Make find_record constant time (#3097)

* Make find_record constant time * Implement Chris's suggestion
mobilecoinfoundation · Feb 9, 2023 · 2a83307 · 2a83307
1 parent 4d85726
commit 2a83307
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 17 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/fog/view/enclave/impl/Cargo.toml b/fog/view/enclave/impl/Cargo.toml
@@ -8,6 +8,8 @@ license = "GPL-3.0"
 [dependencies]
 aes-gcm = "0.10.1"
 aligned-cmov = "2.2"
+static_assertions = "1.1.0"
+
 mc-attest-ake = { path = "../../../../attest/ake", default-features = false }
 mc-attest-core = { path = "../../../../attest/core", default-features = false }
 mc-attest-enclave-api = { path = "../../../../attest/enclave-api", default-features = false }

diff --git a/fog/view/enclave/impl/src/e_tx_out_store.rs b/fog/view/enclave/impl/src/e_tx_out_store.rs
@@ -184,23 +184,15 @@ impl<OSC: ORAMStorageCreator<StorageDataSize, StorageMetaSize>> ETxOutStore<OSC>
             );
         }
 
-        // TOOO: Per https://github.com/mobilecoinfoundation/mobilecoin/issues/2965, use a
-        // a constant time comparison function to always copy the same number of bytes.
-        // NOTE: As of right now, this code is not constant time and therefore
-        // blocks the v5 release.
-        // Code to implement:
-        // ```
-        // const LENGTH_TO_COPY: usize = core::cmp::min(FIXED_CIPHERTEXT_LENGTH,
-        //   ValueSize::USIZE - 1);
-        // (&result.ciphertext[..LENGTH_TO_COPY]).copy_from_slice(&value[1..LENGTH_TO_COPY]);
-        // ```
-        let data_end = ValueSize::USIZE - value[0] as usize;
-        let payload = &value[1..data_end];
-        // Use this instead of payload.len() because the slice `len` method isn't
-        // guaranteed to be constant time.
-        let payload_length = data_end - 1;
-        result.ciphertext[0..payload_length].copy_from_slice(payload);
-        result.payload_length = payload_length as u32;
+        // To preserve constant time execution, we always copy `ValueSize::USIZE - 1`
+        // bytes. To ensure the copy doesn't panic, assert that the length to
+        // copy is less than the maximum length that ciphertext can be, which is
+        // `FIXED_CIPHERTEXT_LENGTH`.
+        const LENGTH_TO_COPY: usize = ValueSize::USIZE - 1;
+        static_assertions::const_assert!(LENGTH_TO_COPY < FIXED_CIPHERTEXT_LENGTH);
+
+        result.ciphertext[..LENGTH_TO_COPY].copy_from_slice(&value[1..(LENGTH_TO_COPY + 1)]);
+        result.payload_length = (ValueSize::USIZE - 1 - (value[0] as usize)) as u32;
 
         result
     }

diff --git a/fog/view/enclave/trusted/Cargo.lock b/fog/view/enclave/trusted/Cargo.lock