remove non-constant-time private key comparison

963cc997 · Steven Allen · 9a4415d1 · 963cc997 · 963cc997 · 963cc997
Commit 963cc997 authored Jun 29, 2019 by Steven Allen
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 7 deletions

crypto/key.go crypto/key.go +1 -2

crypto/rsa_go.go crypto/rsa_go.go +1 -4

crypto/secp256k1.go crypto/secp256k1.go +1 -1

No files found.
--- a/crypto/key.go
+++ b/crypto/key.go
@@ -4,7 +4,6 @@
 package crypto

 import (
-	"bytes"
 	"crypto/elliptic"
 	"crypto/hmac"
 	"crypto/rand"
@@ -380,5 +379,5 @@ func basicEquals(k1, k2 Key) bool {
 	if err != nil {
 		return false
 	}
-	return bytes.Equal(a, b)
+	return subtle.ConstantTimeCompare(a, b) == 1
 }
--- a/crypto/rsa_go.go
+++ b/crypto/rsa_go.go
@@ -108,6 +108,7 @@ func (sk *RsaPrivateKey) Equals(k Key) bool {
 	a := sk.sk
 	b := other.sk

+	// Don't care about constant time. We're only comparing the public half.
 	if a.PublicKey.N.Cmp(b.PublicKey.N) != 0 {
 		return false
 	}
@@ -115,10 +116,6 @@ func (sk *RsaPrivateKey) Equals(k Key) bool {
 		return false
 	}

-	if a.D.Cmp(b.D) != 0 {
-		return false
-	}
-
 	return true
 }


--- a/crypto/secp256k1.go
+++ b/crypto/secp256k1.go
@@ -69,7 +69,7 @@ func (k *Secp256k1PrivateKey) Equals(o Key) bool {
 		return basicEquals(k, o)
 	}

-	return k.D.Cmp(sk.D) == 0
+	return k.GetPublic().Equals(sk.GetPublic())
 }

 // Sign returns a signature from input data