This commit is contained in:
Javid Khan 2026-07-18 00:50:13 +05:30 committed by GitHub
commit 399e31ce86
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -17,12 +17,12 @@
package scwallet package scwallet
import ( import (
"bytes"
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"crypto/rand" "crypto/rand"
"crypto/sha256" "crypto/sha256"
"crypto/sha512" "crypto/sha512"
"crypto/subtle"
"errors" "errors"
"fmt" "fmt"
@ -101,7 +101,7 @@ func (s *SecureChannelSession) Pair(pairingPassword []byte) error {
cardCryptogram := response.Data[:32] cardCryptogram := response.Data[:32]
cardChallenge := response.Data[32:64] cardChallenge := response.Data[32:64]
if !bytes.Equal(expectedCryptogram, cardCryptogram) { if subtle.ConstantTimeCompare(expectedCryptogram, cardCryptogram) != 1 {
return fmt.Errorf("invalid card cryptogram %v != %v", expectedCryptogram, cardCryptogram) return fmt.Errorf("invalid card cryptogram %v != %v", expectedCryptogram, cardCryptogram)
} }
@ -253,7 +253,7 @@ func (s *SecureChannelSession) transmitEncrypted(cla, ins, p1, p2 byte, data []b
if err = s.updateIV(rmeta[:], rdata); err != nil { if err = s.updateIV(rmeta[:], rdata); err != nil {
return nil, err return nil, err
} }
if !bytes.Equal(s.iv, rmac) { if subtle.ConstantTimeCompare(s.iv, rmac) != 1 {
return nil, errors.New("invalid MAC in response") return nil, errors.New("invalid MAC in response")
} }