lndc: use constant time comparison to verify DH proof
This commit is contained in:
parent
ea49b15e70
commit
fc06c7bffb
@ -3,6 +3,7 @@ package lndc
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
|
"crypto/hmac"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
@ -181,7 +182,7 @@ func (c *LNDConn) authPubKey(
|
|||||||
|
|
||||||
// Verify that their proof matches our locally computed version.
|
// Verify that their proof matches our locally computed version.
|
||||||
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
|
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
|
||||||
if bytes.Equal(resp, theirDHproof) == false {
|
if !hmac.Equal(resp, theirDHproof) {
|
||||||
return fmt.Errorf("invalid DH proof %x", theirDHproof)
|
return fmt.Errorf("invalid DH proof %x", theirDHproof)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -232,7 +233,7 @@ func (c *LNDConn) authPKH(
|
|||||||
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
|
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
|
||||||
|
|
||||||
// Verify that their DH proof matches the one we just generated.
|
// Verify that their DH proof matches the one we just generated.
|
||||||
if bytes.Equal(resp[33:], theirDHproof) == false {
|
if !hmac.Equal(resp[33:], theirDHproof) {
|
||||||
return fmt.Errorf("Invalid DH proof %x", theirDHproof)
|
return fmt.Errorf("Invalid DH proof %x", theirDHproof)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user