crypto: use basicEquals for ECDSA

The check was incomplete as it didn't test the curve. This switches us to use basicEquals (which is also constant-time). Note: This key type isn't used by anyone in-practice (to the best of my knowledge).

crypto: use basicEquals for ECDSA
The check was incomplete as it didn't test the curve. This switches us to use basicEquals (which is also constant-time). Note: This key type isn't used by anyone in-practice (to the best of my knowledge).
c3facda1 · Steven Allen · d68e6537 · c3facda1
Commit c3facda1 authored Sep 24, 2019 by Steven Allen
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 13 deletions

crypto/ecdsa.go crypto/ecdsa.go +2 -13

No files found.
--- a/crypto/ecdsa.go
+++ b/crypto/ecdsa.go
@@ -117,12 +117,7 @@ func (ePriv *ECDSAPrivateKey) Raw() ([]byte, error) {

 // Equals compares two private keys
 func (ePriv *ECDSAPrivateKey) Equals(o Key) bool {
-	oPriv, ok := o.(*ECDSAPrivateKey)
-	if !ok {
-		return basicEquals(ePriv, o)
-	}
-
-	return ePriv.priv.D.Cmp(oPriv.priv.D) == 0
+	return basicEquals(ePriv, o)
 }

 // Sign returns the signature of the input data
@@ -161,13 +156,7 @@ func (ePub *ECDSAPublicKey) Raw() ([]byte, error) {

 // Equals compares to public keys
 func (ePub *ECDSAPublicKey) Equals(o Key) bool {
-	oPub, ok := o.(*ECDSAPublicKey)
-	if !ok {
-		return basicEquals(ePub, o)
-	}
-
-	return ePub.pub.X != nil && ePub.pub.Y != nil && oPub.pub.X != nil && oPub.pub.Y != nil &&
-		0 == ePub.pub.X.Cmp(oPub.pub.X) && 0 == ePub.pub.Y.Cmp(oPub.pub.Y)
+	return basicEquals(ePub, o)
 }

 // Verify compares data to a signature