Imported Upstream version 1.4upstream/1.4

author: Tianon Gravi <admwiggin@gmail.com> 2015-01-15 11:54:00 -0700
committer: Tianon Gravi <admwiggin@gmail.com> 2015-01-15 11:54:00 -0700
commit: f154da9e12608589e8d5f0508f908a0c3e88a1bb (patch)
tree: f8255d51e10c6f1e0ed69702200b966c9556a431 /src/crypto/subtle
parent: 8d8329ed5dfb9622c82a9fbec6fd99a580f9c9f6 (diff)
download: golang-upstream/1.4.tar.gz
2 files changed, 200 insertions, 0 deletions
diff --git a/src/crypto/subtle/constant_time.go b/src/crypto/subtle/constant_time.go
new file mode 100644
index 000000000..6f80e7c58
--- /dev/null
+++ b/src/crypto/subtle/constant_time.go
@@ -0,0 +1,73 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package subtle implements functions that are often useful in cryptographic
+// code but require careful thought to use correctly.
+package subtle
+
+// ConstantTimeCompare returns 1 iff the two slices, x
+// and y, have equal contents. The time taken is a function of the length of
+// the slices and is independent of the contents.
+func ConstantTimeCompare(x, y []byte) int {
+	if len(x) != len(y) {
+		return 0
+	}
+
+	var v byte
+
+	for i := 0; i < len(x); i++ {
+		v |= x[i] ^ y[i]
+	}
+
+	return ConstantTimeByteEq(v, 0)
+}
+
+// ConstantTimeSelect returns x if v is 1 and y if v is 0.
+// Its behavior is undefined if v takes any other value.
+func ConstantTimeSelect(v, x, y int) int { return ^(v-1)&x | (v-1)&y }
+
+// ConstantTimeByteEq returns 1 if x == y and 0 otherwise.
+func ConstantTimeByteEq(x, y uint8) int {
+	z := ^(x ^ y)
+	z &= z >> 4
+	z &= z >> 2
+	z &= z >> 1
+
+	return int(z)
+}
+
+// ConstantTimeEq returns 1 if x == y and 0 otherwise.
+func ConstantTimeEq(x, y int32) int {
+	z := ^(x ^ y)
+	z &= z >> 16
+	z &= z >> 8
+	z &= z >> 4
+	z &= z >> 2
+	z &= z >> 1
+
+	return int(z & 1)
+}
+
+// ConstantTimeCopy copies the contents of y into x (a slice of equal length)
+// if v == 1. If v == 0, x is left unchanged. Its behavior is undefined if v
+// takes any other value.
+func ConstantTimeCopy(v int, x, y []byte) {
+	if len(x) != len(y) {
+		panic("subtle: slices have different lengths")
+	}
+
+	xmask := byte(v - 1)
+	ymask := byte(^(v - 1))
+	for i := 0; i < len(x); i++ {
+		x[i] = x[i]&xmask | y[i]&ymask
+	}
+}
+
+// ConstantTimeLessOrEq returns 1 if x <= y and 0 otherwise.
+// Its behavior is undefined if x or y are negative or > 2**31 - 1.
+func ConstantTimeLessOrEq(x, y int) int {
+	x32 := int32(x)
+	y32 := int32(y)
+	return int(((x32 - y32 - 1) >> 31) & 1)
+}
diff --git a/src/crypto/subtle/constant_time_test.go b/src/crypto/subtle/constant_time_test.go
new file mode 100644
index 000000000..619a45444
--- /dev/null
+++ b/src/crypto/subtle/constant_time_test.go
@@ -0,0 +1,127 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package subtle
+
+import (
+	"testing"
+	"testing/quick"
+)
+
+type TestConstantTimeCompareStruct struct {
+	a, b []byte
+	out  int
+}
+
+var testConstantTimeCompareData = []TestConstantTimeCompareStruct{
+	{[]byte{}, []byte{}, 1},
+	{[]byte{0x11}, []byte{0x11}, 1},
+	{[]byte{0x12}, []byte{0x11}, 0},
+	{[]byte{0x11}, []byte{0x11, 0x12}, 0},
+	{[]byte{0x11, 0x12}, []byte{0x11}, 0},
+}
+
+func TestConstantTimeCompare(t *testing.T) {
+	for i, test := range testConstantTimeCompareData {
+		if r := ConstantTimeCompare(test.a, test.b); r != test.out {
+			t.Errorf("#%d bad result (got %x, want %x)", i, r, test.out)
+		}
+	}
+}
+
+type TestConstantTimeByteEqStruct struct {
+	a, b uint8
+	out  int
+}
+
+var testConstandTimeByteEqData = []TestConstantTimeByteEqStruct{
+	{0, 0, 1},
+	{0, 1, 0},
+	{1, 0, 0},
+	{0xff, 0xff, 1},
+	{0xff, 0xfe, 0},
+}
+
+func byteEq(a, b uint8) int {
+	if a == b {
+		return 1
+	}
+	return 0
+}
+
+func TestConstantTimeByteEq(t *testing.T) {
+	for i, test := range testConstandTimeByteEqData {
+		if r := ConstantTimeByteEq(test.a, test.b); r != test.out {
+			t.Errorf("#%d bad result (got %x, want %x)", i, r, test.out)
+		}
+	}
+	err := quick.CheckEqual(ConstantTimeByteEq, byteEq, nil)
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func eq(a, b int32) int {
+	if a == b {
+		return 1
+	}
+	return 0
+}
+
+func TestConstantTimeEq(t *testing.T) {
+	err := quick.CheckEqual(ConstantTimeEq, eq, nil)
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func makeCopy(v int, x, y []byte) []byte {
+	if len(x) > len(y) {
+		x = x[0:len(y)]
+	} else {
+		y = y[0:len(x)]
+	}
+	if v == 1 {
+		copy(x, y)
+	}
+	return x
+}
+
+func constantTimeCopyWrapper(v int, x, y []byte) []byte {
+	if len(x) > len(y) {
+		x = x[0:len(y)]
+	} else {
+		y = y[0:len(x)]
+	}
+	v &= 1
+	ConstantTimeCopy(v, x, y)
+	return x
+}
+
+func TestConstantTimeCopy(t *testing.T) {
+	err := quick.CheckEqual(constantTimeCopyWrapper, makeCopy, nil)
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+var lessOrEqTests = []struct {
+	x, y, result int
+}{
+	{0, 0, 1},
+	{1, 0, 0},
+	{0, 1, 1},
+	{10, 20, 1},
+	{20, 10, 0},
+	{10, 10, 1},
+}
+
+func TestConstantTimeLessOrEq(t *testing.T) {
+	for i, test := range lessOrEqTests {
+		result := ConstantTimeLessOrEq(test.x, test.y)
+		if result != test.result {
+			t.Errorf("#%d: %d <= %d gave %d, expected %d", i, test.x, test.y, result, test.result)
+		}
+	}
+}
author	Tianon Gravi <admwiggin@gmail.com>	2015-01-15 11:54:00 -0700
committer	Tianon Gravi <admwiggin@gmail.com>	2015-01-15 11:54:00 -0700
commit	f154da9e12608589e8d5f0508f908a0c3e88a1bb (patch)
tree	f8255d51e10c6f1e0ed69702200b966c9556a431 /src/crypto/subtle
parent	8d8329ed5dfb9622c82a9fbec6fd99a580f9c9f6 (diff)
download	golang-upstream/1.4.tar.gz