Merge pull request #31 from eordano/timing

Use constant time comparison
bitpay · Apr 1, 2015 · b905f36 · b905f36
2 parents d674639 + d4e29a3
commit b905f36
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/lib/ecies.js b/lib/ecies.js
@@ -97,7 +97,14 @@ ECIES.prototype.decrypt = function(encbuf) {
   var d = encbuf.slice(encbuf.length - 32, encbuf.length);
 
   var d2 = Hash.sha256hmac(c, this.kM);
-  if (d.toString('hex') !== d2.toString('hex')) throw new Error('Invalid checksum');
+
+  var equal = true;
+  for (var i = 0; i < d.length; i++) {
+    equal &= (d[i] === d2[i]);
+  }
+  if (!equal) {
+    throw new Error('Invalid checksum');
+  }
   var messagebuf = AESCBC.decryptCipherkey(c, this.kE);
 
   return messagebuf;

diff --git a/package.json b/package.json
@@ -40,6 +40,6 @@
   },
   "dependencies": {
     "aes": "^0.1.0",
-    "bitcore": "^0.11.4"
+    "bitcore": "^0.11.6"
   }
 }
diff --git a/test/ecies.js b/test/ecies.js
@@ -89,5 +89,13 @@ describe('ECIES', function() {
     should.exist(bitcore.errors.ECIES);
   });
 
+  it('correctly fails if trying to decrypt a bad message', function() {
+    var encrypted = bitcore.util.buffer.copy(encBuf);
+    encrypted[encrypted.length - 1] = 2;
+    (function() { 
+      return bob.decrypt(encrypted);
+    }).should.throw('Invalid checksum');
+  });
+
 
 });