Implement equal_const_time/2 as nif

lib/crypto/c_src/Makefile.in

@@ -98,6 +98,7 @@ CRYPTO_OBJS = $(OBJDIR)/crypto$(TYPEMARKER).o \
 	$(OBJDIR)/pkey$(TYPEMARKER).o \
 	$(OBJDIR)/rand$(TYPEMARKER).o \
 	$(OBJDIR)/rsa$(TYPEMARKER).o \
+	$(OBJDIR)/str$(TYPEMARKER).o \
 	$(OBJDIR)/srp$(TYPEMARKER).o
 CALLBACK_OBJS = $(OBJDIR)/crypto_callback$(TYPEMARKER).o
 NIF_MAKEFILE = $(PRIVDIR)/Makefile

lib/crypto/c_src/crypto.c

@@ -49,6 +49,7 @@
 #include "rand.h"
 #include "rsa.h"
 #include "srp.h"
+#include "str.h"
 
 /* NIF interface declarations */
 static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info);
@@ -89,6 +90,7 @@ static ErlNifFunc nif_funcs[] = {
     {"strong_rand_range_nif", 1, strong_rand_range_nif, 0},
     {"rand_uniform_nif", 2, rand_uniform_nif, 0},
     {"mod_exp_nif", 4, mod_exp_nif, 0},
+    {"do_equal_const_time", 2, do_equal_const_time, 0},
     {"do_exor", 2, do_exor, 0},
     {"pkey_sign_nif", 5, pkey_sign_nif, 0},
     {"pkey_verify_nif", 6, pkey_verify_nif, 0},

lib/crypto/c_src/str.c

@@ -0,0 +1,50 @@
+/*
+ * %CopyrightBegin%
+ *
+ * Copyright Ericsson AB 2010-2020. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * %CopyrightEnd%
+ */
+
+#include "str.h"
+
+ERL_NIF_TERM do_equal_const_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+
+    ErlNifBinary s1, s2;
+
+    ASSERT(argc == 2);
+
+    if (!enif_inspect_binary(env, argv[0], &s1)) 
+        goto bad_arg;
+    if (!enif_inspect_binary(env, argv[1], &s2))
+        goto bad_arg;
+
+    if (s1.size != s2.size)
+      goto nomatch;
+
+    if (CRYPTO_memcmp(s1.data, s2.data, s1.size) == 0)
+        goto match;
+
+    goto nomatch;
+
+ match: 
+    return  enif_make_atom(env,"true");
+ nomatch: 
+     return  enif_make_atom(env,"false");
+ bad_arg:
+    return enif_make_badarg(env);
+}
+

lib/crypto/c_src/str.h

@@ -0,0 +1,29 @@
+/*
+ * %CopyrightBegin%
+ *
+ * Copyright Ericsson AB 2010-2020. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * %CopyrightEnd%
+ */
+
+
+#ifndef E_STR_H__
+#define E_STR_H__ 1
+
+#include "common.h"
+
+ERL_NIF_TERM do_equal_const_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+
+#endif /* E_STR_H__ */

lib/crypto/src/crypto.erl

@@ -774,19 +774,12 @@ enable_fips_mode_nif(_) -> ?nif_stub.
 %%%
 %%%================================================================
 
-%%% Candidate for a NIF
+equal_const_time(X1, X2) when is_binary(X1) andalso is_binary(X2) ->
+    do_equal_const_time(X1, X2);
 
 equal_const_time(X1, X2) ->
     equal_const_time(X1, X2, true).
 
-
-equal_const_time(<<B1,R1/binary>>, <<B2,R2/binary>>, Truth) ->
-    equal_const_time(R1, R2, Truth and (B1 == B2));
-equal_const_time(<<_,R1/binary>>, <<>>, Truth) ->
-    equal_const_time(R1, <<>>, Truth and false);
-equal_const_time(<<>>, <<>>, Truth) ->
-    Truth;
-
 equal_const_time([H1|T1], [H2|T2], Truth) ->
     equal_const_time(T1, T2, Truth and (H1 == H2));
 equal_const_time([_|T1], [], Truth) ->
@@ -797,6 +790,8 @@ equal_const_time([], [], Truth) ->
 equal_const_time(_, _, _) ->
     false.
 
+do_equal_const_time(_X1, _X2) -> ?nif_stub.
+
 %%%================================================================
 %%%
 %%% Hashing

lib/crypto/test/crypto_SUITE.erl

@@ -67,6 +67,8 @@
          compute/1,
          compute_bug/0,
          compute_bug/1,
+         equal_const_time/0,
+         equal_const_time/1,
          exor/0,
          exor/1,
          generate/0,
@@ -218,6 +220,7 @@ all() ->
      {group, non_fips},
      cipher_padding,
      mod_pow,
+     equal_const_time,
      exor,
      rand_uniform,
      rand_threads,
@@ -1228,6 +1231,24 @@ mod_pow() ->
 mod_pow(Config) when is_list(Config) ->
     mod_pow_aux_test(2, 5, 10, 8).
 %%--------------------------------------------------------------------
+equal_const_time() ->
+    [{doc, "Test equal_const_time"}].
+equal_const_time(Config) when is_list(Config) ->
+    true  = crypto:equal_const_time(<<"">>, <<"">>),
+    true  = crypto:equal_const_time(<<"good">>, <<"good">>),
+
+    false  = crypto:equal_const_time(<<"good">>, <<"good1">>),
+    false = crypto:equal_const_time(<<"good">>, <<"bad">>),
+    false = crypto:equal_const_time(<<"eh?">>, <<"abcdefg">>),
+
+    true  = crypto:equal_const_time("", ""),
+    true  = crypto:equal_const_time("good", "good"),
+
+    false = crypto:equal_const_time("good", "bad"),
+    false = crypto:equal_const_time("good", "bad1"),
+    false = crypto:equal_const_time("eh?", "abcdefg"),
+    ok.
+%%--------------------------------------------------------------------
 exor() ->
     [{doc, "Test the exor function"}].
 exor(Config) when is_list(Config) ->