diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-22 04:04:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-24 23:10:15 +0200 |
commit | 9ef84af8c0bc31d1e56d0a66a9ed909c1edfdd5d (patch) | |
tree | 3dd4bd5755c51637e5852cd7f5addce5fd1f94dc /src/encoding.c | |
parent | contrib: add sticky sockets example code (diff) | |
download | wireguard-tools-9ef84af8c0bc31d1e56d0a66a9ed909c1edfdd5d.tar.xz wireguard-tools-9ef84af8c0bc31d1e56d0a66a9ed909c1edfdd5d.zip |
wg: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/encoding.c')
-rw-r--r-- | src/encoding.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/encoding.c b/src/encoding.c index 389bbf7..3d5e94b 100644 --- a/src/encoding.c +++ b/src/encoding.c @@ -77,12 +77,12 @@ void key_to_hex(char hex[static WG_KEY_LEN_HEX], const uint8_t key[static WG_KEY bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex) { - uint8_t i, c, c_acc = 0, c_alpha0, c_alpha, c_num0, c_num, c_val, state = 0; + uint8_t c, c_acc = 0, c_alpha0, c_alpha, c_num0, c_num, c_val, state = 0; if (strlen(hex) != WG_KEY_LEN_HEX - 1) return false; - for (i = 0; i < WG_KEY_LEN_HEX - 1; ++i) { + for (unsigned int i = 0; i < WG_KEY_LEN_HEX - 1; ++i) { c = (uint8_t)hex[i]; c_num = c ^ 48U; c_num0 = (c_num - 10U) >> 8; @@ -99,3 +99,13 @@ bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex) } return true; } + +bool key_is_zero(const uint8_t key[static WG_KEY_LEN]) +{ + uint8_t acc = 0; + for (unsigned int i = 0; i < WG_KEY_LEN; ++i) { + acc |= key[i]; + __asm__ ("" : "=r" (acc) : "0" (acc)); + } + return acc == 0; +} |