Tools/Hazel-Networking/Hazel/Crypto/Const.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

using System.Diagnostics;

namespace Hazel.Crypto
{
    public static class Const
    {

        /// <summary>
        /// Compare two bytes for equality.
        ///
        /// This takes care to always use a constant amount of time to prevent
        /// leaking information through side-channel attacks.
        ///
        /// This is aceived by collapsing the xor bits down into a single bit.
        ///
        /// Ported from:
        /// https://github.com/mendsley/tiny/blob/master/include/tiny/crypto/constant.h
        /// </summary>
        /// <returns>
        /// Returns `1` is the two bytes or equivalent. Otherwise, returns `0`
        /// </returns>
        public static byte ConstantCompareByte(byte a, byte b)
        {
            byte result = (byte)(~(a ^ b));

            // collapse bits down to the LSB
            result &= (byte)(result >> 4);
            result &= (byte)(result >> 2);
            result &= (byte)(result >> 1);

            return result;
        }

        /// <summary>
        /// Compare two equal length spans for equality.
        ///
        /// This takes care to always use a constant amount of time to prevent
        /// leaking information through side-channel attacks.
        ///
        /// Ported from:
        /// https://github.com/mendsley/tiny/blob/master/include/tiny/crypto/constant.h
        /// </summary>
        /// <returns>
        /// Returns `1` if the spans are equivalent. Others, returns `0`.
        /// </returns>
        public static byte ConstantCompareSpans(ByteSpan a, ByteSpan b)
        {
            Debug.Assert(a.Length == b.Length);

            byte value = 0;
            for (int ii = 0, nn = a.Length; ii != nn; ++ii)
            {
                value |= (byte)(a[ii] ^ b[ii]);
            }

            return ConstantCompareByte(value, 0);
        }

        /// <summary>
        /// Compare a span against an all zero span
        ///
        /// This takes care to always use a constant amount of time to prevent
        /// leaking information through side-channel attacks.
        ///
        /// Ported from:
        /// https://github.com/mendsley/tiny/blob/master/include/tiny/crypto/constant.h
        /// </summary>
        /// <returns>
        /// Returns `1` if the spans is all zeros. Others, returns `0`.
        /// </returns>
        public static byte ConstantCompareZeroSpan(ByteSpan a)
        {
            byte value = 0;
            for (int ii = 0, nn = a.Length; ii != nn; ++ii)
            {
                value |= (byte)(a[ii] ^ 0);
            }

            return ConstantCompareByte(value, 0);
        }
    }
}