lndc: use constant time comparison to verify DH proof
This commit is contained in:
parent
ea49b15e70
commit
fc06c7bffb
@ -3,6 +3,7 @@ package lndc
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/cipher"
|
||||
"crypto/hmac"
|
||||
"encoding/binary"
|
||||
"fmt"
|
||||
"net"
|
||||
@ -181,7 +182,7 @@ func (c *LNDConn) authPubKey(
|
||||
|
||||
// Verify that their proof matches our locally computed version.
|
||||
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
|
||||
if bytes.Equal(resp, theirDHproof) == false {
|
||||
if !hmac.Equal(resp, theirDHproof) {
|
||||
return fmt.Errorf("invalid DH proof %x", theirDHproof)
|
||||
}
|
||||
|
||||
@ -232,7 +233,7 @@ func (c *LNDConn) authPKH(
|
||||
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
|
||||
|
||||
// Verify that their DH proof matches the one we just generated.
|
||||
if bytes.Equal(resp[33:], theirDHproof) == false {
|
||||
if !hmac.Equal(resp[33:], theirDHproof) {
|
||||
return fmt.Errorf("Invalid DH proof %x", theirDHproof)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user