fast_secure_compare 0.0.3 → 1.0.0

checksums.yaml

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: e3fb2369f25ee854588c61eee84e3e8d83101935
-  data.tar.gz: 9ce4e51ea075a0356c94a5fbfa2ba73d782a747f
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MDM5MWFhMTcwNjJhNjQyZjA4YTc1ODE4NGZlNGQ4ZTU2NjhiY2ZmYw==
+  data.tar.gz: !binary |-
+    MmY2NjNlYzg4MzFhNWQyZWYyMTU0NzI3M2FlYjg4NWI5NjE4MTc0Zg==
 SHA512:
-  metadata.gz: 014835e0a31b4c6c22e776c6641f77a82a41edef1be4048e20f9aeb201e5b2707d16ea52748ebd3affcd4152f66b7268325f295a8cc85567a5398902ecf53979
-  data.tar.gz: ee5a4427431ecb102938ef55bc6cf8588bae22e71f9e90fe32c5f73f17c5db0bd0334d4165c952ef1f0cef4c21302ab10d17f16edcee84297ac099027baf16c8
+  metadata.gz: !binary |-
+    YmU3ODRhYTM4Njg4MGIzMmJmMjQ0ZjI1MGI1YjMyYTEyZjVjMGQ3OTMxMTE2
+    MjM4ZGJmMmZmNWFlN2E0NjEzOGI0N2YxYjNmNjQ3NjRkYmM0ODQyYzE0ZTA5
+    OTc0NjJmMGI0MjJmZjE5MzJmYjAwZjIwODRhYzU0NGQ5ODI5Mzk=
+  data.tar.gz: !binary |-
+    OTc2MTgwY2NlMzhjZGZhZGNmNzBhOWQ2ZmJmZDYyODE4MjZkMzQ4NTMxYTky
+    NWQ1ZmM1MjQzYzM2MmM1Nzc1YjUzN2MzZTU2Njk3YWFiNmM0ZTdlNjNmZjVm
+    ZWU1ODY0ZjQzZWY0YmRkZmEwY2Y0NDQ5ZTU4OTRmMTQ4NDFmYTc=

data/README.md

@@ -1,5 +1,11 @@
+# FastSecureCompare #
+[![Build Status](https://travis-ci.org/daxtens/fast_secure_compare.svg?branch=master)](https://travis-ci.org/daxtens/fast_secure_compare)
+[![Gem Version](https://badge.fury.io/rb/fast_secure_compare.svg)](http://badge.fury.io/rb/fast_secure_compare)
+
 This gem provides a simple, fast way to do string comparisons that resist timing attacks.
 
+It also provides an easy way to (marginally) speed up your existing web apps that use Rails or Rack's secure_compare functions (for example, any app that uses Rails built in sessions) by monkey patching the fast C function over the slow pure Ruby one.
+
 # What is a timing attack? #
 A timing attack is an attack on a system that determines secret information based on how long an operation takes.
 
@@ -23,17 +29,64 @@ This gem provides a secure comparison function that is:
 
 Furthermore, unlike some other secure comparison fuctions, the code does not require that the strings are the same length, and should not leak the length of the string if the string lengths do not match.
 
-If you're interested in seeing how much faster you can make your code by using this gem, check out the demo folder.
+The gem also provides monkeypatches for rack and rails, to make it easier to deploy.
 
