libp2p/go-libp2p-core
1
0
Fork 0
mirror of https://github.com/libp2p/go-libp2p-core.git synced 2025-03-12 10:50:11 +08:00
Code Issues Projects Releases Wiki Activity

crypto: use constant time compare when decoding private keys

Browse Source 
In practice, this is impossible to exploit without being able to corrupt the
private key which would allow a much simpler guess-and-check attack. However,
it's still a bad practice to compare private key material like this.
This commit is contained in:
Steven Allen 2019-09-24 10:31:52 -07:00
parent 3b4a4b474f
commit 947196bbb7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/ed25519.go
View File

@ -132,7 +132,7 @@ func UnmarshalEd25519PrivateKey(data []byte) (PrivKey, error) {
// Remove the redundant public key. See issue #36. // Remove the redundant public key. See issue #36.
redundantPk := data[ed25519.PrivateKeySize:] redundantPk := data[ed25519.PrivateKeySize:]
pk := data[ed25519.PrivateKeySize-ed25519.PublicKeySize : ed25519.PrivateKeySize] pk := data[ed25519.PrivateKeySize-ed25519.PublicKeySize : ed25519.PrivateKeySize]
if !bytes.Equal(pk, redundantPk) { if subtle.ConstantTimeCompare(pk, redundantPk) == 0 {
return nil, errors.New("expected redundant ed25519 public key to be redundant") return nil, errors.New("expected redundant ed25519 public key to be redundant")
} }