From a8f9c92c8ae4423733f259429e5ea8e13438df38 Mon Sep 17 00:00:00 2001 From: Stevie Graham Date: Mon, 29 Dec 2014 02:08:11 +0000 Subject: [PATCH] Perform constant time string comparison when validating signatures String#== is not safe for the purposes of validating crytographic signatures because it enables timing attacks. --- lib/signature.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/signature.rb b/lib/signature.rb index df80200..57b5867 100644 --- a/lib/signature.rb +++ b/lib/signature.rb @@ -213,12 +213,18 @@ def validate_timestamp!(grace) end def validate_signature!(token) - unless @auth_hash["auth_signature"] == signature(token) + unless identical? @auth_hash["auth_signature"], signature(token) raise AuthenticationError, "Invalid signature: you should have "\ "sent HmacSHA256Hex(#{string_to_sign.inspect}, your_secret_key)"\ ", but you sent #{@auth_hash["auth_signature"].inspect}" end return true end + + # Constant time string comparison + def identical?(a, b) + return false unless a.bytesize == b.bytesize + a.bytes.zip(b.bytes).reduce(0) { |memo, (a, b)| memo += a ^ b } == 0 + end end end