 # How do I use this gem in my code? #
 
+That depends on your use case:
+
+## By itself ##
+
 ```ruby
 
-import 'fast_secure_compare'
+require 'fast_secure_compare'
 
 FastSecureCompare.compare(my_secret, user_input)
 ```
 
+## In a Rails app ##
+To make all uses of `ActiveSupport::MessageVerifier` (including every time a user's session is verifed!) faster, you need to `require 'fast_secure_compare/rails'` somehow.
+
+In, e.g. Redmine, this is as simple as adding the following line to `Gemfile.local`:
+
+`gem 'fast_secure_compare', :require => "fast_secure_compare/rails"`
+
+Don't forget to run `bundle install`.
+
+## In a Rack app ##
+
+Apps using Rack and calling `Rack::Utils.secure_compare` can be sped up with `require 'fast_secure_compare/rack'`.
+
+Note that this is not well tested and I'd appreciate feedback.
+
+# How much faster is this? #
+
+Well, that depends on how you measure it.
+
+If you do a synthetic microbenchmark (see `demo/timings.rb`), you'll see something like this when comparing two 40 byte strings (like SHA1 hashes), 1000 times over.
+
+The 'early fail' one differs at the first character, while the 'late fail' one differs at the last character.
+
+```
+                                         user     system      total        real
+==, early fail                       0.000000   0.000000   0.000000 (  0.000191)
+==, late fail                        0.000000   0.000000   0.000000 (  0.000219)
+Pure Ruby secure_compare, 'early'    0.020000   0.000000   0.020000 (  0.019503)
+Pure Ruby secure_compare, 'late'     0.020000   0.000000   0.020000 (  0.019279)
+C-based FastSecureCompare, 'early'   0.000000   0.000000   0.000000 (  0.000588)
+C-based FastSecureCompare, 'late'    0.000000   0.000000   0.000000 (  0.000582)
+```
+
+Interpreting the results, the C based one executes 2 orders of magnitude faster than the pure Ruby, and the same order of magnitude as `==`.
+
+However, if you benchmark an actual application, things will obviously differ. If you look at the difference per call, on my hardware you'd see about a ((0.02-0.0005)/1000) = 20 microsecond difference, which is probably too small to measure.
+
+However, if you are comparing strings that are greater than 40 characters in length, the differences become significantly more pronounced. (This was the original motivation for this gem.)
+
 # Is there anything else I should know? #
 
-The gem is not foolproof. In particular, it can't protect you against anything designed to exploit cache misses or any other more elaborate form of timing attack. However, none of the existing pure Ruby secure_compare functions do either.
+* The gem is not foolproof. In particular, it can't protect you against anything designed to exploit cache misses or any other more elaborate form of timing attack. However, none of the existing pure Ruby secure_compare functions do either.
+
+* Putting the argmuents around the wrong way may leak the length of your secret.
+
+* Don't use a secret of length 0.

data/Rakefile

@@ -1,21 +1,41 @@
-# shamelessly ripped off https://github.com/cotag/http-parser/blob/master/Rakefile
-
 require 'rubygems'
 require 'rake'
 require 'rspec/core/rake_task'
+require 'rake/extensiontask'
 
 task :default => [:compile, :test]
 
-task :compile do
-    protect = ['secure_compare.c']
-    Dir["ext/fast_secure_compare/**/*"].each do |file|
-        begin
-            next if protect.include? File.basename(file)
-            FileUtils.rm file
-        rescue
-        end
-    end
-    system 'cd ext && rake'
+spec = Gem::Specification.new do |s|
+  s.name        = 'fast_secure_compare'
+  s.version     = '1.0.0'
+  s.date        = '2014-08-23'
+  s.summary     = "A fast, simple way to do constant time string comparisons."
+  s.description = "A secure_comparison function implemented in C for blazing speed. Includes monkeypatch for Rails and Rack."
+  s.authors     = ["Daniel Axtens"]
+  s.email       = 'daniel@axtens.net'
+  s.homepage    =
+    'https://github.com/daxtens/fast_secure_compare'
+  s.license       = 'MIT'
+
+
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rake-compiler'
+  s.add_development_dependency 'rspec'
+
+  s.files = Dir["{lib}/**/*"] + %w(Rakefile README.md LICENSE)
+  s.files += Dir['ext/**/*.c'] + Dir['ext/**/extconf.rb']
+  s.test_files = Dir["spec/**/*"]
+  s.extra_rdoc_files = ["README.md"]
+
+  s.extensions = Dir['ext/**/extconf.rb']
+  s.require_paths = ["lib"]
+end
+
+# add your default gem packing task
+Gem::PackageTask.new(spec) do |pkg|
 end
 
