Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redundant length check in secure_cmp #92

Closed
jorickert opened this issue Sep 3, 2019 · 2 comments
Closed

Redundant length check in secure_cmp #92

jorickert opened this issue Sep 3, 2019 · 2 comments
Labels
improvement General improvements to code

Comments

@jorickert
Copy link
Contributor

Why does this function return a Result instead of a simple bool?
I'm not even sure if Result is usable if you want a cost-time execution.
The check for the same length is also not necessary, subtle does this already.

https://github.com/brycx/orion/blob/a6efb6f9094c71a17a9ce07fb8e288d5bd808dd2/src/util/mod.rs#L97
@brycx
Copy link
Member

brycx commented Sep 3, 2019

Why does this function return a Result instead of a simple bool?

Returning a Result makes it easier to propagate a failed verification in other functions which also return a Result. So we avoid adding extra if-else statements. Though I admit returning a bool only if the verification succeeded may be redundant, since you could also use .is_ok()/.is_err() and have Result<(), UknownCryptoError>. I haven't tested whether that executes in constant-time.

I'm not even sure if Result is usable if you want a cost-time execution.

AFAIK Result only impacts constant-time execution when run with opt-level = 0. In the orion-dudect repository, secure_cmp is tested for constant-time execution. If you're interested, I have a write-up that outlines how I've tested the secure_cmp function in the past.

The check for the same length is also not necessary, subtle does this already.

The length check is indeed redundant and should be removed. Nice spot!

@brycx brycx added the improvement General improvements to code label Sep 3, 2019
@brycx brycx changed the title Result usage in secure_cmp Redundant length check in secure_cmp Sep 3, 2019
@jorickert jorickert mentioned this issue Sep 4, 2019
Merged
@brycx
Copy link
Member

brycx commented Sep 4, 2019

Fixed in #93.

@brycx brycx closed this as completed Sep 4, 2019
@brycx brycx mentioned this issue Sep 9, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement General improvements to code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jorickert @brycx