tlslite.utils.constanttime module

Various constant time functions for processing sensitive data

tlslite.utils.constanttime.ct_check_cbc_mac_and_pad(data, mac, seqnumBytes, contentType, version)

Check CBC cipher HMAC and padding. Close to constant time.

Parameters:
  • data (bytearray) – data with HMAC value to test and padding
  • mac (hashlib mac) – empty HMAC, initialised with a key
  • seqnumBytes (bytearray) – TLS sequence number, used as input to HMAC
  • contentType (int) – a single byte, used as input to HMAC
  • version (tuple of int) – a tuple of two ints, used as input to HMAC and to guide checking of padding
Return type:

boolean
Returns:

True if MAC and pad is ok, False otherwise
tlslite.utils.constanttime.ct_eq_u32(val_a, val_b)

Return 1 if val_a == val_b, 0 otherwise. Constant time.

Parameters:
  • val_a (int) – an unsigned integer representable as a 32 bit value
  • val_b (int) – an unsigned integer representable as a 32 bit value
Return type:

int
tlslite.utils.constanttime.ct_gt_u32(val_a, val_b)

Return 1 if val_a > val_b, 0 otherwise. Constant time.

Parameters:
  • val_a (int) – an unsigned integer representable as a 32 bit value
  • val_b (int) – an unsigned integer representable as a 32 bit value
Return type:

int
tlslite.utils.constanttime.ct_isnonzero_u32(val)

Returns 1 if val is != 0, 0 otherwise. Constant time.

Parameters:val (int) – an unsigned integer representable as a 32 bit value
Return type:int
tlslite.utils.constanttime.ct_le_u32(val_a, val_b)

Return 1 if val_a <= val_b, 0 otherwise. Constant time.

Parameters:
  • val_a (int) – an unsigned integer representable as a 32 bit value
  • val_b (int) – an unsigned integer representable as a 32 bit value
Return type:

int
tlslite.utils.constanttime.ct_lsb_prop_u16(val)

Propagate LSB to all 16 bits of the returned int. Constant time.

tlslite.utils.constanttime.ct_lsb_prop_u8(val)

Propagate LSB to all 8 bits of the returned int. Constant time.

tlslite.utils.constanttime.ct_lt_u32(val_a, val_b)

Returns 1 if val_a < val_b, 0 otherwise. Constant time.

Parameters:
  • val_a (int) – an unsigned integer representable as a 32 bit value
  • val_b (int) – an unsigned integer representable as a 32 bit value
Return type:

int
tlslite.utils.constanttime.ct_neq_u32(val_a, val_b)

Return 1 if val_a != val_b, 0 otherwise. Constant time.

Parameters:
  • val_a (int) – an unsigned integer representable as a 32 bit value
  • val_b (int) – an unsigned integer representable as a 32 bit value
Return type:

int