Commit a34916f7 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: use subtle.ConstantTimeCompare instead of hmac.Equal to constant-time compare byte slices

The compared byte slices are not HMACs.
parent 61b8a2aa
package keysharecore
import (
"crypto/hmac"
"crypto/rand"
"crypto/subtle"
"encoding/base64"
"encoding/binary"
"time"
......@@ -149,7 +149,7 @@ func (c *Core) verifyAccess(ep EncryptedKeysharePacket, jwtToken string) (unencr
}
refId := p.id()
if !hmac.Equal(refId[:], tokenID) {
if subtle.ConstantTimeCompare(refId[:], tokenID) != 1 {
return unencryptedKeysharePacket{}, ErrInvalidJWT
}
......
......@@ -3,8 +3,8 @@ package keysharecore
import (
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
"crypto/subtle"
"encoding/binary"
"github.com/privacybydesign/gabi/big"
......@@ -129,9 +129,8 @@ func (c *Core) decryptPacketIfPinOK(ep EncryptedKeysharePacket, pin string) (une
return unencryptedKeysharePacket{}, err
}
// Check pins in constant time
refPin := p.pin()
if !hmac.Equal(refPin[:], paddedPin[:]) {
if subtle.ConstantTimeCompare(refPin[:], paddedPin[:]) != 1 {
return unencryptedKeysharePacket{}, ErrInvalidPin
}
return p, nil
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment