Implement subtle::ConstantTimeEq on x25519 secret types

dalek-cryptography / x25519-dalek

X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.

BSD 3-Clause "New" or "Revised" License

328 stars 133 forks source link

Implement subtle::ConstantTimeEq on x25519 secret types #50

Closed cbeck88 closed 4 years ago

cbeck88 commented 4 years ago

This is already implemented on curve25519::Scalar, we just have to forward it around the newtype wrapper.

There is no way for the user to do this otherwise for some of these, since the newtype wrapper doesn't allow access to the bytes of the secret in case of ephemeral secret.

hdevalence commented 4 years ago

What is the use-case for comparing secret keys? For instance, in the case of EphemeralSecret, values of type EphemeralSecret can only be constructed from RngCore + CryptoRng, so they will never be equal.

cbeck88 commented 4 years ago

sorry, you're right, this is the result of miscommunication