io.netty.util.internal.ConstantTimeUtils Maven / Gradle / Ivy
Go to download
This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including
all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and
Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up
with different versions on classes on the class path).
/*
* Copyright 2016 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.util.internal;
public final class ConstantTimeUtils {
private ConstantTimeUtils() { }
/**
* Compare two {@code int}s without leaking timing information.
*
* The {@code int} return type is intentional and is designed to allow cascading of constant time operations:
*
* int l1 = 1;
* int l2 = 1;
* int l3 = 1;
* int l4 = 500;
* boolean equals = (equalsConstantTime(l1, l2) & equalsConstantTime(l3, l4)) != 0;
*
* @param x the first value.
* @param y the second value.
* @return {@code 0} if not equal. {@code 1} if equal.
*/
public static int equalsConstantTime(int x, int y) {
int z = ~(x ^ y);
z &= z >> 16;
z &= z >> 8;
z &= z >> 4;
z &= z >> 2;
z &= z >> 1;
return z & 1;
}
/**
* Compare two {@code longs}s without leaking timing information.
*
* The {@code int} return type is intentional and is designed to allow cascading of constant time operations:
*
* long l1 = 1;
* long l2 = 1;
* long l3 = 1;
* long l4 = 500;
* boolean equals = (equalsConstantTime(l1, l2) & equalsConstantTime(l3, l4)) != 0;
*
* @param x the first value.
* @param y the second value.
* @return {@code 0} if not equal. {@code 1} if equal.
*/
public static int equalsConstantTime(long x, long y) {
long z = ~(x ^ y);
z &= z >> 32;
z &= z >> 16;
z &= z >> 8;
z &= z >> 4;
z &= z >> 2;
z &= z >> 1;
return (int) (z & 1);
}
/**
* Compare two {@code byte} arrays for equality without leaking timing information.
* For performance reasons no bounds checking on the parameters is performed.
*
* The {@code int} return type is intentional and is designed to allow cascading of constant time operations:
*
* byte[] s1 = new {1, 2, 3};
* byte[] s2 = new {1, 2, 3};
* byte[] s3 = new {1, 2, 3};
* byte[] s4 = new {4, 5, 6};
* boolean equals = (equalsConstantTime(s1, 0, s2, 0, s1.length) &
* equalsConstantTime(s3, 0, s4, 0, s3.length)) != 0;
*
* @param bytes1 the first byte array.
* @param startPos1 the position (inclusive) to start comparing in {@code bytes1}.
* @param bytes2 the second byte array.
* @param startPos2 the position (inclusive) to start comparing in {@code bytes2}.
* @param length the amount of bytes to compare. This is assumed to be validated as not going out of bounds
* by the caller.
* @return {@code 0} if not equal. {@code 1} if equal.
*/
public static int equalsConstantTime(byte[] bytes1, int startPos1,
byte[] bytes2, int startPos2, int length) {
// Benchmarking demonstrates that using an int to accumulate is faster than other data types.
int b = 0;
final int end = startPos1 + length;
for (; startPos1 < end; ++startPos1, ++startPos2) {
b |= bytes1[startPos1] ^ bytes2[startPos2];
}
return equalsConstantTime(b, 0);
}
/**
* Compare two {@link CharSequence} objects without leaking timing information.
*
* The {@code int} return type is intentional and is designed to allow cascading of constant time operations:
*
* String s1 = "foo";
* String s2 = "foo";
* String s3 = "foo";
* String s4 = "goo";
* boolean equals = (equalsConstantTime(s1, s2) & equalsConstantTime(s3, s4)) != 0;
*
* @param s1 the first value.
* @param s2 the second value.
* @return {@code 0} if not equal. {@code 1} if equal.
*/
public static int equalsConstantTime(CharSequence s1, CharSequence s2) {
if (s1.length() != s2.length()) {
return 0;
}
// Benchmarking demonstrates that using an int to accumulate is faster than other data types.
int c = 0;
for (int i = 0; i < s1.length(); ++i) {
c |= s1.charAt(i) ^ s2.charAt(i);
}
return equalsConstantTime(c, 0);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy