Use constant-time compare for HMAC verification.

ahknight · ahknight · commit c340c80fb4eb · 2015-02-11T09:54:43.000-06:00
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,6 +1,16 @@
 httpsig Changes
 ---------------
 
+1.1.2 (2015-Feb-11)
+-------------------
+
+* HMAC verification is now constant-time.
+
+1.1.1 (2015-Feb-11)
+-------------------
+
+* (pulled)
+
 1.1.0 (2014-Jul-24)
 -------------------
 
diff --git a/httpsig/utils.py b/httpsig/utils.py
@@ -23,6 +23,28 @@
 class HttpSigException(Exception):
     pass
 
+"""
+Constant-time string compare.
+http://codahale.com/a-lesson-in-timing-attacks/
+"""
+def ct_bytes_compare(a, b):
+    if not isinstance(a, six.binary_type):
+        a = a.decode('utf8')
+    if not isinstance(b, six.binary_type):
+        b = b.decode('utf8')
+
+    if len(a) != len(b):
+        return False
+
+    result = 0
+    for x, y in zip(a, b):
+        if six.PY2:
+            result |= ord(x) ^ ord(y)
+        else:
+            result |= x ^ y
+            
+    return (result == 0)
+
 def generate_message(required_headers, headers, host=None, method=None, path=None):
     headers = CaseInsensitiveDict(headers)
     
diff --git a/httpsig/verify.py b/httpsig/verify.py
@@ -36,7 +36,7 @@ def _verify(self, data, signature):
         elif self.sign_algorithm == 'hmac':
             h = self._sign_hmac(data)
             s = b64decode(signature)
-            return (h == s)
+            return ct_bytes_compare(h, s)
         
         else:
             raise HttpSigException("Unsupported algorithm.")
