From c66973c823b45ef99cd9ed3c6cc58cca9805d6d9 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 12 Aug 2023 13:49:16 +0800
Subject: [PATCH] ed: ConstantTimeEq and PartialEq for SigningKey (#557)

---
 ed25519-dalek/Cargo.toml     |  1 +
 ed25519-dalek/src/signing.rs | 15 +++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/ed25519-dalek/Cargo.toml b/ed25519-dalek/Cargo.toml
index 711f91cd9..91a6a3617 100644
--- a/ed25519-dalek/Cargo.toml
+++ b/ed25519-dalek/Cargo.toml
@@ -29,6 +29,7 @@ curve25519-dalek = { version = "4", path = "../curve25519-dalek", default-featur
 ed25519 = { version = ">=2.2, <2.3", default-features = false }
 signature = { version = ">=2.0, <2.1", optional = true, default-features = false }
 sha2 = { version = "0.10", default-features = false }
+subtle = { version = "2.3.0", default-features = false }
 
 # optional features
 merlin = { version = "3", default-features = false, optional = true }
diff --git a/ed25519-dalek/src/signing.rs b/ed25519-dalek/src/signing.rs
index 4e95ee359..d803cc38b 100644
--- a/ed25519-dalek/src/signing.rs
+++ b/ed25519-dalek/src/signing.rs
@@ -19,6 +19,7 @@ use rand_core::CryptoRngCore;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
 
 use sha2::Sha512;
+use subtle::{Choice, ConstantTimeEq};
 
 use curve25519_dalek::{
     digest::{generic_array::typenum::U64, Digest},
@@ -583,6 +584,20 @@ impl TryFrom<&[u8]> for SigningKey {
     }
 }
 
+impl ConstantTimeEq for SigningKey {
+    fn ct_eq(&self, other: &Self) -> Choice {
+        self.secret_key.ct_eq(&other.secret_key)
+    }
+}
+
+impl PartialEq for SigningKey {
+    fn eq(&self, other: &Self) -> bool {
+        self.ct_eq(other).into()
+    }
+}
+
+impl Eq for SigningKey {}
+
 #[cfg(feature = "zeroize")]
 impl Drop for SigningKey {
     fn drop(&mut self) {