consttime_memequal 1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: de7388eb1294d6b13fe781c4ab9ac3b5b25cb240
+  data.tar.gz: db1d1daa241d255fc4338a37d1c087f26fba125a
+SHA512:
+  metadata.gz: b61060e7f2f889eec00aa0d9f65f59b8c33349db6ab5f21ba64072570be9222ed59433919ffd091e1762c93162da25d5ba446f053d041184eca2cb4705b4a99a
+  data.tar.gz: '079833b63df4252ef342fb764ae9708fecd4af253cb278658058739d0ead927cc84e0d9b8e2ea79d9c9dc397c73853af427b033440aedc8f85ac7681baf88cf6'

data/.gitignore

@@ -0,0 +1,32 @@
+# Copyright (c) 2018 Urabe, Shyouhei
+#
+# Permission is hereby granted, free of  charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction,  including without limitation the rights
+# to use,  copy, modify,  merge, publish,  distribute, sublicense,  and/or sell
+# copies  of the  Software,  and to  permit  persons to  whom  the Software  is
+# furnished to do so, subject to the following conditions:
+#
+#       The above copyright notice and this permission notice shall be
+#       included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE  IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY  KIND, EXPRESS OR
+# IMPLIED,  INCLUDING BUT  NOT LIMITED  TO THE  WARRANTIES OF  MERCHANTABILITY,
+# FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO  EVENT SHALL THE
+# AUTHORS  OR COPYRIGHT  HOLDERS  BE LIABLE  FOR ANY  CLAIM,  DAMAGES OR  OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+*.bundle
+.DS_Store
+/.byebug_history
+/.ruby-version
+/.yardoc/
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/tmp/
+/vendor/
+Gemfile.lock

data/Gemfile

@@ -0,0 +1,28 @@
+#! /your/favourite/path/to/bundler
+# -*- mode: ruby; coding: utf-8; indent-tabs-mode: nil; ruby-indent-level: 2 -*-
+# -*- frozen_string_literal: true -*-
+# -*- warn_indent: true -*-
+
+# Copyright (c) 2018 Urabe, Shyouhei
+#
+# Permission is hereby granted, free of  charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction,  including without limitation the rights
+# to use,  copy, modify,  merge, publish,  distribute, sublicense,  and/or sell
+# copies  of the  Software,  and to  permit  persons to  whom  the Software  is
+# furnished to do so, subject to the following conditions:
+#
+#       The above copyright notice and this permission notice shall be
+#       included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE  IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY  KIND, EXPRESS OR
+# IMPLIED,  INCLUDING BUT  NOT LIMITED  TO THE  WARRANTIES OF  MERCHANTABILITY,
+# FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO  EVENT SHALL THE
+# AUTHORS  OR COPYRIGHT  HOLDERS  BE LIABLE  FOR ANY  CLAIM,  DAMAGES OR  OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+source 'https://rubygems.org'
+gemspec
+gem 'openssl'

data/LICENSE.txt

@@ -0,0 +1,19 @@
+Copyright (c) 2018 Urabe, Shyouhei
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and  associated documentation files (the "Software"),  to deal in
+the Software  without restriction, including  without limitation the  rights to
+use, copy, modify,  merge, publish, distribute, sublicense,  and/or sell copies
+of the Software, and to permit persons  to whom the Software is furnished to do
+so, subject to the following conditions:
+
+	The above copyright notice and this permission notice shall be
+	included in all copies or substantial portions of the Software.
+
+THE SOFTWARE  IS PROVIDED  "AS IS",  WITHOUT WARRANTY OF  ANY KIND,  EXPRESS OR
+IMPLIED,  INCLUDING  BUT NOT  LIMITED  TO  THE WARRANTIES  OF  MERCHANTABILITY,
+FITNESS FOR  A PARTICULAR PURPOSE  AND NONINFRINGEMENT.  IN NO EVENT  SHALL THE
+AUTHORS  OR  COPYRIGHT HOLDERS  BE  LIABLE  FOR  ANY  CLAIM, DAMAGES  OR  OTHER
+LIABILITY, WHETHER IN  AN ACTION OF CONTRACT, TORT OR  OTHERWISE, ARISING FROM,
+OUT OF OR IN  CONNECTION WITH THE SOFTWARE OR THE USE OR  OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,47 @@
+# consttime_memequal? : thin wrapper to OS-provided constant-time memory comparison routine.
+
+This kind of routine must be provided a priori but [[Feature
+#10098]](https://bugs.ruby-lang.org/issues/10098) is not yet
+implemented.  We have to make glude code for now.
+
+## Provided functionality
+
+This library provides one global function named `consttime_memequal?`.
+Which is of course not very ruby-ish, I know, but best describes what
+is going on.
+
+```ruby
+consttime_memequal?(b1, b2, len=b1.bytesize) # => true / false
+```
+
+Compares first _len_ bytes of _b1_ and _b2_.  Returns `true` if they
+are identical.  Returns `false` if they are distinct.
+
+## Q&As
+
+### Why the name `consttime_memequal?`
+
+NetBSD has [consttime_memequal(3)](https://www.freebsd.org/cgi/man.cgi?query=consttime_memequal&manpath=NetBSD+7.0).  We followed it.
+
+### This library fails to load on my machine.  Why?
+
+Install OpenSSL (or LibreSSL).
+
+### I can't install OpenSSL for reasons.  What to do?
+
+Install OpenBSD instead (or NetBSD).
+
+### I wrote a general implementation! Can I pull request?
+
+No you don't.  By the nature of its provided functionality, someone
+who implement this have to be very careful about side-channel attacks.
+You definitely shouldn't do it for yourself.  Make your OS provide one
+for you.
+
+Bug fix etc. are much appreciated!
+
+### Then what can I do?
+
+Go to [[Feature #10098]](https://bugs.ruby-lang.org/issues/10098) and
+persuade the core devs to implement that feature.  That's the lethal
+solution to the situation.

