comment constant time compare per code review

// FREEBIE
9 years ago · 8f1412d502
parent 452110b687
commit 8f1412d502
2 changed files with 5 additions and 0 deletions
--- a/src/Util/NSData+OWSConstantTimeCompare.h
+++ b/src/Util/NSData+OWSConstantTimeCompare.h
@ -6,6 +6,9 @@ NS_ASSUME_NONNULL_BEGIN

@interface NSData (OWSConstantTimeCompare)

+/**
+ * Compares data in constant time so as to help avoid potential timing attacks.
+ */
 - (BOOL)ows_constantTimeIsEqualToData:(NSData *)other;

@end
--- a/src/Util/NSData+OWSConstantTimeCompare.m
+++ b/src/Util/NSData+OWSConstantTimeCompare.m
@ -19,6 +19,8 @@ NS_ASSUME_NONNULL_BEGIN
    UInt8 *leftBytes = (UInt8 *)self.bytes;
    UInt8 *rightBytes = (UInt8 *)other.bytes;
    for (int i = 0; i < self.length; i++) {
+        // rather than returning as soon as we find a discrepency, we compare the rest of
+        // the byte stream to maintain a constant time comparison
        isEqual = isEqual && (leftBytes[i] == rightBytes[i]);
    }