Merge pull request #60 from libp2p/fix/constant-time-compare

crypto: improve key comparison logic

core/crypto/ecdsa.go

@@ -117,12 +117,7 @@ func (ePriv *ECDSAPrivateKey) Raw() ([]byte, error) {
 
 // Equals compares two private keys
 func (ePriv *ECDSAPrivateKey) Equals(o Key) bool {
-	oPriv, ok := o.(*ECDSAPrivateKey)
-	if !ok {
-		return basicEquals(ePriv, o)
-	}
-
-	return ePriv.priv.D.Cmp(oPriv.priv.D) == 0
+	return basicEquals(ePriv, o)
 }
 
 // Sign returns the signature of the input data
@@ -155,19 +150,13 @@ func (ePub *ECDSAPublicKey) Type() pb.KeyType {
 }
 
 // Raw returns x509 bytes from a public key
-func (ePub ECDSAPublicKey) Raw() ([]byte, error) {
+func (ePub *ECDSAPublicKey) Raw() ([]byte, error) {
 	return x509.MarshalPKIXPublicKey(ePub.pub)
 }
 
 // Equals compares to public keys
 func (ePub *ECDSAPublicKey) Equals(o Key) bool {
-	oPub, ok := o.(*ECDSAPublicKey)
-	if !ok {
-		return basicEquals(ePub, o)
-	}
-
-	return ePub.pub.X != nil && ePub.pub.Y != nil && oPub.pub.X != nil && oPub.pub.Y != nil &&
-		0 == ePub.pub.X.Cmp(oPub.pub.X) && 0 == ePub.pub.Y.Cmp(oPub.pub.Y)
+	return basicEquals(ePub, o)
 }
 
 // Verify compares data to a signature

core/crypto/ed25519.go

@@ -132,7 +132,7 @@ func UnmarshalEd25519PrivateKey(data []byte) (PrivKey, error) {
 		// Remove the redundant public key. See issue #36.
 		redundantPk := data[ed25519.PrivateKeySize:]
 		pk := data[ed25519.PrivateKeySize-ed25519.PublicKeySize : ed25519.PrivateKeySize]
-		if !bytes.Equal(pk, redundantPk) {
+		if subtle.ConstantTimeCompare(pk, redundantPk) == 0 {
 			return nil, errors.New("expected redundant ed25519 public key to be redundant")
 		}