Compare HMACs in constant time to mitigate timing attack

leonklingele · leonklingele · commit ed044a3d8b09 · 2016-07-06T09:37:52.000+02:00
diff --git a/go/channelling/server/users.go b/go/channelling/server/users.go
@@ -26,6 +26,7 @@ import (
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/sha256"
+	"crypto/subtle"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -95,7 +96,7 @@ func (uh *UsersSharedsecretHandler) Validate(snr *SessionNonceRequest, request *
 	}
 
 	secret := uh.createHMAC(snr.UseridCombo)
-	if snr.Secret != secret {
+	if subtle.ConstantTimeCompare([]byte(snr.Secret), []byte(secret)) != 1 {
 		return "", errors.New("invalid secret")
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ import (`
`26`	`26`	`"crypto/hmac"`
`27`	`27`	`"crypto/rand"`
`28`	`28`	`"crypto/sha256"`
	`29`	`+ "crypto/subtle"`
`29`	`30`	`"crypto/tls"`
`30`	`31`	`"crypto/x509"`
`31`	`32`	`"crypto/x509/pkix"`
`@@ -95,7 +96,7 @@ func (uh UsersSharedsecretHandler) Validate(snr SessionNonceRequest, request *`
`95`	`96`	`}`
`96`	`97`
`97`	`98`	`secret := uh.createHMAC(snr.UseridCombo)`
`98`		`- if snr.Secret != secret {`
	`99`	`+ if subtle.ConstantTimeCompare([]byte(snr.Secret), []byte(secret)) != 1 {`
`99`	`100`	`return "", errors.New("invalid secret")`
`100`	`101`	`}`
`101`	`102`