Constant Time Comparison Functions in... Python, Haskell, Clojure, and Java

Here is a list of constant time comparison functions to protect yourself against side-channel timing attacks.

Clojure

; Taken from https://github.com/weavejester/crypto-equality/blob/master/src/crypto/equality.clj
 
(ns crypto.equality
  "Securely test sequences of data for equality.")
 
(defn eq?
  "Test whether two sequences of characters or bytes are equal in a way that
  protects against timing attacks. Note that this does not prevent an attacker
  from discovering the *length* of the data being compared."
  [a b]
  (let [a (map int a), b (map int b)]
    (if (and a b (= (count a) (count b)))
      (zero? (reduce bit-or (map bit-xor a b)))
      false)))

Python 2.x

#Taken from Django Source Code
 
def constant_time_compare(val1, val2):
    """
    Returns True if the two strings are equal, False otherwise.
 
    The time taken is independent of the number of characters that match.
 
    For the sake of simplicity, this function executes in constant time only
    when the two strings have the same length. It short-circuits when they
    have different lengths.
    """
    if len(val1) != len(val2):
        return False
    result = 0
    for x, y in zip(val1, val2):
        result |= ord(x) ^ ord(y)
    return result == 0

Python 3.x

#This is included within the stdlib in Py3k for an C alternative for Python 2.7.x see https://github.com/levigross/constant_time_compare/
from operator import _compare_digest as constant_time_compare
 
# Or you can use this function taken from Django Source Code
 
def constant_time_compare(val1, val2):
    """
    Returns True if the two strings are equal, False otherwise.
 
    The time taken is independent of the number of characters that match.
 
    For the sake of simplicity, this function executes in constant time only
    when the two strings have the same length. It short-circuits when they
    have different lengths.
    """
    if len(val1) != len(val2):
        return False
    result = 0
    for x, y in zip(val1, val2):
        result |= x ^ y
    return result == 0

Haskell

import Data.Bits
import Data.Char
import Data.List
import Data.Function
 
-- Thank you Yan for this snippet 
 
constantTimeCompare a b =
  ((==) `on` length) a b && 0 == (foldl1 (.|.) joined)
  where
    joined = zipWith (xor `on` ord) a b

Java

// Taken from http://codahale.com/a-lesson-in-timing-attacks/
public static boolean isEqual(byte[] a, byte[] b) {
    if (a.length != b.length) {
        return false;
    }
 
    int result = 0;
    for (int i = 0; i < a.length; i++) {
      result |= a[i] ^ b[i]
    }
    return result == 0;
}

Ruby

def secure_compare(a, b)
     return false if a.empty? || b.empty? || a.bytesize != b.bytesize
     l = a.unpack "C#{a.bytesize}"
 
     res = 0
     b.each_byte { |byte| res |= byte ^ l.shift }
     res == 0
   end

I have added all of these to a Github Gist to make it easier to clone.