com.yahoo.security.SideChannelSafe

public class SideChannelSafe extends Object

Utility functions for comparing the contents of arrays without leaking information about the data contained within them via timing side-channels. This is done by avoiding any branches that depend on the array elements themselves. This inherently means that all operations have both an upper and a lower bound in processing time that is O(n) for an array of size n, as there can be no early exits.

Author:: vekterli

Constructor Summary

Constructors

Constructor

Description

SideChannelSafe()
Method Summary

Modifier and Type

Method

Description

static boolean

allZeros(byte[] buf)

static boolean

arraysEqual(byte[] lhs, byte[] rhs)

Compare two byte arrays without the use of data-dependent branching that may leak information about the contents of either of the arrays.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- SideChannelSafe
  
  public SideChannelSafe()
Method Details
- allZeros
  
  public static boolean allZeros(byte[] buf)
  
  Returns:
  
  true iff all bytes in the array are zero. An empty array always returns true to be in line with BouncyCastle semantics.
- arraysEqual
  
  public static boolean arraysEqual(byte[] lhs, byte[] rhs)
  
  Compare two byte arrays without the use of data-dependent branching that may leak information about the contents of either of the arrays. Important: the length of the arrays is not considered secret, and may be leaked if arrays of differing sizes are given.
  
  Parameters:
  
  lhs - first array of bytes to compare
  
  rhs - second array of bytes to compare
  
  Returns:
  
  true iff both arrays have the same size and are element-wise identical

Class SideChannelSafe

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

SideChannelSafe

Method Details

allZeros

arraysEqual