Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
p2p
go-p2p-core
Commits
c3f7bb21
Unverified
Commit
c3f7bb21
authored
Jul 12, 2019
by
bigs
Committed by
GitHub
Jul 12, 2019
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #32 from libp2p/bug/key-equality
Replace bytes.Equal -> subtle.ConstantTimeCompare
parents
b5729d89
652a852e
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
5 additions
and
4 deletions
+5
-4
crypto/ecdsa.go
crypto/ecdsa.go
+1
-1
crypto/ed25519.go
crypto/ed25519.go
+2
-1
crypto/key.go
crypto/key.go
+2
-2
No files found.
crypto/ecdsa.go
View file @
c3f7bb21
...
...
@@ -115,7 +115,7 @@ func (ePriv *ECDSAPrivateKey) Raw() ([]byte, error) {
return
x509
.
MarshalECPrivateKey
(
ePriv
.
priv
)
}
// Equals compares to private keys
// Equals compares t
w
o private keys
func
(
ePriv
*
ECDSAPrivateKey
)
Equals
(
o
Key
)
bool
{
oPriv
,
ok
:=
o
.
(
*
ECDSAPrivateKey
)
if
!
ok
{
...
...
crypto/ed25519.go
View file @
c3f7bb21
...
...
@@ -2,6 +2,7 @@ package crypto
import
(
"bytes"
"crypto/subtle"
"errors"
"fmt"
"io"
...
...
@@ -70,7 +71,7 @@ func (k *Ed25519PrivateKey) Equals(o Key) bool {
return
false
}
return
bytes
.
Equal
(
k
.
k
,
edk
.
k
)
return
subtle
.
ConstantTimeCompare
(
k
.
k
,
edk
.
k
)
==
1
}
// GetPublic returns an ed25519 public key from a private key.
...
...
crypto/key.go
View file @
c3f7bb21
...
...
@@ -4,12 +4,12 @@
package
crypto
import
(
"bytes"
"crypto/elliptic"
"crypto/hmac"
"crypto/rand"
"crypto/sha1"
"crypto/sha512"
"crypto/subtle"
"encoding/base64"
"errors"
"fmt"
...
...
@@ -364,5 +364,5 @@ func KeyEqual(k1, k2 Key) bool {
b1
,
err1
:=
k1
.
Bytes
()
b2
,
err2
:=
k2
.
Bytes
()
return
bytes
.
Equal
(
b1
,
b2
)
&&
err1
==
err2
return
subtle
.
ConstantTimeCompare
(
b1
,
b2
)
==
1
&&
err1
==
err2
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment