From 481894279a86064ddfb1afddeae944f2e4bffb77 Mon Sep 17 00:00:00 2001
From: bptato <nincsnevem662@gmail.com>
Date: Tue, 2 Apr 2024 17:09:15 +0200
Subject: loader: constant time key comparison

GCC seems to generate something that strongly resembles a constant time
comparison, so I guess this should be good enough.
---
 src/loader/loader.nim | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/loader/loader.nim b/src/loader/loader.nim
index 9f64b440..37da64cb 100644
--- a/src/loader/loader.nim
+++ b/src/loader/loader.nim
@@ -613,6 +613,18 @@ proc resume(ctx: LoaderContext; stream: SocketStream; client: ClientData;
       output.registered = true
       ctx.selector.registerHandle(output.ostream.fd, {Write}, 0)
 
+proc equalsConstantTime(a, b: ClientKey): bool =
+  static:
+    doAssert a.len == b.len
+  {.push boundChecks:off, overflowChecks:off.}
+  var i {.volatile.} = 0
+  var res {.volatile.} = 0u8
+  while i < a.len:
+    res = res or (a[i] xor b[i])
+    inc i
+  {.pop.}
+  return res == 0
+
 proc acceptConnection(ctx: LoaderContext) =
   let stream = ctx.ssock.acceptSocketStream()
   try:
@@ -626,7 +638,7 @@ proc acceptConnection(ctx: LoaderContext) =
         stream.sclose()
         return
       let client = ctx.clientData[myPid]
-      if client.key != key:
+      if not client.key.equalsConstantTime(key):
         # ditto
         stream.sclose()
         return
-- 
cgit 1.4.1-2-gfad0