Browse Source

Merge pull request #94 from Liamsi/const_time

Use constant-time comparator to compare signatures
pull/1782/head
Ethan Buchman 7 years ago
committed by GitHub
parent
commit
434759e17b
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
  1. +4
    -3
      signature.go

+ 4
- 3
signature.go View File

@ -1,9 +1,10 @@
package crypto
import (
"bytes"
"fmt"
"crypto/subtle"
. "github.com/tendermint/tmlibs/common"
)
@ -41,7 +42,7 @@ func (sig SignatureEd25519) String() string { return fmt.Sprintf("/%X.../", Fing
func (sig SignatureEd25519) Equals(other Signature) bool {
if otherEd, ok := other.(SignatureEd25519); ok {
return bytes.Equal(sig[:], otherEd[:])
return subtle.ConstantTimeCompare(sig[:], otherEd[:]) == 1
} else {
return false
}
@ -74,7 +75,7 @@ func (sig SignatureSecp256k1) String() string { return fmt.Sprintf("/%X.../", Fi
func (sig SignatureSecp256k1) Equals(other Signature) bool {
if otherSecp, ok := other.(SignatureSecp256k1); ok {
return bytes.Equal(sig[:], otherSecp[:])
return subtle.ConstantTimeCompare(sig[:], otherSecp[:]) == 1
} else {
return false
}


Loading…
Cancel
Save