libp2p/go-libp2p-core
1
0
Fork 0
mirror of https://github.com/libp2p/go-libp2p-core.git synced 2025-03-13 11:00:10 +08:00
Code Issues Projects Releases Wiki Activity

remove non-constant-time private key comparison

Browse Source
This commit is contained in:
Steven Allen 2019-06-29 12:08:33 +02:00
parent 9a4415d1a6
commit 963cc997b2
3 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/key.go
View File

@ -4,7 +4,6 @@
package crypto package crypto
import ( import (
"bytes"
"crypto/elliptic" "crypto/elliptic"
"crypto/hmac" "crypto/hmac"
"crypto/rand" "crypto/rand"
@ -380,5 +379,5 @@ func basicEquals(k1, k2 Key) bool {
if err != nil { if err != nil {
return false return false
} }
return bytes.Equal(a, b) return subtle.ConstantTimeCompare(a, b) == 1
} }

5
crypto/rsa_go.go
View File

@ -108,6 +108,7 @@ func (sk *RsaPrivateKey) Equals(k Key) bool {
a := sk.sk a := sk.sk
b := other.sk b := other.sk
// Don't care about constant time. We're only comparing the public half.
if a.PublicKey.N.Cmp(b.PublicKey.N) != 0 { if a.PublicKey.N.Cmp(b.PublicKey.N) != 0 {
return false return false
} }
@ -115,10 +116,6 @@ func (sk *RsaPrivateKey) Equals(k Key) bool {
return false return false
} }
if a.D.Cmp(b.D) != 0 {
return false
}
return true return true
} }

2
crypto/secp256k1.go
View File

@ -69,7 +69,7 @@ func (k *Secp256k1PrivateKey) Equals(o Key) bool {
return basicEquals(k, o) return basicEquals(k, o)
} }
return k.D.Cmp(sk.D) == 0 return k.GetPublic().Equals(sk.GetPublic())
} }
// Sign returns a signature from input data // Sign returns a signature from input data