Skip to content

Commit

Permalink
fix: services/util/SesameSecured: avoid timing attack on verifying MAC (
Browse files Browse the repository at this point in the history 
#818)
  • Loading branch information
@richardapeters
richardapeters authored Feb 7, 2025
1 parent 784c7e5 commit 51dca2d
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion services/util/SesameSecured.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,11 @@ namespace services
std::array<uint8_t, blockSize> receivedMac;
stream >> infra::MakeRange(receivedMac);

if (computedMac != receivedMac)
uint32_t numSame = 0;
for (auto i = 0; i != computedMac.size(); ++i)
numSame += computedMac[i] == receivedMac[i];

if (numSame != computedMac.size())
return;

IncreaseIv(receiveIv);
Expand Down

0 comments on commit 51dca2d

Please sign in to comment.