diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-10-17 13:57:00 +0200 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-10-17 13:57:00 +0200 |
commit | 3565d47fc019a274a349725b4f7e2b0230937930 (patch) | |
tree | 7cf3b7c3b5d5cff14578b4d485f295d6cce9b2e0 /security-utils/src/test/java/com | |
parent | df20f01fc37186681c017d377e381963dfdbcae2 (diff) |
Add some utilities for comparing arrays without data-dependent branches
Lets arrays be compared without leaking information about their
contents caused by early exits etc.
Diffstat (limited to 'security-utils/src/test/java/com')
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/SideChannelSafeTest.java | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/SideChannelSafeTest.java b/security-utils/src/test/java/com/yahoo/security/SideChannelSafeTest.java new file mode 100644 index 00000000000..7a66ed6eb7f --- /dev/null +++ b/security-utils/src/test/java/com/yahoo/security/SideChannelSafeTest.java @@ -0,0 +1,38 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +/** + * _Functional_ test of side channel safe utility functions. Testing that they're actually + * (probably) side channel safe would be too flaky since it's inherently timing-dependent. + */ +public class SideChannelSafeTest { + + @Test + void all_zeros_checks_length_and_array_contents() { + assertFalse(SideChannelSafe.allZeros(new byte[0])); + assertFalse(SideChannelSafe.allZeros(new byte[]{ 1 })); + assertTrue(SideChannelSafe.allZeros(new byte[]{ 0 })); + assertFalse(SideChannelSafe.allZeros(new byte[]{ 0, 0, 127, 0 })); + assertFalse(SideChannelSafe.allZeros(new byte[]{ 0, 0, -1, 0 })); + assertTrue(SideChannelSafe.allZeros(new byte[]{ 0, 0, 0 })); + } + + @Test + void arrays_equal_checks_length_and_array_contents() { + assertTrue(SideChannelSafe.arraysEqual(new byte[0], new byte[0])); + assertFalse(SideChannelSafe.arraysEqual(new byte[] { 0 }, new byte[0])); + assertFalse(SideChannelSafe.arraysEqual(new byte[0], new byte[]{ 0 })); + assertTrue(SideChannelSafe.arraysEqual(new byte[] { 0, 0, 0 }, new byte[] { 0, 0, 0 })); + assertTrue(SideChannelSafe.arraysEqual(new byte[] { 0x7, 0xe }, new byte[] { 0x7, 0xe })); + assertFalse(SideChannelSafe.arraysEqual(new byte[] { 0xe, 0x7 }, new byte[] { 0x7, 0xe })); + assertFalse(SideChannelSafe.arraysEqual(new byte[] { -1, 127 }, new byte[] { 127, -1 })); + assertFalse(SideChannelSafe.arraysEqual(new byte[] { -1, -1, 1 }, new byte[] { -1, -1, 2 })); + assertFalse(SideChannelSafe.arraysEqual(new byte[] { 0, -1, 1 }, new byte[] { 0, -1, 3 })); + } + +} |