Closed claucece closed 5 years ago
The more important point is that that comparison is not constant time. That could be a problem. When you say it's used everywhere - I can't find anywhere else - any pointers?
This is done here:
src/client_profile.c
548: if (memcmp(client_profile->signature, zero_buffer, ED448_SIGNATURE_BYTES) ==
src/prekey_profile.c
353: if (memcmp(profile->signature, zero_buffer, ED448_SIGNATURE_BYTES) == 0) {
src/ed448.c
198: if (memcmp(shared_secret, zero_buffer, ED448_POINT_BYTES) == 0) {
src/key_management.c
965: if (!(memcmp(tmp_receiving_ratchet->chain_r, zero_buffer, CHAIN_KEY_BYTES) == 0
Hmm OK. I actually don't think it's a problem. I'll take away the comment and close this issue.
After thinking about it, it's actually a problem. I created a small helper function to do this instead. It's fixed now.
This is used everywhere: