fluencelabs/tendermint
1
0
Fork 0
mirror of https://github.com/fluencelabs/tendermint synced 2025-04-25 14:52:17 +00:00
Code Issues Projects Releases Wiki Activity

Use constant-time comparator (sublte.ConstantTimeCompare) to compare

Browse Source 
signatures

prevents potential signature forgery

resolves #91
This commit is contained in:
Liamsi 2018-05-09 11:48:46 +01:00
parent 915416979b
commit 94ce56d243
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
signature.go
View File

@ -1,9 +1,10 @@
package crypto package crypto
import ( import (
"bytes"
"fmt" "fmt"
"crypto/subtle"
. "github.com/tendermint/tmlibs/common" . "github.com/tendermint/tmlibs/common"
) )
@ -41,7 +42,7 @@ func (sig SignatureEd25519) String() string { return fmt.Sprintf("/%X.../", Fing
func (sig SignatureEd25519) Equals(other Signature) bool { func (sig SignatureEd25519) Equals(other Signature) bool {
if otherEd, ok := other.(SignatureEd25519); ok { if otherEd, ok := other.(SignatureEd25519); ok {
return bytes.Equal(sig[:], otherEd[:]) return subtle.ConstantTimeCompare(sig[:], otherEd[:]) == 1
} else { } else {
return false return false
} }
@ -74,7 +75,7 @@ func (sig SignatureSecp256k1) String() string { return fmt.Sprintf("/%X.../", Fi
func (sig SignatureSecp256k1) Equals(other Signature) bool { func (sig SignatureSecp256k1) Equals(other Signature) bool {
if otherSecp, ok := other.(SignatureSecp256k1); ok { if otherSecp, ok := other.(SignatureSecp256k1); ok {
return bytes.Equal(sig[:], otherSecp[:]) return subtle.ConstantTimeCompare(sig[:], otherSecp[:]) == 1
} else { } else {
return false return false
} }