xref: /minix3/lib/libc/string/consttime_memequal.3 (revision 0a6a1f1d05b60e214de2f05a7310ddd1f0e590e7) 
1*0a6a1f1dSLionel Sambuc.\"	$NetBSD: consttime_memequal.3,v 1.5 2015/03/23 07:41:16 apb Exp $
284d9c625SLionel Sambuc.\"
384d9c625SLionel Sambuc.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
484d9c625SLionel Sambuc.\" All rights reserved.
584d9c625SLionel Sambuc.\"
684d9c625SLionel Sambuc.\" This documentation is derived from text contributed to The NetBSD
784d9c625SLionel Sambuc.\" Foundation by Taylor R. Campbell.
884d9c625SLionel Sambuc.\"
984d9c625SLionel Sambuc.\" Redistribution and use in source and binary forms, with or without
1084d9c625SLionel Sambuc.\" modification, are permitted provided that the following conditions
1184d9c625SLionel Sambuc.\" are met:
1284d9c625SLionel Sambuc.\" 1. Redistributions of source code must retain the above copyright
1384d9c625SLionel Sambuc.\"    notice, this list of conditions and the following disclaimer.
1484d9c625SLionel Sambuc.\" 2. Redistributions in binary form must reproduce the above copyright
1584d9c625SLionel Sambuc.\"    notice, this list of conditions and the following disclaimer in the
1684d9c625SLionel Sambuc.\"    documentation and/or other materials provided with the distribution.
1784d9c625SLionel Sambuc.\"
1884d9c625SLionel Sambuc.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
1984d9c625SLionel Sambuc.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
2084d9c625SLionel Sambuc.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
2184d9c625SLionel Sambuc.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
2284d9c625SLionel Sambuc.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2384d9c625SLionel Sambuc.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2484d9c625SLionel Sambuc.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
2584d9c625SLionel Sambuc.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
2684d9c625SLionel Sambuc.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2784d9c625SLionel Sambuc.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2884d9c625SLionel Sambuc.\" POSSIBILITY OF SUCH DAMAGE.
2984d9c625SLionel Sambuc.\"
30*0a6a1f1dSLionel Sambuc.Dd March 23, 2015
3184d9c625SLionel Sambuc.Dt CONSTTIME_MEMEQUAL 3
3284d9c625SLionel Sambuc.Os
3384d9c625SLionel Sambuc.Sh NAME
3484d9c625SLionel Sambuc.Nm consttime_memequal
3584d9c625SLionel Sambuc.Nd compare byte strings for equality without timing leaks
3684d9c625SLionel Sambuc.Sh LIBRARY
3784d9c625SLionel Sambuc.Lb libc
3884d9c625SLionel Sambuc.Sh SYNOPSIS
3984d9c625SLionel Sambuc.In string.h
4084d9c625SLionel Sambuc.Ft int
4184d9c625SLionel Sambuc.Fn consttime_memequal "void *b1" "void *b2" "size_t len"
4284d9c625SLionel Sambuc.Sh DESCRIPTION
4384d9c625SLionel SambucThe
4484d9c625SLionel Sambuc.Fn consttime_memequal
4584d9c625SLionel Sambucfunction compares
4684d9c625SLionel Sambuc.Fa len
4784d9c625SLionel Sambucbytes of memory at
4884d9c625SLionel Sambuc.Fa b1
4984d9c625SLionel Sambucand
5084d9c625SLionel Sambuc.Fa b2
51*0a6a1f1dSLionel Sambucfor equality, returning 0 if they are distinct and 1 if they are
52*0a6a1f1dSLionel Sambucidentical.
5384d9c625SLionel Sambuc.Pp
5484d9c625SLionel SambucThe time taken by
5584d9c625SLionel Sambuc.Fn consttime_memequal
5684d9c625SLionel Sambucdepends on
5784d9c625SLionel Sambuc.Fa len ,
5884d9c625SLionel Sambucbut not on the data at
5984d9c625SLionel Sambuc.Fa b1
6084d9c625SLionel Sambucor
6184d9c625SLionel Sambuc.Fa b2 .
6284d9c625SLionel SambucThus,
6384d9c625SLionel Sambuc.Fn consttime_memequal
6484d9c625SLionel Sambucis appropriate for comparing cryptographic secrets, hashes, message
6584d9c625SLionel Sambucauthentication codes, etc., without leaking information about them
6684d9c625SLionel Sambucthrough a timing side channel.
6784d9c625SLionel SambucIn crypto literature,
6884d9c625SLionel Sambuc.Fn consttime_memequal
6984d9c625SLionel Sambucis said to take
7084d9c625SLionel Sambuc.Sq constant time ,
7184d9c625SLionel Sambucmeaning time that does not vary depending on the data it processes.
7284d9c625SLionel Sambuc.Pp
7384d9c625SLionel SambucNote that unlike
7484d9c625SLionel Sambuc.Xr memcmp 3 ,
7584d9c625SLionel Sambuc.Fn consttime_memequal
7684d9c625SLionel Sambucdoes not return a lexicographic ordering on the data at
7784d9c625SLionel Sambuc.Fa b1
7884d9c625SLionel Sambucand
7984d9c625SLionel Sambuc.Fa b2 ;
8084d9c625SLionel Sambucit tells only whether they are equal.
81*0a6a1f1dSLionel Sambuc.Nx
82*0a6a1f1dSLionel Sambucdoes not provide a
83*0a6a1f1dSLionel Sambuc.Fn consttime_memcmp
84*0a6a1f1dSLionel Sambucfunction, because all known use cases that require
85*0a6a1f1dSLionel Sambuc.Sq constant time
86*0a6a1f1dSLionel Sambucmemory comparison also require only comparison for equality,
87*0a6a1f1dSLionel Sambucnot lexicographic ordering.
8884d9c625SLionel Sambuc.Sh SEE ALSO
8984d9c625SLionel Sambuc.Xr explicit_memset 3 ,
9084d9c625SLionel Sambuc.Xr memcmp 3
9184d9c625SLionel Sambuc.Sh HISTORY
9284d9c625SLionel SambucThe
9384d9c625SLionel Sambuc.Fn consttime_memequal
9484d9c625SLionel Sambucfunction appeared in
9584d9c625SLionel Sambuc.Nx 7.0 .
96