mirrors/tendermint
1
0
Fork 0
mirror of https://github.com/tendermint/tendermint.git synced 2026-06-06 06:13:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

make PrivateKey + Signature comparisons use constant time comparisons

Browse Source 
Fixes https://github.com/tendermint/go-crypto/issues/43

Avoid susceptibility to timing/side channel attacks by ensuring
that private key and signature comparisons use
`subtle.ConstantTimeCompare`
instead of
`bytes.Equal`
This commit is contained in:
Emmanuel Odeke
2017-10-25 19:56:08 -07:00
parent 0418d32276
commit 3df2ca128d
2 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
priv_key.go
View File

@@ -1,7 +1,7 @@
package crypto
import (
"bytes"
"crypto/subtle"
secp256k1 "github.com/btcsuite/btcd/btcec"
"github.com/tendermint/ed25519"
@@ -57,7 +57,11 @@ func (privKey PrivKeyEd25519) PubKey() PubKey {
func (privKey PrivKeyEd25519) Equals(other PrivKey) bool {
if otherEd, ok := other.Unwrap().(PrivKeyEd25519); ok {
return bytes.Equal(privKey[:], otherEd[:])
// It is essential that we constant time compare
// private keys and signatures instead of bytes.Equal,
// to avoid susceptibility to timing/side channel attacks.
// See Issue https://github.com/tendermint/go-crypto/issues/43
return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 0
} else {
return false
}
@@ -144,7 +148,11 @@ func (privKey PrivKeySecp256k1) PubKey() PubKey {
func (privKey PrivKeySecp256k1) Equals(other PrivKey) bool {
if otherSecp, ok := other.Unwrap().(PrivKeySecp256k1); ok {
return bytes.Equal(privKey[:], otherSecp[:])
// It is essential that we constant time compare
// private keys and signatures instead of bytes.Equal,
// to avoid susceptibility to timing/side channel attacks.
// See Issue https://github.com/tendermint/go-crypto/issues/43
return subtle.ConstantTimeCompare(privKey[:], otherSecp[:]) == 0
} else {
return false
}

14
signature.go
View File

@@ -1,7 +1,7 @@
package crypto
import (
"bytes"
"crypto/subtle"
"fmt"
"github.com/tendermint/go-wire"
@@ -46,7 +46,11 @@ func (sig SignatureEd25519) String() string { return fmt.Sprintf("/%X.../", Fing
func (sig SignatureEd25519) Equals(other Signature) bool {
if otherEd, ok := other.Unwrap().(SignatureEd25519); ok {
return bytes.Equal(sig[:], otherEd[:])
// It is essential that we constant time compare
// private keys and signatures instead of bytes.Equal,
// to avoid susceptibility to timing/side channel attacks.
// See Issue https://github.com/tendermint/go-crypto/issues/43
return subtle.ConstantTimeCompare(sig[:], otherEd[:]) == 0
} else {
return false
}
@@ -82,7 +86,11 @@ func (sig SignatureSecp256k1) String() string { return fmt.Sprintf("/%X.../", Fi
func (sig SignatureSecp256k1) Equals(other Signature) bool {
if otherEd, ok := other.Unwrap().(SignatureSecp256k1); ok {
return bytes.Equal(sig[:], otherEd[:])
// It is essential that we constant time compare
// private keys and signatures instead of bytes.Equal,
// to avoid susceptibility to timing/side channel attacks.
// See Issue https://github.com/tendermint/go-crypto/issues/43
return subtle.ConstantTimeCompare(sig[:], otherEd[:]) == 0
} else {
return false
}