+# feed the ExtensionTask with your spec
+Rake::ExtensionTask.new('fast_secure_compare', spec)
+
 RSpec::Core::RakeTask.new(:test)

data/ext/fast_secure_compare/extconf.rb

@@ -0,0 +1,3 @@
+require "mkmf"
+
+create_makefile "fast_secure_compare/fast_secure_compare"

data/ext/fast_secure_compare/secure_compare.c

@@ -1,15 +1,37 @@
-int secure_compare_bytes(const unsigned char * secret, unsigned int secret_len, 
-                         const unsigned char * input, unsigned int input_len) {
+#include <ruby.h>
+
+VALUE FSC_module = Qnil;
+
+
+static VALUE
+method_compare(VALUE self, VALUE secret, VALUE input) {
+    Check_Type(secret, T_STRING);
+    Check_Type(input, T_STRING);
+
+    // handle 0-length secrets
+    if (RSTRING_LEN(secret) == 0 && RSTRING_LEN(input) != 0) {
+        return Qfalse;
+    }
 
     int input_pos;
     int secret_pos = 0;
+    int input_len = RSTRING_LEN(input);
+    int secret_len = RSTRING_LEN(secret);
+    char * secret_ = RSTRING_PTR(secret);
+    char * input_ = RSTRING_PTR(input);
     int result = secret_len - input_len;
     // make sure our time isn't dependent on secret_len, and only dependent
     // on input_len
     for (input_pos = 0; input_pos < input_len; input_pos++) {
-        result |= input[input_pos] ^ secret[secret_pos];
+        result |= input_[input_pos] ^ secret_[secret_pos];
         secret_pos = (secret_pos + 1) % secret_len;
     }
 
-    return result;
+    return ((result == 0) ? Qtrue : Qfalse);
+}
+
+void
+Init_fast_secure_compare(void) {
+    FSC_module = rb_define_module("FastSecureCompare");
+    rb_define_module_function(FSC_module, "compare", method_compare, 2);
 }

data/lib/fast_secure_compare/rack.rb

@@ -0,0 +1,12 @@
+require 'fast_secure_compare'
+
+# Monkeypatch Rack
+module Rack
+  module Utils
+    class<< self
+      def secure_compare(a, b)
+        FastSecureCompare.compare(a, b)
+      end
+    end
+  end
+end

data/lib/fast_secure_compare/rails.rb

@@ -0,0 +1,11 @@
+require 'fast_secure_compare'
+
+# Monkeypatch Rails
+module ActiveSupport
+  class MessageVerifier
+    private
+    def secure_compare(a, b)
+      FastSecureCompare.compare(a, b)
+    end
+  end
+end

data/spec/fsc_rack_spec.rb

@@ -0,0 +1,24 @@
+require 'fast_secure_compare/rack'
+
+describe Rack::Utils, "#secure_compare" do
+    it "returns true on equal strings" do
+      expect(Rack::Utils.secure_compare("aaa","aaa")).to eq(true)
+     end
+    it "returns false on an empty string" do
+      expect(Rack::Utils.secure_compare("aaa","")).to eq(false)
+    end
+    it "returns false on different strings of different length" do
+      expect(Rack::Utils.secure_compare("aaa","a")).to eq(false)
+      expect(Rack::Utils.secure_compare("aaa","aaaaaa")).to eq(false)
+    end
+    it "returns false on different strings of equal length" do
+      expect(Rack::Utils.secure_compare("aaa","bbb")).to eq(false)
+    end
+    it "returns true on two empty strings." do
+      expect(Rack::Utils.secure_compare("","")).to eq(true)
+    end
+    it "returns false on one empty string, one non-empty string." do
+      expect(Rack::Utils.secure_compare("a","")).to eq(false)
+      expect(Rack::Utils.secure_compare("","a")).to eq(false)
+    end
+end

