feat: use constant-time equality checking for DHKE (#232)

This PR ensures that `DiffieHellmanSharedSecret` equality testing is done in constant time. Previously, this equality testing was offloaded to the underlying `PublicKey` type. While this type supports the `ConstantTimeEq` trait, it is not guaranteed that equality testing will use this in all implementations.
tari-project · Jul 15, 2024 · 2a1715a · 2a1715a
1 parent bdf1d83
commit 2a1715a
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/dhke.rs b/src/dhke.rs
@@ -18,7 +18,7 @@ use zeroize::{Zeroize, ZeroizeOnDrop};
 use crate::keys::PublicKey;
 
 /// The result of a Diffie-Hellman key exchange
-#[derive(PartialEq, Eq, Zeroize, ZeroizeOnDrop)]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct DiffieHellmanSharedSecret<P>(P)
 where P: PublicKey;
 
@@ -52,6 +52,16 @@ where P: PublicKey
  }
 }
 
+impl<P> Eq for DiffieHellmanSharedSecret<P> where P: PublicKey {}
+
+impl<P> PartialEq for DiffieHellmanSharedSecret<P>
+where P: PublicKey
+{
+ fn eq(&self, other: &Self) -> bool {
+ self.0.ct_eq(&other.0).into()
+ }
+}
+
 #[cfg(test)]
 mod test {
  use rand_core::OsRng;