Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

Const time comparison #8113

Merged
merged 2 commits into from
Mar 14, 2018
Merged

Const time comparison #8113

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
292a500
Use `subtle::slices_equal` for constant time comparison.
twittner Mar 14, 2018
3a716d5
Test specifically for InvalidPassword error.
twittner Mar 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 5 additions & 6 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion ethcrypto/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ tiny-keccak = "1.3"
eth-secp256k1 = { git = "https://github.com/paritytech/rust-secp256k1" }
ethkey = { path = "../ethkey" }
ethereum-types = "0.2"
subtle = "0.1"
subtle = "0.5"
2 changes: 1 addition & 1 deletion ethcrypto/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,7 @@ pub mod ecies {
hmac.raw_result(&mut mac);

// constant time compare to avoid timing attack.
if ::subtle::arrays_equal(&mac[..], msg_mac) != 1 {
if ::subtle::slices_equal(&mac[..], msg_mac) != 1 {
return Err(Error::InvalidMessage);
}

Expand Down
4 changes: 4 additions & 0 deletions ethstore/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ ethereum-types = "0.2"
dir = { path = "../util/dir" }
smallvec = "0.4"
parity-wordlist = "1.0"
subtle = "0.5"
tempdir = "0.3"

[dev-dependencies]
matches = "0.1"

[lib]
8 changes: 4 additions & 4 deletions ethstore/src/account/crypto.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ use crypto::Keccak256;
use random::Random;
use smallvec::SmallVec;
use account::{Cipher, Kdf, Aes128Ctr, Pbkdf2, Prf};
use subtle;

/// Encrypted data
#[derive(Debug, PartialEq, Clone)]
Expand Down Expand Up @@ -136,7 +137,7 @@ impl Crypto {

let mac = crypto::derive_mac(&derived_right_bits, &self.ciphertext).keccak256();

if mac != self.mac {
if subtle::slices_equal(&mac, &self.mac) == 0 {
return Err(Error::InvalidPassword);
}

Expand All @@ -158,7 +159,7 @@ impl Crypto {
#[cfg(test)]
mod tests {
use ethkey::{Generator, Random};
use super::Crypto;
use super::{Crypto, Error};

#[test]
fn crypto_with_secret_create() {
Expand All @@ -169,11 +170,10 @@ mod tests {
}

#[test]
#[should_panic]
fn crypto_with_secret_invalid_password() {
let keypair = Random.generate().unwrap();
let crypto = Crypto::with_secret(keypair.secret(), "this is sparta", 10240);
let _ = crypto.secret("this is sparta!").unwrap();
assert_matches!(crypto.secret("this is sparta!"), Err(Error::InvalidPassword))
}

#[test]
Expand Down
5 changes: 5 additions & 0 deletions ethstore/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ extern crate rustc_hex;
extern crate serde;
extern crate serde_json;
extern crate smallvec;
extern crate subtle;
extern crate time;
extern crate tiny_keccak;
extern crate tempdir;
Expand All @@ -42,6 +43,10 @@ extern crate log;
#[macro_use]
extern crate serde_derive;

#[cfg(test)]
#[macro_use]
extern crate matches;

pub mod accounts_dir;
pub mod ethkey;

Expand Down