Unverified Commit bb30b9cc authored by procr1337's avatar procr1337 Committed by GitHub
Browse files

fix(s3s): Remove non-constant time PartialEq impl from SecretKey and replace... 


fix(s3s): Remove non-constant time PartialEq impl from SecretKey and replace it with ConstantTimeEq (#319)

Co-authored-by: default avatarNiklas Baumstark <niklas@dfsec.com>
parent 7c776f19

Cargo.lock

+1 −0
Original line number Diff line number Diff line
@@ -2809,6 +2809,7 @@ dependencies = [ 
 "sha2 0.11.0-pre.5",

 "smallvec",

 "std-next",

 "subtle",

 "sync_wrapper",

 "thiserror",

 "time",

crates/s3s/Cargo.toml

+1 −0
Original line number Diff line number Diff line
@@ -67,6 +67,7 @@ tokio = { version = "1.47.1", features = ["time"] } 
crc64fast-nvme = "1.2.0"

const-str = "0.6.4"

http = "1.3.1"

subtle = "2.6.1"



[dev-dependencies]

axum = "0.8.4"

crates/s3s/src/auth/secret_key.rs

+9 −2
Original line number Diff line number Diff line
@@ -2,15 +2,16 @@ use std::fmt; 


use serde::Deserialize;

use serde::Serialize;

use subtle::ConstantTimeEq;

use zeroize::Zeroize;



#[derive(Debug, Clone, PartialEq, Eq)]

#[derive(Debug, Clone)]

pub struct Credentials {

    pub access_key: String,

    pub secret_key: SecretKey,

}



#[derive(Clone, PartialEq, Eq)]

#[derive(Clone)]

pub struct SecretKey(Box<str>);



impl SecretKey {
@@ -30,6 +31,12 @@ impl Zeroize for SecretKey { 
    }

}



impl ConstantTimeEq for SecretKey {

    fn ct_eq(&self, other: &Self) -> subtle::Choice {

        self.0.as_bytes().ct_eq(other.0.as_bytes())

    }

}



impl Drop for SecretKey {

    fn drop(&mut self) {

        self.zeroize();