constant-time mac comparison

paritytech · gavofyork · Mar 16, 2018 · Mar 13, 2018 · Mar 14, 2018 · Mar 14, 2018
commit 81e9b23e9a29021a6d083b587be3c593269589f7
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/polkadot/keystore/Cargo.toml b/polkadot/keystore/Cargo.toml
@@ -12,6 +12,7 @@ rand = "0.4"
 serde_json = "1.0"
 serde = "1.0"
 serde_derive = "1.0"
+subtle = "0.5"
 
 [dev-dependencies]
 tempdir = "0.3"
diff --git a/polkadot/keystore/src/lib.rs b/polkadot/keystore/src/lib.rs
@@ -17,6 +17,7 @@
 //! Keystore (and session key management) for polkadot.
 
 extern crate ethcrypto as crypto;
+extern crate subtle;
 extern crate ed25519;
 extern crate rand;
 extern crate serde_json;
@@ -109,7 +110,7 @@ impl EncryptedKey {
 
 		let mac = crypto::derive_mac(&derived_right_bits, &self.ciphertext).keccak256();
 
-		if mac != self.mac {
+		if subtle::slices_equal(&mac[..], &self.mac[..]) != 1 {
 			return Err(ErrorKind::InvalidPassword.into());
 		}