[CXX-657] Use constant-time hash comparison functions Created: 27/Aug/15  Updated: 06/Dec/15  Resolved: 16/Nov/15

Status: Closed
Project: C++ Driver
Component/s: None
Affects Version/s: None
Fix Version/s: legacy-1.1.0-rc0

Type: Improvement Priority: Major - P3
Reporter: Rathi Gnanasekaran Assignee: Andrew Morrow (Inactive)
Resolution: Done Votes: 0
Labels: legacy-cxx
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by DRIVERS-255 Use constant-time hash comparison fun... Closed
Epic Link: Legacy C++ Driver MongoDB 3.2

 Comments   
Comment by Githook User [ 06/Dec/15 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: CXX-657 Use constant time comparison for SCRAM1 signature comparisons

Cherry-picked from server commit
618a5ef908ac5787eb80166ada3914f4db7d3c37 for SERVER-21016
Branch: legacy
https://github.com/mongodb/mongo-cxx-driver/commit/d32226e2522c920cd37f455392142cd33e331e30

Comment by Andrew Morrow (Inactive) [ 16/Nov/15 ]

https://github.com/mongodb/mongo-cxx-driver/pull/375

Comment by Mark Benvenuto [ 19/Oct/15 ]

Here are the places to fix:

https://github.com/mongodb/mongo/blob/master/src/mongo/crypto/mechanism_scram.cpp#L225
https://github.com/mongodb/mongo-cxx-driver/blob/legacy/src/mongo/crypto/mechanism_scram.cpp#L210

I agree we need to make the change to the server first, and follow your backport plan. I want to use the same code as the C driver, and will follow up with legal.

My final proposed function will be something like this:

bool timingsafe_memequal(const char* a, const char* b, size_t length);

Comment by Mark Benvenuto [ 15/Oct/15 ]

This means write a function as such:

bool slow_equal( string a , string b) {
  if( a.len != b.len)
     return a.equal(a); // burn cpu
  else
     return a.equal(b);
}

The goal is to always walk the entire input for say parameter 1, and avoid short-circuit logic that hints when data is different. This can be a little tricky to write correctly, but worth doing.

Generated at Wed Feb 07 21:59:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.