From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1N7w5G-0002b8-Pu for mharc-grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:54 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N7w5E-0002aC-DA for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:52 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N7w59-0002Wp-C2 for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:52 -0500 Received: from [199.232.76.173] (port=37165 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N7w59-0002Wk-88 for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:47 -0500 Received: from mail-fx0-f225.google.com ([209.85.220.225]:51745) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1N7w58-0006jA-NV for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:47 -0500 Received: by fxm25 with SMTP id 25so361819fxm.26 for ; Tue, 10 Nov 2009 11:08:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=6BKdZzilZnPPHOUdjz2hnB3Krbjh5DE/znW7gXa/9iI=; b=giCBVpb5vquHrpGALoYbFQLm4NbNfAUdfo7kCp0kLm/Gy5DiFS6g6GVZSsqpArr9Bg +jyvcjrYRe+ljkg4Jo4eDsp7akK4D8pWR3VmQD6E6KBpCDVxdiWDc4rUvh2ymsCXYKla IU71OQ2VpsREiTX7lrndUNbbRDw17eqqjI1x0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type; b=m8gM5NDY2wz7S+3EhLWqtIM4ML2DdLnjT6xwavpwH44uF3KOb7plOzaQ9WMFNb1nh8 BzZDPw8mMeq5IccVtU7QIQCPtPIpmqX7POdE4PxPgbK+OKJoALcBCJXIInjWe9T97q5f bDoMkbyYnMrx7hbF69LUcjm5Lk43eXBw4b6PM= Received: by 10.204.150.66 with SMTP id x2mr505719bkv.9.1257880125219; Tue, 10 Nov 2009 11:08:45 -0800 (PST) Received: from debian.bg45.phnet (vpn-global-118-dhcp.ethz.ch [129.132.211.118]) by mx.google.com with ESMTPS id 31sm1543263fkt.10.2009.11.10.11.08.26 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 10 Nov 2009 11:08:44 -0800 (PST) Message-ID: <4AF9B93F.9010009@gmail.com> Date: Tue, 10 Nov 2009 20:04:31 +0100 From: Vladimir 'phcoder' Serbinenko User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20091109) MIME-Version: 1.0 To: The development of GNU GRUB References: <20091109010422.GA23417@thorin> <4AF885EE.7000709@duboucher.eu> <4AF88AEF.8010102@gmail.com> <4AF977DD.5090801@duboucher.eu> In-Reply-To: X-Enigmail-Version: 0.95.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig8BCF363A41B7B356D7553189" X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: Imminent bugfix release (1.97.1) X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2009 19:08:52 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig8BCF363A41B7B356D7553189 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Bean wrote: > On Tue, Nov 10, 2009 at 10:25 PM, Duboucher Thomas wrote: > =20 >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Bean a =C3=A9crit : >> =20 >>> Hi, >>> >>> Oh, I just come up with a better way to do this: >>> >>> typedef char grub_password_t[1024]; >>> >>> int >>> grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)= >>> { >>> char r1 =3D 0; >>> char r2 =3D 0; >>> char *p; >>> int i, c; >>> >>> p =3D &r1; >>> c =3D 0; >>> for (i =3D 0; i < sizeof (grub_password_t); i++, s1++, s2++) >>> { >>> *p | =3D (*s1 ^ *s2); >>> if ((int) *s1 =3D=3D c) >>> { >>> p =3D &r2; >>> c =3D 0x100; >>> } >>> } >>> >>> return (r1 !=3D 0); >>> } >>> >>> The condition (int) *s1 =3D=3D c would be true exactly once. >>> >>> =20 >> Well, it seems I lost something somewhere. I don't understand t= he need >> of doing it exactly sizeof (grub_password_t) times, except from having= a >> perfectly symetric function. IMHO, stopping the comparison when the >> input buffer is done reading, or when the maximum size of a passphrase= >> is reached does not leak any information to the attacker. So I would >> stick to >> >> typedef char grub_password_t[1024]; >> >> =20 With this change grub_auth_strcmp becomes a misnomer. I would prefer to call it grub_auth_memcmp then. I'll also look into which other free secure strcmp are available >> int >> auth_strcmp (const grub_password_t input, grub_password_t key) >> { >> int retval, it; >> >> for (it =3D retval =3D 0; it < PASSPHRASE_MAXSIZE; it++, input++, key= ++) >> { >> retval |=3D (*input !=3D *key); >> >> if (*input =3D=3D '\0') >> break; >> } >> >> return !retval; >> } >> >> Also, take care that it requires to check how the function is >> optimized; sometimes you have surprises ... ;) >> =20 > > Hi, > > My previous function ensures that execution time is the same > regardless of the input. Although it's not necessary, I guess it's a > nice feature to have. BTW, the simpler function does leak one > information, the size of buffer as the execution time would increase > until the buffer size is reached. > > > =20 --=20 Regards Vladimir 'phcoder' Serbinenko --------------enig8BCF363A41B7B356D7553189 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iF4EAREKAAYFAkr5uT8ACgkQNak7dOguQgmPvQD+Pu2XlzB+E6/onISJN/FbEv1j F46CsC1I2o9KWb0EYrwA/2BmC4ItpBA3WG3MTAd/aVfK5oCFltHJo0fUrY2OPFVd =AAI/ -----END PGP SIGNATURE----- --------------enig8BCF363A41B7B356D7553189--