zk-token-sdk: constant time equality check for elgamal and aes key derivation (#27364)
zk-token-sdk: use constant time equality check for elgamal and aes key derivation
This commit is contained in:
parent
0ea984ae20
commit
5e8b8abd84
|
@ -16,6 +16,7 @@ use {
|
||||||
signer::{Signer, SignerError},
|
signer::{Signer, SignerError},
|
||||||
},
|
},
|
||||||
std::{convert::TryInto, fmt},
|
std::{convert::TryInto, fmt},
|
||||||
|
subtle::ConstantTimeEq,
|
||||||
zeroize::Zeroize,
|
zeroize::Zeroize,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -71,7 +72,7 @@ impl AeKey {
|
||||||
|
|
||||||
// Some `Signer` implementations return the default signature, which is not suitable for
|
// Some `Signer` implementations return the default signature, which is not suitable for
|
||||||
// use as key material
|
// use as key material
|
||||||
if signature == Signature::default() {
|
if bool::from(signature.as_ref().ct_eq(Signature::default().as_ref())) {
|
||||||
Err(SignerError::Custom("Rejecting default signature".into()))
|
Err(SignerError::Custom("Rejecting default signature".into()))
|
||||||
} else {
|
} else {
|
||||||
Ok(AeKey(signature.as_ref()[..16].try_into().unwrap()))
|
Ok(AeKey(signature.as_ref()[..16].try_into().unwrap()))
|
||||||
|
|
|
@ -166,7 +166,7 @@ impl ElGamalKeypair {
|
||||||
|
|
||||||
// Some `Signer` implementations return the default signature, which is not suitable for
|
// Some `Signer` implementations return the default signature, which is not suitable for
|
||||||
// use as key material
|
// use as key material
|
||||||
if signature == Signature::default() {
|
if bool::from(signature.as_ref().ct_eq(Signature::default().as_ref())) {
|
||||||
return Err(SignerError::Custom("Rejecting default signature".into()));
|
return Err(SignerError::Custom("Rejecting default signature".into()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue