Unverified Commit bb30b9cc authored by procr1337's avatar procr1337 Committed by GitHub
Browse files

fix(s3s): Remove non-constant time PartialEq impl from SecretKey and replace...


fix(s3s): Remove non-constant time PartialEq impl from SecretKey and replace it with ConstantTimeEq (#319)

Co-authored-by: default avatarNiklas Baumstark <niklas@dfsec.com>
parent 7c776f19
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
@@ -2809,6 +2809,7 @@ dependencies = [
 "sha2 0.11.0-pre.5",
 "smallvec",
 "std-next",
 "subtle",
 "sync_wrapper",
 "thiserror",
 "time",
+1 −0
Original line number Diff line number Diff line
@@ -67,6 +67,7 @@ tokio = { version = "1.47.1", features = ["time"] }
crc64fast-nvme = "1.2.0"
const-str = "0.6.4"
http = "1.3.1"
subtle = "2.6.1"

[dev-dependencies]
axum = "0.8.4"
+9 −2
Original line number Diff line number Diff line
@@ -2,15 +2,16 @@ use std::fmt;

use serde::Deserialize;
use serde::Serialize;
use subtle::ConstantTimeEq;
use zeroize::Zeroize;

#[derive(Debug, Clone, PartialEq, Eq)]
#[derive(Debug, Clone)]
pub struct Credentials {
    pub access_key: String,
    pub secret_key: SecretKey,
}

#[derive(Clone, PartialEq, Eq)]
#[derive(Clone)]
pub struct SecretKey(Box<str>);

impl SecretKey {
@@ -30,6 +31,12 @@ impl Zeroize for SecretKey {
    }
}

impl ConstantTimeEq for SecretKey {
    fn ct_eq(&self, other: &Self) -> subtle::Choice {
        self.0.as_bytes().ct_eq(other.0.as_bytes())
    }
}

impl Drop for SecretKey {
    fn drop(&mut self) {
        self.zeroize();