c# - Comparing two byte arrays guarding against timing attacks -


i want write method compare 2 byte arrays, not want use these solutions because want method resistant timing attacks. method looks like:

static bool areequal(byte[] a1, byte[] a2) {     bool result = true;     (int = 0; < a1.length; ++i)     {         if (a1[i] != a2[i])             result = false;     }     return result; }

(with assumption a1 , a2 have same length).

my concern sufficiently smart just-in-time compiler might optimize returning if result ever set false.

i have checked jitted assembly code produced .net 4.0.30319, , not:

                          ; `bool result = true;' 00e000d1 bb01000000      mov     ebx,1                          ; `int = 0;' 00e000d6 33f6            xor     esi,esi                          ; store `a1.length' in eax , @ dword ptr [ebp-10h] 00e000d8 8b4104          mov     eax,dword ptr [ecx+4] 00e000db 8945f0          mov     dword ptr [ebp-10h],eax                          ; if `a1.length' 0, jump `return result;' 00e000de 85c0            test    eax,eax 00e000e0 7e18            jle     00e000fa                          ; `if (a1[i] != a2[i])' 00e000e2 0fb6443108      movzx   eax,byte ptr [ecx+esi+8] 00e000e7 3b7704          cmp     esi,dword ptr [edi+4] 00e000ea 7316            jae     00e00102 00e000ec 3a443708        cmp     al,byte ptr [edi+esi+8] 00e000f0 7402            je      00e000f4                          ; `result = false;' 00e000f2 33db            xor     ebx,ebx                          ; `++i' 00e000f4 46              inc     esi                          ; check: `a1.length > i' 00e000f5 3975f0          cmp     dword ptr [ebp-10h],esi 00e000f8 7fe8            jg      00e000e2                          ; `return result;' 00e000fa 8bc3            mov     eax,ebx 00e000fc 59              pop     ecx 00e000fd 5b              pop     ebx 00e000fe 5e              pop     esi 00e000ff 5f              pop     edi 00e00100 5d              pop     ebp 00e00101 c3              ret 00e00102 e81f7a1772      call    clr!createhistoryreader+0x8e97c (72f77b26) 00e00107 cc              int     3 00e00108 0000            add     byte ptr [eax],al 00e0010a 0000            add     byte ptr [eax],al 00e0010c 0000            add     byte ptr [eax],al 00e0010e 0000            add     byte ptr [eax],al ...

however, thinking change in future.

is there way prevent jit compiler optimizing method? alternatively, there library function can use checks 2 byte arrays equality, resistant timing attacks?

you can use methodimplattribute-class of system.runtime.compilerservices namespace methodimploptions.nooptimization option this:

[methodimpl(methodimploptions.nooptimization)] static bool areequal(byte[] a1, byte[] a2) {     // ... }

Comments

Post a Comment

Popular posts from this blog

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a
Read more

Python Tkinter keyboard using bind -

i have problem using bind option can click button in keyboard, , call function once key pressed. tried taking other codes have similar purpose , saw i'm doing pretty same, though still have problem must've missed. thankful if me this. here's code: # -*- coding: utf-8 -*- #imports tkinter import * pil import imagetk, image import time import tkmessagebox #===========================================================================================================================================# #tkinter class class app(frame): def __init__(self, master=none): frame.__init__(self, master) self.pack() #===========================================================================================================================================# #game pieces classes class board: def __init__(self, rows = 7, columns = 6, picture_height = none, picture_width = none): self.rows = rows self.columns = columns self.picture
Read more

ubuntu - Selenium Node Not Connecting to Hub, Not Opening Port -

i'm trying set demo selenium grid. have digital ocean ubuntu 14.02 droplet. (i have 2 , tried set using 2 different machines got nowhere.) i'm trying run hub , node both locally. here input both hub, node, , nmap results. https://gist.github.com/mekhami/d5bbecca5ff0de9d2dc9 so, node starting tcp connection reset , port it's supposed operate on closed. i have had no luck in number of different options , configurations work. but... of course, worked randomly once. don't know why, don't know did, know 1 brief moment, node connected , saw on grid console. tried run test , went down again , i've never seen come up. please let me know more information can provide. update: randomly came online again. don't know happened, might related timeout or time_wait or going on. this because vm/server not have enough entropy available. to resolve problem, install haveged (or other similar things). the instructions of how install haveged on ubu
Read more