diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-22 04:04:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-24 23:10:15 +0200 |
commit | 6ddb4753c62fd08f4da71a5d1bd4222de492a331 (patch) | |
tree | dcba7d7df5c810a4476fabdfb83e73a0205aba12 /src/tools/encoding.c | |
parent | config: do not reset device port (diff) | |
download | wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.tar.xz wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.zip |
tools: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Diffstat (limited to 'src/tools/encoding.c')
-rw-r--r-- | src/tools/encoding.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/tools/encoding.c b/src/tools/encoding.c index 389bbf7..3d5e94b 100644 --- a/src/tools/encoding.c +++ b/src/tools/encoding.c @@ -77,12 +77,12 @@ void key_to_hex(char hex[static WG_KEY_LEN_HEX], const uint8_t key[static WG_KEY bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex) { - uint8_t i, c, c_acc = 0, c_alpha0, c_alpha, c_num0, c_num, c_val, state = 0; + uint8_t c, c_acc = 0, c_alpha0, c_alpha, c_num0, c_num, c_val, state = 0; if (strlen(hex) != WG_KEY_LEN_HEX - 1) return false; - for (i = 0; i < WG_KEY_LEN_HEX - 1; ++i) { + for (unsigned int i = 0; i < WG_KEY_LEN_HEX - 1; ++i) { c = (uint8_t)hex[i]; c_num = c ^ 48U; c_num0 = (c_num - 10U) >> 8; @@ -99,3 +99,13 @@ bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex) } return true; } + +bool key_is_zero(const uint8_t key[static WG_KEY_LEN]) +{ + uint8_t acc = 0; + for (unsigned int i = 0; i < WG_KEY_LEN; ++i) { + acc |= key[i]; + __asm__ ("" : "=r" (acc) : "0" (acc)); + } + return acc == 0; +} |