RSA _equals($x, $y) uses count() instead of strlen()

Get help with using the PHP Secure Communications Library.

Moderator: Nuxius

Forum rules
The purpose of this forum is to provide support for phpseclib, a pure PHP SSH / SFTP / RSA library.

Posts by new users are held in a moderation queue and are not publicly visible until the post is approved.

RSA _equals($x, $y) uses count() instead of strlen()

Postby bantu » Tue Jun 05, 2012 10:55 am

Code: Select all
    /**
     * Performs blinded RSA equality testing
     *
     * Protects against a particular type of timing attack described.
     *
     * See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals)}
     *
     * Thanks for the heads up singpolyma!
     *
     * @access private
     * @param String $x
     * @param String $y
     * @return Boolean
     */
    function _equals($x, $y)
    {
        if (count($x) != count($y)) {
            return false;
        }

        $result = 0;
        for ($i = 0; $i < strlen($x); $i++) {
            $result |= $x[$i] ^ $y[$i];
        }

        return $result == 0;
    } 


It looks like the count() should actually be strlen() because count() on a string seems to be always int(1).
Code: Select all
afischer@leonard:~$ php -r "var_dump(count('foo'));"
int(1)
afischer@leonard:~$ php -r "var_dump(count(''));"
int(1)
afischer@leonard:~$ php -r "var_dump(count(false));"
int(1)


Patch: https://github.com/bantu/phpseclib/comm ... b8f9736d4b

This change is required in order to guard from notices generated by $y[$i].
bantu
Traveler
 
Posts: 14
Joined: Wed Nov 02, 2011 3:59 pm

Return to phpseclib support

Who is online

Users browsing this forum: No registered users and 1 guest

cron