remove non-constant-time private key comparison

2025-03-13 11:00:10 +08:00 · 2019-06-29 12:08:33 +02:00 · 2019-06-29 12:08:33 +02:00 · 963cc997b2
commit 963cc997b2
parent 9a4415d1a6
3 changed files with 3 additions and 7 deletions
--- a/crypto/key.go
+++ b/crypto/key.go
@ -4,7 +4,6 @@
 package crypto

 import (
-	"bytes"
 	"crypto/elliptic"
 	"crypto/hmac"
 	"crypto/rand"
@ -380,5 +379,5 @@ func basicEquals(k1, k2 Key) bool {
 	if err != nil {
 		return false
 	}
-	return bytes.Equal(a, b)
+	return subtle.ConstantTimeCompare(a, b) == 1
 }
--- a/crypto/rsa_go.go
+++ b/crypto/rsa_go.go
@ -108,6 +108,7 @@ func (sk *RsaPrivateKey) Equals(k Key) bool {
 	a := sk.sk
 	b := other.sk

+	// Don't care about constant time. We're only comparing the public half.
 	if a.PublicKey.N.Cmp(b.PublicKey.N) != 0 {
 		return false
 	}
@ -115,10 +116,6 @@ func (sk *RsaPrivateKey) Equals(k Key) bool {
 		return false
 	}

-	if a.D.Cmp(b.D) != 0 {
-		return false
-	}
-
 	return true
 }

--- a/crypto/secp256k1.go
+++ b/crypto/secp256k1.go
@ -69,7 +69,7 @@ func (k *Secp256k1PrivateKey) Equals(o Key) bool {
 		return basicEquals(k, o)
 	}

-	return k.D.Cmp(sk.D) == 0
+	return k.GetPublic().Equals(sk.GetPublic())
 }

 // Sign returns a signature from input data