tlslite.utils.constanttime module
Various constant time functions for processing sensitive data
- tlslite.utils.constanttime.ct_check_cbc_mac_and_pad(data, mac, seqnumBytes, contentType, version, block_size=16)[source]
Check CBC cipher HMAC and padding. Close to constant time.
- Parameters:
data (bytearray) – data with HMAC value to test and padding
mac (hashlib mac) – empty HMAC, initialised with a key
seqnumBytes (bytearray) – TLS sequence number, used as input to HMAC
contentType (int) – a single byte, used as input to HMAC
version (tuple of int) – a tuple of two ints, used as input to HMAC and to guide checking of padding
- Return type:
boolean
- Returns:
True if MAC and pad is ok, False otherwise
- tlslite.utils.constanttime.ct_eq_u32(val_a, val_b)[source]
Return 1 if val_a == val_b, 0 otherwise. Constant time.
- tlslite.utils.constanttime.ct_gt_u32(val_a, val_b)[source]
Return 1 if val_a > val_b, 0 otherwise. Constant time.
- tlslite.utils.constanttime.ct_isnonzero_u32(val)[source]
Returns 1 if val is != 0, 0 otherwise. Constant time.
- tlslite.utils.constanttime.ct_le_u32(val_a, val_b)[source]
Return 1 if val_a <= val_b, 0 otherwise. Constant time.
- tlslite.utils.constanttime.ct_lsb_prop_u16(val)[source]
Propagate LSB to all 16 bits of the returned int. Constant time.
- tlslite.utils.constanttime.ct_lsb_prop_u8(val)[source]
Propagate LSB to all 8 bits of the returned int. Constant time.