From 4fec57161a42914fae59f931879678c79470d49b Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Wed, 4 Apr 2012 10:04:34 -0400 Subject: Move auth_str_equal() to a new authutils module. This patch moves auth_str_utils() to a new module, authutils, for helper functions related to authentication. Change-Id: I83f174486269701deed3500f890832a71ff3e315 --- openstack/common/authutils.py | 44 +++++++++++++++++++++++++++++++++++++++++++ openstack/common/utils.py | 24 ----------------------- 2 files changed, 44 insertions(+), 24 deletions(-) create mode 100644 openstack/common/authutils.py (limited to 'openstack') diff --git a/openstack/common/authutils.py b/openstack/common/authutils.py new file mode 100644 index 0000000..f0e2c80 --- /dev/null +++ b/openstack/common/authutils.py @@ -0,0 +1,44 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2011 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +Authentication related utilities and helper functions. +""" + + +def auth_str_equal(provided, known): + """Constant-time string comparison. + + :params provided: the first string + :params known: the second string + + :return: True if the strings are equal. + + This function takes two strings and compares them. It is intended to be + used when doing a comparison for authentication purposes to help guard + against timing attacks. When using the function for this purpose, always + provide the user-provided password as the first argument. The time this + function will take is always a factor of the length of this string. + """ + result = 0 + p_len = len(provided) + k_len = len(known) + for i in xrange(p_len): + a = ord(provided[i]) if i < p_len else 0 + b = ord(known[i]) if i < k_len else 0 + result |= a ^ b + return (p_len == k_len) & (result == 0) diff --git a/openstack/common/utils.py b/openstack/common/utils.py index d3d01fa..f9dfe73 100644 --- a/openstack/common/utils.py +++ b/openstack/common/utils.py @@ -158,27 +158,3 @@ def import_object(import_str): return sys.modules[import_str] except ImportError: return import_class(import_str) - - -def auth_str_equal(provided, known): - """Constant-time string comparison. - - :params provided: the first string - :params known: the second string - - :return: True if the strings are equal. - - This function takes two strings and compares them. It is intended to be - used when doing a comparison for authentication purposes to help guard - against timing attacks. When using the function for this purpose, always - provide the user-provided password as the first argument. The time this - function will take is always a factor of the length of this string. - """ - result = 0 - p_len = len(provided) - k_len = len(known) - for i in xrange(p_len): - a = ord(provided[i]) if i < p_len else 0 - b = ord(known[i]) if i < k_len else 0 - result |= a ^ b - return (p_len == k_len) & (result == 0) -- cgit