slice.should eq key
secret2 = Crypto::Secret::Not.new key.dup
(secret1 == secret2).should be_true
(secret1 == secret2.to_slice).should be_true
end
end

View File

@ -1,3 +1,5 @@
require "crypto/subtle"
# Interface to hold sensitive information (often cryptographic keys)
#
# **Only for direct use by cryptographic library authors**
@ -41,4 +43,20 @@ module Crypto::Secret
def finalize
wipe
end
# Timing safe memory compare
def ==(other : Secret): Bool
readonly do
other.readonly do
Crypto::Subtle.constant_time_compare to_slice, other.to_slice
end
end
end
# Timing safe memory compare
def ==(other : Bytes) : Bool
readonly do
Crypto::Subtle.constant_time_compare to_slice, other.to_slice
end
end
end