zk-token-sdk: constant time equality check for elgamal and aes key derivation (#27364)
zk-token-sdk: use constant time equality check for elgamal and aes key derivation
This commit is contained in:
parent
0ea984ae20
commit
5e8b8abd84
|
@ -16,6 +16,7 @@ use {
|
|||
signer::{Signer, SignerError},
|
||||
},
|
||||
std::{convert::TryInto, fmt},
|
||||
subtle::ConstantTimeEq,
|
||||
zeroize::Zeroize,
|
||||
};
|
||||
|
||||
|
@ -71,7 +72,7 @@ impl AeKey {
|
|||
|
||||
// Some `Signer` implementations return the default signature, which is not suitable for
|
||||
// use as key material
|
||||
if signature == Signature::default() {
|
||||
if bool::from(signature.as_ref().ct_eq(Signature::default().as_ref())) {
|
||||
Err(SignerError::Custom("Rejecting default signature".into()))
|
||||
} else {
|
||||
Ok(AeKey(signature.as_ref()[..16].try_into().unwrap()))
|
||||
|
|
|
@ -166,7 +166,7 @@ impl ElGamalKeypair {
|
|||
|
||||
// Some `Signer` implementations return the default signature, which is not suitable for
|
||||
// use as key material
|
||||
if signature == Signature::default() {
|
||||
if bool::from(signature.as_ref().ct_eq(Signature::default().as_ref())) {
|
||||
return Err(SignerError::Custom("Rejecting default signature".into()));
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue