aljaz/breez-lnd
1
0
Fork 0
mirror of https://github.com/aljazceru/breez-lnd.git synced 2026-02-23 07:24:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

lndc: use constant time comparison to verify DH proof

Browse Source
This commit is contained in:
Olaoluwa Osuntokun
2016-04-24 12:37:27 -07:00
parent ea49b15e70
commit fc06c7bffb
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lndc/conn.go
View File

@@ -3,6 +3,7 @@ package lndc
import (
"bytes"
"crypto/cipher"
"crypto/hmac"
"encoding/binary"
"fmt"
"net"
@@ -181,7 +182,7 @@ func (c *LNDConn) authPubKey(
// Verify that their proof matches our locally computed version.
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
if bytes.Equal(resp, theirDHproof) == false {
if !hmac.Equal(resp, theirDHproof) {
return fmt.Errorf("invalid DH proof %x", theirDHproof)
}
@@ -232,7 +233,7 @@ func (c *LNDConn) authPKH(
theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
// Verify that their DH proof matches the one we just generated.
if bytes.Equal(resp[33:], theirDHproof) == false {
if !hmac.Equal(resp[33:], theirDHproof) {
return fmt.Errorf("Invalid DH proof %x", theirDHproof)
}