fix: Use constant-time comparison for HMAC verification (#522) (#523)

shunkica · web-flow · commit b673581ba070 · 2025-11-15T19:28:11.000-05:00
Replace non-constant-time === operator with crypto.timingSafeEqual() to prevent timing side-channel attacks on HMAC signature verification. Fixes #522
diff --git a/src/signature-algorithms.ts b/src/signature-algorithms.ts
@@ -143,7 +143,17 @@ export class HmacSha1 implements SignatureAlgorithm {
       verifier.update(material);
       const res = verifier.digest("base64");
 
-      return res === signatureValue;
+      // Use constant-time comparison to prevent timing attacks (CWE-208)
+      // See: https://github.com/node-saml/xml-crypto/issues/522
+      try {
+        return crypto.timingSafeEqual(
+          Buffer.from(res, "base64"),
+          Buffer.from(signatureValue, "base64"),
+        );
+      } catch (e) {
+        // timingSafeEqual throws if buffer lengths don't match
+        return false;
+      }
     },
   );
 
