Home Explore Help
Register Sign In
RNCryptor
/
RNCryptor-go
mirror of https://github.com/RNCryptor/RNCryptor-go.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

use hmac.Equal for consistent-time equality

Steven Schobert 9 years ago
parent
4aee23c8cd
commit
66fada01c8
2 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 0 2
      README.md
  2. 3 1
      rncryptor.go

+ 0 - 2
README.md
View File 

@@ -89,8 +89,6 @@ If you'd like to help with any of the items below, send a pull-request!
 
 - Only supports [version
 
   3](https://github.com/RNCryptor/RNCryptor-Spec/blob/0625abe597e67af4a9a40f460a10bc069b7caf48/RNCryptor-Spec-v3.md)
 
   of the RNCryptor spec.
 
-- Lacks [consistent-time equality
 
-  checking](https://github.com/RNCryptor/RNCryptor-Spec/blob/0625abe597e67af4a9a40f460a10bc069b7caf48/RNCryptor-Spec-v3.md#consistent-time-equality-checking).
 
 - Only provides functions for password-based encryption, lacks function for [key-based
 
   encryption](https://github.com/RNCryptor/RNCryptor-Spec/blob/0625abe597e67af4a9a40f460a10bc069b7caf48/RNCryptor-Spec-v3.md#key-based-encryption-abstract-language).

+ 3 - 1
rncryptor.go
View File 

@@ -34,7 +34,9 @@ func Decrypt(password string, data []byte) ([]byte, error) {
 
   testHmac.Write(msg)
 
   testHmacVal := testHmac.Sum(nil)
 
 
-  verified := bytes.Equal(testHmacVal, expectedHmac)
 
+  // its important to use hmac.Equal to not leak time
 
+  // information. See https://github.com/RNCryptor/RNCryptor-Spec
 
+  verified := hmac.Equal(testHmacVal, expectedHmac)
 
 
   if !verified {
 
     return nil, errors.New("Password may be incorrect, or the data has been corrupted. (HMAC could not be verified)")