Use short-circuiting comparisons for public keys

libp2p · Jul 12, 2019 · 652a852 · 652a852
1 parent 2726b64
commit 652a852
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/crypto/ed25519.go b/crypto/ed25519.go
@@ -1,6 +1,7 @@
 package crypto
 
 import (
+	"bytes"
 	"crypto/subtle"
 	"errors"
 	"fmt"
@@ -105,7 +106,7 @@ func (k *Ed25519PublicKey) Equals(o Key) bool {
 		return false
 	}
 
-	return subtle.ConstantTimeCompare(k.k, edk.k) == 1
+	return bytes.Equal(k.k, edk.k)
 }
 
 // Verify checks a signature agains the input data.
@@ -131,7 +132,7 @@ func UnmarshalEd25519PrivateKey(data []byte) (PrivKey, error) {
 		// Remove the redundant public key. See issue #36.
 		redundantPk := data[ed25519.PrivateKeySize:]
 		pk := data[ed25519.PrivateKeySize-ed25519.PublicKeySize : ed25519.PrivateKeySize]
-		if subtle.ConstantTimeCompare(pk, redundantPk) != 1 {
+		if !bytes.Equal(pk, redundantPk) {
 			return nil, errors.New("expected redundant ed25519 public key to be redundant")
 		}