Perform constant time string comparison when validating signatures

String#== is not safe for the purposes of validating crytographic signatures because it enables timing attacks.
mloughran · Dec 29, 2014 · a8f9c92 · a8f9c92
1 parent 462a81c
commit a8f9c92
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/lib/signature.rb b/lib/signature.rb
@@ -213,12 +213,18 @@ def validate_timestamp!(grace)
       end
 
       def validate_signature!(token)
-        unless @auth_hash["auth_signature"] == signature(token)
+        unless identical? @auth_hash["auth_signature"], signature(token)
           raise AuthenticationError, "Invalid signature: you should have "\
             "sent HmacSHA256Hex(#{string_to_sign.inspect}, your_secret_key)"\
             ", but you sent #{@auth_hash["auth_signature"].inspect}"
         end
         return true
       end
+
+      # Constant time string comparison
+      def identical?(a, b)
+        return false unless a.bytesize == b.bytesize
+        a.bytes.zip(b.bytes).reduce(0) { |memo, (a, b)| memo += a ^ b } == 0
+      end
   end
 end