data/Rakefile

@@ -0,0 +1,32 @@
+#! /your/favourite/path/to/rake
+# -*- mode: ruby; coding: utf-8; indent-tabs-mode: nil; ruby-indent-level: 2 -*-
+# -*- frozen_string_literal: true -*-
+# -*- warn_indent: true -*-
+
+# Copyright (c) 2018 Urabe, Shyouhei
+#
+# Permission is hereby granted, free of  charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction,  including without limitation the rights
+# to use,  copy, modify,  merge, publish,  distribute, sublicense,  and/or sell
+# copies  of the  Software,  and to  permit  persons to  whom  the Software  is
+# furnished to do so, subject to the following conditions:
+#
+#       The above copyright notice and this permission notice shall be
+#       included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE  IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY  KIND, EXPRESS OR
+# IMPLIED,  INCLUDING BUT  NOT LIMITED  TO THE  WARRANTIES OF  MERCHANTABILITY,
+# FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO  EVENT SHALL THE
+# AUTHORS  OR COPYRIGHT  HOLDERS  BE LIABLE  FOR ANY  CLAIM,  DAMAGES OR  OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+require 'bundler/gem_tasks'
+require 'bundler/gem_helper'
+
+task :pry do
+  sh 'bundle exec ruby bin/console', verbose: true
+end
+task console: :pry

data/bin/console

@@ -0,0 +1,29 @@
+#! /your/favourite/path/to/ruby
+# -*- mode: ruby; coding: utf-8; indent-tabs-mode: nil; ruby-indent-level: 2 -*-
+# -*- frozen_string_literal: true -*-
+# -*- warn_indent: true -*-
+
+# Copyright (c) 2017 Urabe, Shyouhei
+#
+# Permission is hereby granted, free of  charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction,  including without limitation the rights
+# to use,  copy, modify,  merge, publish,  distribute, sublicense,  and/or sell
+# copies  of the  Software,  and to  permit  persons to  whom  the Software  is
+# furnished to do so, subject to the following conditions:
+#
+#         The above copyright notice and this permission notice shall be
+#         included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE  IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY  KIND, EXPRESS OR
+# IMPLIED,  INCLUDING BUT  NOT LIMITED  TO THE  WARRANTIES OF  MERCHANTABILITY,
+# FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO  EVENT SHALL THE
+# AUTHORS  OR COPYRIGHT  HOLDERS  BE LIABLE  FOR ANY  CLAIM,  DAMAGES OR  OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+require 'bundler/setup'
+require 'consttime_memequal'
+require 'pry'
+Pry.start

data/bin/setup

@@ -0,0 +1,24 @@
+#!/bin/sh
+# -*- mode: sh; coding: utf-8; indent-tabs-mode: nil -*-
+
+# Copyright (c) 2018 Urabe, Shyouhei
+#
+# Permission is hereby granted, free of  charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction,  including without limitation the rights
+# to use,  copy, modify,  merge, publish,  distribute, sublicense,  and/or sell
+# copies  of the  Software,  and to  permit  persons to  whom  the Software  is
+# furnished to do so, subject to the following conditions:
+#
+#       The above copyright notice and this permission notice shall be
+#       included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE  IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY  KIND, EXPRESS OR
+# IMPLIED,  INCLUDING BUT  NOT LIMITED  TO THE  WARRANTIES OF  MERCHANTABILITY,
+# FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO  EVENT SHALL THE
+# AUTHORS  OR COPYRIGHT  HOLDERS  BE LIABLE  FOR ANY  CLAIM,  DAMAGES OR  OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+bundle install