metadata

@@ -1,73 +1,75 @@
 --- !ruby/object:Gem::Specification
 name: fast_secure_compare
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 1.0.0
 platform: ruby
 authors:
 - Daniel Axtens
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-18 00:00:00.000000000 Z
+date: 2014-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: ffi-compiler
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.0.2
-  type: :runtime
+        version: '0'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.0.2
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-description: A secure_comparison function implemented in C for blazing speed.
+description: A secure_comparison function implemented in C for blazing speed. Includes
+  monkeypatch for Rails and Rack.
 email: daniel@axtens.net
 executables: []
 extensions:
-- ext/Rakefile
+- ext/fast_secure_compare/extconf.rb
 extra_rdoc_files:
 - README.md
 files:
-- lib/fast_secure_compare.rb
-- Rakefile
-- fast_secure_compare.gemspec
-- README.md
 - LICENSE
+- README.md
+- Rakefile
+- ext/fast_secure_compare/extconf.rb
 - ext/fast_secure_compare/secure_compare.c
+- lib/fast_secure_compare/rack.rb
+- lib/fast_secure_compare/rails.rb
 - spec/fast_secure_compare_spec.rb
-- ext/Rakefile
+- spec/fsc_rack_spec.rb
 homepage: https://github.com/daxtens/fast_secure_compare
 licenses:
 - MIT
@@ -78,20 +80,20 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.6
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: A fast, simple way to do constant time string comparisons.
 test_files:
 - spec/fast_secure_compare_spec.rb
-has_rdoc: 
+- spec/fsc_rack_spec.rb

data/ext/Rakefile

@@ -1,3 +0,0 @@
-require 'ffi-compiler/compile_task'
-
-FFI::Compiler::CompileTask.new('fast_secure_compare')

data/fast_secure_compare.gemspec

@@ -1,27 +0,0 @@
-Gem::Specification.new do |s|
-  s.name        = 'fast_secure_compare'
-  s.version     = '0.0.3'
-  s.date        = '2014-08-18'
-  s.summary     = "A fast, simple way to do constant time string comparisons."
-  s.description = "A secure_comparison function implemented in C for blazing speed."
-  s.authors     = ["Daniel Axtens"]
-  s.email       = 'daniel@axtens.net'
-  s.homepage    =
-    'https://github.com/daxtens/fast_secure_compare'
-  s.license       = 'MIT'
-
-
-  s.add_dependency 'ffi-compiler', '>= 0.0.2'
-  s.add_dependency 'rake'
-
-  s.add_development_dependency 'rspec'
-  
-  s.files = Dir["{lib}/**/*"] + %w(Rakefile fast_secure_compare.gemspec README.md LICENSE)
-  s.files += ["ext/fast_secure_compare/secure_compare.c"]
-  s.test_files = Dir["spec/**/*"]
-  s.extra_rdoc_files = ["README.md"]
-
-  s.extensions << "ext/Rakefile"
-  s.require_paths = ["lib"]
-end
-

data/lib/fast_secure_compare.rb

@@ -1,18 +0,0 @@
-require 'ffi'
-require 'ffi-compiler/loader'
-
-module FastSecureCompare
-  extend FFI::Library
-  ffi_lib FFI::Compiler::Loader.find('fast_secure_compare')
-  
-  attach_function :secure_compare_bytes, [:pointer, :uint, :pointer, :uint], :int
-
-  def self.compare(secret, input)
-    return false if secret == "" and input != ""
-    sBuf = FFI::MemoryPointer.new(:char, secret.size)
-    sBuf.put_bytes(0, secret)
-    iBuf = FFI::MemoryPointer.new(:char, input.size)
-    iBuf.put_bytes(0, input)
-    secure_compare_bytes(secret, secret.size, input, input.size) == 0
-  end
-end