libp2p/go-libp2p-core
1
0
Fork 0
mirror of https://github.com/libp2p/go-libp2p-core.git synced 2025-03-25 12:50:08 +08:00
Code Issues Projects Releases Wiki Activity

crypto: use basicEquals for ECDSA

Browse Source 
The check was incomplete as it didn't test the curve. This switches us to use
basicEquals (which is also constant-time).

Note: This key type isn't used by anyone in-practice (to the best of my
knowledge).
This commit is contained in:
Steven Allen 2019-09-24 10:34:39 -07:00
parent d68e65376d
commit c3facda1a2
1 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/ecdsa.go
View File

@ -117,12 +117,7 @@ func (ePriv *ECDSAPrivateKey) Raw() ([]byte, error) {
// Equals compares two private keys
func (ePriv *ECDSAPrivateKey) Equals(o Key) bool {
oPriv, ok := o.(*ECDSAPrivateKey)
if !ok {
return basicEquals(ePriv, o)
}
return ePriv.priv.D.Cmp(oPriv.priv.D) == 0
return basicEquals(ePriv, o)
}
// Sign returns the signature of the input data
@ -161,13 +156,7 @@ func (ePub *ECDSAPublicKey) Raw() ([]byte, error) {
// Equals compares to public keys
func (ePub *ECDSAPublicKey) Equals(o Key) bool {
oPub, ok := o.(*ECDSAPublicKey)
if !ok {
return basicEquals(ePub, o)
}
return ePub.pub.X != nil && ePub.pub.Y != nil && oPub.pub.X != nil && oPub.pub.Y != nil &&
0 == ePub.pub.X.Cmp(oPub.pub.X) && 0 == ePub.pub.Y.Cmp(oPub.pub.Y)
return basicEquals(ePub, o)
}
// Verify compares data to a signature