webnet
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tka: use constant-time comparison of disablement secret (#19064)

Browse Source 
The actual secret is passed through argon2 first, so a timing attack is
not feasible remotely, and pretty unlikely locally. Still, clean this
up.

Fixes #19063

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
main
Andrew Lytvynov 4 weeks ago committed by GitHub
parent ffa7df2789
commit 34477cf3e7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      tka/state.go

3
tka/state.go
Unescape View File

@ -7,6 +7,7 @@ package tka
import (
"bytes"
"crypto/subtle"
"errors"
"fmt"
@ -127,7 +128,7 @@ func DisablementKDF(secret []byte) []byte {
func (s State) checkDisablement(secret []byte) bool {
derived := DisablementKDF(secret)
for _, candidate := range s.DisablementSecrets {
if bytes.Equal(derived, candidate) {
if subtle.ConstantTimeCompare(derived, candidate) == 1 {
return true
}
}

Write Preview
Loading…
Cancel
Save