From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1N7s07-0005sS-EX
	for mharc-grub-devel@gnu.org; Tue, 10 Nov 2009 09:47:19 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N7s01-0005qH-1Z
	for grub-devel@gnu.org; Tue, 10 Nov 2009 09:47:13 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N7rzw-0005nc-0p
	for grub-devel@gnu.org; Tue, 10 Nov 2009 09:47:12 -0500
Received: from [199.232.76.173] (port=57344 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N7rzv-0005my-7u
	for grub-devel@gnu.org; Tue, 10 Nov 2009 09:47:07 -0500
Received: from mail-pw0-f47.google.com ([209.85.160.47]:43150)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <bean123ch@gmail.com>) id 1N7rzu-0001fC-HO
	for grub-devel@gnu.org; Tue, 10 Nov 2009 09:47:06 -0500
Received: by pwi9 with SMTP id 9so47253pwi.26
	for <grub-devel@gnu.org>; Tue, 10 Nov 2009 06:47:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=Nr3H+Jdu0ST2rhOyQkCBw4XbGdui8ANXMDzsLz2soVA=;
	b=F4wLh4MVUmdZ4JhobgzztNCNSB2Zcfa2tGFCDPFXCi5SiIOmB4VQM8d8GezlpzjnQp
	ZFu+lQIbfNSsTZeMSOKizEAjLHhZBTuUZkkfPtV4aGhj1Tywh92ja2qcDR7HG2F6nR0K
	IvTnfKSsnBUnTdBlvNSXYlFVOaBCPz/MIF2u4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type:content-transfer-encoding;
	b=tDe+EJe4A2OdML2UQ7zw7/sQdWbCeEXfpxb1FRv2Rs1G8TbJeE8du5IVuG91gdpx/s
	C2e55k5PJXr4ox7E0El33OmmgX/ksNnLR6WjgCVAIW+NHbHoECJHBWRF0nfOqh3SkI+5
	XKCR0ZVCKmmoCFWfhabd+a6KbKOJhbKAvx0aQ=
MIME-Version: 1.0
Received: by 10.141.23.5 with SMTP id a5mr9418rvj.108.1257864425642; Tue, 10 
	Nov 2009 06:47:05 -0800 (PST)
In-Reply-To: <4AF977DD.5090801@duboucher.eu>
References: <20091109010422.GA23417@thorin> <4AF885EE.7000709@duboucher.eu>
	<4AF88AEF.8010102@gmail.com>
	<ca0f59980911092139j243ea3a0r84981345010051cf@mail.gmail.com>
	<ca0f59980911100028g696e1067n4a16f24d03e10d05@mail.gmail.com>
	<ca0f59980911100046s39ca6a90ta69c686f2466d444@mail.gmail.com>
	<ca0f59980911100052l366af89eje38b4fd86ad7febd@mail.gmail.com>
	<ca0f59980911100105tc4f2acau4ef52f62600230d@mail.gmail.com>
	<ca0f59980911100437w7b6f8bcdi5519bf199496be7d@mail.gmail.com>
	<4AF977DD.5090801@duboucher.eu>
Date: Tue, 10 Nov 2009 22:47:05 +0800
Message-ID: <ca0f59980911100647l5349f861g28bcc4d1df864948@mail.gmail.com>
From: Bean <bean123ch@gmail.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: Imminent bugfix release (1.97.1)
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 14:47:13 -0000

On Tue, Nov 10, 2009 at 10:25 PM, Duboucher Thomas <thomas@duboucher.eu> wr=
ote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bean a =E9crit :
>> Hi,
>>
>> Oh, I just come up with a better way to do this:
>>
>> typedef char grub_password_t[1024];
>>
>> int
>> grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)
>> {
>> =A0char r1 =3D 0;
>> =A0char r2 =3D 0;
>> =A0char *p;
>> =A0int i, c;
>>
>> =A0p =3D &r1;
>> =A0c =3D 0;
>> =A0for (i =3D 0; i < sizeof (grub_password_t); i++, s1++, s2++)
>> =A0 =A0{
>> =A0 =A0 =A0*p | =3D (*s1 ^ *s2);
>> =A0 =A0 =A0if ((int) *s1 =3D=3D c)
>> =A0 =A0 =A0 =A0{
>> =A0 =A0 =A0 =A0p =3D &r2;
>> =A0 =A0 =A0 =A0c =3D 0x100;
>> =A0 =A0 =A0 =A0}
>> =A0 =A0}
>>
>> =A0return (r1 !=3D 0);
>> }
>>
>> The condition (int) *s1 =3D=3D c would be true exactly once.
>>
>
> =A0 =A0 =A0 =A0Well, it seems I lost something somewhere. I don't underst=
and the need
> of doing it exactly sizeof (grub_password_t) times, except from having a
> perfectly symetric function. IMHO, stopping the comparison when the
> input buffer is done reading, or when the maximum size of a passphrase
> is reached does not leak any information to the attacker. So I would
> stick to
>
> typedef char grub_password_t[1024];
>
> int
> auth_strcmp (const grub_password_t input, grub_password_t key)
> {
> =A0int retval, it;
>
> =A0for (it =3D retval =3D 0; it < PASSPHRASE_MAXSIZE; it++, input++, key+=
+)
> =A0{
> =A0 =A0retval |=3D (*input !=3D *key);
>
> =A0 =A0if (*input =3D=3D '\0')
> =A0 =A0 =A0break;
> =A0}
>
> =A0return !retval;
> }
>
> =A0 =A0 =A0 =A0Also, take care that it requires to check how the function=
 is
> optimized; sometimes you have surprises ... ;)

Hi,

My previous function ensures that execution time is the same
regardless of the input. Although it's not necessary, I guess it's a
nice feature to have. BTW, the simpler function does leak one
information, the size of buffer as the execution time would increase
until the buffer size is reached.


--=20
Bean

My repository: https://launchpad.net/burg
Document: https://help.ubuntu.com/community/Burg