mirrors/cryptomator
1
0
Fork 0
mirror of https://github.com/cryptomator/cryptomator.git synced 2026-05-17 10:11:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

- fixed timing attack on MAC (see http://codahale.com/a-lesson-in-timing-attacks/)

Browse Source
This commit is contained in:
Sebastian Stenzel
2015-01-14 19:34:36 +01:00
parent 5e6f343e68
commit 8bfdad38b9
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Aes256Cryptor.java
View File

@@ -17,6 +17,7 @@ import java.nio.file.DirectoryStream.Filter;
import java.nio.file.Path;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
@@ -426,8 +427,8 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
final InputStream macIn = new MacInputStream(in, mac);
IOUtils.copyLarge(macIn, new NullOutputStream(), 0, fileSize);
// compare:
return Arrays.equals(macBuffer.array(), mac.doFinal());
// compare (in constant time):
return MessageDigest.isEqual(macBuffer.array(), mac.doFinal());
}
@Override