Sha256: 27f73e775b66dde9ee397c7a65e6f6a9494a57bada4e8b0daad0e635d61a6625

Contents?: true

Size: 995 Bytes

Versions: 51

Compression:

Stored size: 995 Bytes

Contents

# frozen_string_literal: true

require "digest/sha2"

module ActiveSupport
  module SecurityUtils
    # Constant time string comparison, for fixed length strings.
    #
    # The values compared should be of fixed length, such as strings
    # that have already been processed by HMAC. Raises in case of length mismatch.
    def fixed_length_secure_compare(a, b)
      raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize

      l = a.unpack "C#{a.bytesize}"

      res = 0
      b.each_byte { |byte| res |= byte ^ l.shift }
      res == 0
    end
    module_function :fixed_length_secure_compare

    # Constant time string comparison, for variable length strings.
    #
    # The values are first processed by SHA256, so that we don't leak length info
    # via timing attacks.
    def secure_compare(a, b)
      fixed_length_secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b)) && a == b
    end
    module_function :secure_compare
  end
end

Version data entries

51 entries across 51 versions & 7 rubygems

Version Path
zuora_connect_ui-0.9.2 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.9.1 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.9.0 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.8.3 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.8.2 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.8.1 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.8.0 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
spiral_form-0.1.1 vendor/bundle/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
spiral_form-0.1.0 vendor/bundle/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.7.1 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
zuora_connect_ui-0.7.0 vendor/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
ric-0.13.0 vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
ric-0.12.2 vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.3/lib/active_support/security_utils.rb
activesupport-5.2.3 lib/active_support/security_utils.rb
activesupport-5.2.3.rc1 lib/active_support/security_utils.rb
activesupport-6.0.0.beta3 lib/active_support/security_utils.rb
activesupport-5.2.2.1 lib/active_support/security_utils.rb
activesupport-6.0.0.beta2 lib/active_support/security_utils.rb
activesupport-6.0.0.beta1 lib/active_support/security_utils.rb
nullifyable-0.1.0 vendor/bundle/gems/activesupport-5.2.2/lib/active_support/security_utils.rb