[libsecret/wip/dueno/memcmp] secret-file-collection: Make MAC comparison constant time

[Daiki Ueno <dueno src gnome org>]

commit f28a7da4616b6caf1c4c346abc11035dea7c3572
Author: Daiki Ueno <dueno src gnome org>
Date:   Sun Oct 4 17:09:22 2020 +0200

    secret-file-collection: Make MAC comparison constant time

 libsecret/secret-file-collection.c | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)
---
diff --git a/libsecret/secret-file-collection.c b/libsecret/secret-file-collection.c
index a27cf04..4a73c80 100644
--- a/libsecret/secret-file-collection.c
+++ b/libsecret/secret-file-collection.c
@@ -130,6 +130,26 @@ do_calculate_mac (SecretFileCollection *self,
        return ret;
 }
 
+static gboolean
+do_verify_mac (SecretFileCollection *self,
+              const guint8 *value, gsize n_value,
+              const guint8 *data)
+{
+       guint8 buffer[MAC_SIZE];
+       guint8 status = 0;
+       gsize i;
+
+       if (!do_calculate_mac (self, value, n_value, buffer)) {
+               return FALSE;
+       }
+
+       for (i = 0; i < MAC_SIZE; i++) {
+               status |= data[i] ^ buffer[i];
+       }
+
+       return status == 0;
+}
+
 static gboolean
 do_decrypt (SecretFileCollection *self,
            guint8 *data,
@@ -497,12 +517,7 @@ hashed_attributes_match (SecretFileCollection *self,
                        return FALSE;
                }
 
-               if (!do_calculate_mac (self, value, strlen ((char *)value), buffer)) {
-                       g_variant_unref (hashed_attribute);
-                       return FALSE;
-               }
-
-               if (memcmp (data, buffer, MAC_SIZE) != 0) {
+               if (!do_verify_mac (self, value, strlen ((char *)value), data)) {
                        g_variant_unref (hashed_attribute);
                        return FALSE;
                }
@@ -693,7 +708,7 @@ _secret_file_item_decrypt (GVariant *encrypted,
        }
        n_padded -= IV_SIZE + MAC_SIZE;
 
-       if (!do_calculate_mac (collection, data, n_padded + IV_SIZE, mac)) {
+       if (!do_verify_mac (collection, data, n_padded + IV_SIZE, data + n_padded + IV_SIZE)) {
                egg_secure_free (data);
                g_set_error (error,
                             SECRET_ERROR,
@@ -702,15 +717,6 @@ _secret_file_item_decrypt (GVariant *encrypted,
                return FALSE;
        }
 
-       if (memcmp (data + n_padded + IV_SIZE, mac, MAC_SIZE) != 0) {
-               egg_secure_free (data);
-               g_set_error (error,
-                            SECRET_ERROR,
-                            SECRET_ERROR_PROTOCOL,
-                            "mac doesn't match");
-               return FALSE;
-       }
-
        if (!do_decrypt (collection, data, n_padded)) {
                egg_secure_free (data);
                g_set_error (error,