Move timingSafeStrcmp to main

2024-11-23 21:50:09 +00:00 · 2024-11-16 19:16:49 -08:00 · 2024-11-16 19:16:49 -08:00 · 234ec46f36
commit 234ec46f36
parent 4d0553e9ef
3 changed files with 14 additions and 10 deletions
--- a/src/core/CNStructs.hpp
+++ b/src/core/CNStructs.hpp
@ -49,6 +49,7 @@ std::string U16toU8(char16_t* src, size_t max);
 size_t U8toU16(std::string src, char16_t* des, size_t max); // returns number of char16_t that was written at des
 time_t getTime();
 time_t getTimestamp();
+int timingSafeStrcmp(const char* a, const char* b);
 void terminate(int);

 // The PROTOCOL_VERSION definition can be defined by the build system.
--- a/src/db/login.cpp
+++ b/src/db/login.cpp
@ -1,17 +1,9 @@
+#include "core/CNStructs.hpp"
+
 #include "db/internal.hpp"

 #include "bcrypt/BCrypt.hpp"

-static int timingSafeStrcmp(const char* a, const char* b) {
-    int diff = 0;
-    while (*a && *b) {
-        diff |= *a++ ^ *b++;
-    }
-    diff |= *a;
-    diff |= *b;
-    return diff;
-}
-
 void Database::findAccount(Account* account, std::string login) {
    std::lock_guard<std::mutex> lock(dbCrit);

--- a/src/main.cpp
+++ b/src/main.cpp
@ -222,6 +222,17 @@ time_t getTimestamp() {
    return (time_t)value.count();
 }

+// timing safe strcmp implementation for e.g. cookie validation
+int timingSafeStrcmp(const char* a, const char* b) {
+    int diff = 0;
+    while (*a && *b) {
+        diff |= *a++ ^ *b++;
+    }
+    diff |= *a;
+    diff |= *b;
+    return diff;
+}
+
 // convert integer timestamp (in s) to FF systime struct
 sSYSTEMTIME timeStampToStruct(uint64_t time) {