1.. hazmat:: 2 3Constant time functions 4======================= 5 6.. currentmodule:: cryptography.hazmat.primitives.constant_time 7 8This module contains functions for operating with secret data in a way that 9does not leak information about that data through how long it takes to perform 10the operation. These functions should be used whenever operating on secret data 11along with data that is user supplied. 12 13An example would be comparing a HMAC signature received from a client to the 14one generated by the server code for authentication purposes. 15 16For more information about this sort of issue, see `Coda Hale's blog post`_ 17about the timing attacks on KeyCzar and Java's ``MessageDigest.isEqual()``. 18 19 20.. function:: bytes_eq(a, b) 21 22 Compares ``a`` and ``b`` with one another. If ``a`` and ``b`` have 23 different lengths, this returns ``False`` immediately. Otherwise it 24 compares them in a way that takes the same amount of time, regardless of 25 how many characters are the same between the two. 26 27 .. doctest:: 28 29 >>> from cryptography.hazmat.primitives import constant_time 30 >>> constant_time.bytes_eq(b"foo", b"foo") 31 True 32 >>> constant_time.bytes_eq(b"foo", b"bar") 33 False 34 35 :param bytes a: The left-hand side. 36 :param bytes b: The right-hand side. 37 :returns bool: ``True`` if ``a`` has the same bytes as ``b``, otherwise 38 ``False``. 39 :raises TypeError: This exception is raised if ``a`` or ``b`` is not 40 ``bytes``. 41 42 43.. _`Coda Hale's blog post`: https://codahale.com/a-lesson-in-timing-attacks/ 44