data/consttime_memequal.gemspec

@@ -0,0 +1,45 @@
+#! /your/favourite/path/to/gem
+# -*- mode: ruby; coding: utf-8; indent-tabs-mode: nil; ruby-indent-level: 2 -*-
+# -*- frozen_string_literal: true -*-
+# -*- warn_indent: true -*-
+
+# Copyright (c) 2018 Urabe, Shyouhei
+#
+# Permission is hereby granted, free of  charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction,  including without limitation the rights
+# to use,  copy, modify,  merge, publish,  distribute, sublicense,  and/or sell
+# copies  of the  Software,  and to  permit  persons to  whom  the Software  is
+# furnished to do so, subject to the following conditions:
+#
+#       The above copyright notice and this permission notice shall be
+#       included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE  IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY  KIND, EXPRESS OR
+# IMPLIED,  INCLUDING BUT  NOT LIMITED  TO THE  WARRANTIES OF  MERCHANTABILITY,
+# FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO  EVENT SHALL THE
+# AUTHORS  OR COPYRIGHT  HOLDERS  BE LIABLE  FOR ANY  CLAIM,  DAMAGES OR  OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+Gem::Specification.new do |spec|
+  spec.name          = 'consttime_memequal'
+  spec.version       = 1
+  spec.author        = 'Urabe, Shyouhei'
+  spec.email         = 'shyouhei@ruby-lang.org'
+  spec.summary       = 'provides consttime_memequal?'
+  spec.description   = "Wrapper to OS-provided timing-safe memory comparison."
+  spec.homepage      = 'https://github.com/shyouhei/consttime_memequal'
+  spec.license       = 'MIT'
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f|
+    f.match(%r'^(test|spec|features|samples)/')
+  }
+  spec.require_paths = %w'lib'
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'pry' # used in bin/console
+  spec.required_ruby_version =    '>= 2.0.0'
+  spec.add_runtime_dependency     'fiddle'
+end

data/lib/consttime_memequal.rb

@@ -0,0 +1,88 @@
+#! /your/favourite/path/to/ruby
+# -*- mode: ruby; coding: utf-8; indent-tabs-mode: nil; ruby-indent-level: 2 -*-
+# -*- frozen_string_literal: true -*-
+# -*- warn_indent: true -*-
+
+# Copyright (c) 2018 Urabe, Shyouhei
+#
+# Permission is hereby granted, free of  charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction,  including without limitation the rights
+# to use,  copy, modify,  merge, publish,  distribute, sublicense,  and/or sell
+# copies  of the  Software,  and to  permit  persons to  whom  the Software  is
+# furnished to do so, subject to the following conditions:
+#
+#       The above copyright notice and this permission notice shall be
+#       included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE  IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY  KIND, EXPRESS OR
+# IMPLIED,  INCLUDING BUT  NOT LIMITED  TO THE  WARRANTIES OF  MERCHANTABILITY,
+# FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO  EVENT SHALL THE
+# AUTHORS  OR COPYRIGHT  HOLDERS  BE LIABLE  FOR ANY  CLAIM,  DAMAGES OR  OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+dlsym = lambda do |symbol, lib = 'fiddle'|
+  begin
+    gem lib and require lib
+    libc = Fiddle.dlopen nil
+    ptr  = libc.sym symbol
+    func = Fiddle::Function.new ptr, \
+      [Fiddle::TYPE_VOIDP, Fiddle::TYPE_VOIDP, Fiddle::TYPE_SIZE_T], \
+      Fiddle::TYPE_INT,
+      name: symbol
+  rescue Fiddle::DLError
+    return nil
+  rescue LoadError
+    return nil
+  else
+    return func
+  end
+end
+
+case
+when func = dlsym.call('consttime_memequal') then
+  define_method :consttime_memequal do |this, that, len = this.bytesize|
+    src = Fiddle::Pointer.to_ptr this
+    dst = Fiddle::Pointer.to_ptr that
+    ret = func.call src, dst, len
+    case ret
+    when 1 then return true
+    when 0 then return false
+    else raise RuntimeError, \
+      "consttime_memequal(3) returned unknown value: #{ret.inspect}"
+    end
+  end
+
+when func = dlsym.call('timingsafe_memcmp') then
+  define_method :consttime_memequal do |this, that, len = this.bytesize|
+    src = Fiddle::Pointer.to_ptr this
+    dst = Fiddle::Pointer.to_ptr that
+    ret = func.call src, dst, len
+    return ret == 0
+  end
+
+when func = dlsym.call('timingsafe_bcmp') then
+  define_method :consttime_memequal do |this, that, len = this.bytesize|
+    src = Fiddle::Pointer.to_ptr this
+    dst = Fiddle::Pointer.to_ptr that
+    ret = func.call src, dst, len
+    return ret == 0
+  end
+
+when func = dlsym.call('CRYPTO_memcmp', 'openssl') then
+  define_method :consttime_memequal do |this, that, len = this.bytesize|
+    src = Fiddle::Pointer.to_ptr this
+    dst = Fiddle::Pointer.to_ptr that
+    ret = func.call src, dst, len
+    return ret == 0
+  end
+
+else
+  raise <<-"end".strip unless func
+    No timing-safe memory comparison routine found.
+    We don't plan to implement one for you.
+    Use other secure OS.
+  end
+end

metadata

@@ -0,0 +1,108 @@
+--- !ruby/object:Gem::Specification
+name: consttime_memequal
+version: !ruby/object:Gem::Version
+  version: '1'
+platform: ruby
+authors:
+- Urabe, Shyouhei
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-06-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fiddle
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Wrapper to OS-provided timing-safe memory comparison.
+email: shyouhei@ruby-lang.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- consttime_memequal.gemspec
+- lib/consttime_memequal.rb
+homepage: https://github.com/shyouhei/consttime_memequal
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: provides consttime_memequal?
+test_files: []