Make GCM tag check "constant-time"

commit: 20d6a17af99ad538db902dbebf16879c0b3de687 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat Aug 31 16:37:46 2013 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat Aug 31 16:37:46 2013 +0200
tree: 02c69577a5be5c684da08a633330fe957397943e
parent: 07f8fa5a69f09bf2bba24a0c93fc3333e4d42a3e [diff] [blame]
diff --git a/library/gcm.c b/library/gcm.c
index 9c079bd..104fda3 100644
--- a/library/gcm.c
+++ b/library/gcm.c

@@ -357,15 +357,22 @@
                       unsigned char *output )
 {
     unsigned char check_tag[16];
+    size_t i;
+    int diff;
 
     gcm_crypt_and_tag( ctx, GCM_DECRYPT, length, iv, iv_len, add, add_len, input, output, tag_len, check_tag );
 
-    if( memcmp( check_tag, tag, tag_len ) == 0 )
-        return( 0 );
+    /* Check tag in "constant-time" */
+    for( diff = 0, i = 0; i < tag_len; i++ )
+        diff |= tag[i] ^ check_tag[i];
 
-    memset( output, 0, length );
+    if( diff != 0 )
+    {
+        memset( output, 0, length );
+        return( POLARSSL_ERR_GCM_AUTH_FAILED );
+    }
 
-    return( POLARSSL_ERR_GCM_AUTH_FAILED );
+    return( 0 );
 }
 
 #if defined(POLARSSL_SELF_TEST)
commit	20d6a17af99ad538db902dbebf16879c0b3de687	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Sat Aug 31 16:37:46 2013 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Sat Aug 31 16:37:46 2013 +0200
tree	02c69577a5be5c684da08a633330fe957397943e
parent	07f8fa5a69f09bf2bba24a0c93fc3333e4d42a3e [diff] [blame]