diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-16 21:50:17 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-16 21:50:36 -0700 |
| commit | 3ab1adf5a949a5799f6a7fee377ae3c7e77ec69a (patch) | |
| tree | e0771250bc5403a7b5044a02e4a5c1e44b58f737 | |
| parent | 26b8a080f64ecf83b505510baa3b2d270c66c437 (diff) | |
| download | DotNetOpenAuth-3ab1adf5a949a5799f6a7fee377ae3c7e77ec69a.zip DotNetOpenAuth-3ab1adf5a949a5799f6a7fee377ae3c7e77ec69a.tar.gz DotNetOpenAuth-3ab1adf5a949a5799f6a7fee377ae3c7e77ec69a.tar.bz2 | |
Applied timing fix to OAuth 2.0 code that checks symmetric secret-based signatures.
| -rw-r--r-- | src/DotNetOpenAuth/Messaging/MessagingUtilities.cs | 26 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OAuth2/ChannelElements/UriStyleMessageFormatter.cs | 2 |
2 files changed, 27 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs index 60fbdd8..ffbacda 100644 --- a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs @@ -840,6 +840,32 @@ namespace DotNetOpenAuth.Messaging { } /// <summary> + /// Tests whether two arrays are equal in contents and ordering, + /// guaranteeing roughly equivalent execution time regardless of where a signature mismatch may exist. + /// </summary> + /// <typeparam name="T">The type of elements in the arrays.</typeparam> + /// <param name="first">The first array in the comparison. May not be null.</param> + /// <param name="second">The second array in the comparison. May not be null.</param> + /// <returns>True if the arrays equal; false otherwise.</returns> + /// <remarks> + /// Guaranteeing equal execution time is useful in mitigating against timing attacks on a signature + /// or other secret. + /// </remarks> + internal static bool AreEquivalentConstantTime(byte[] first, byte[] second) { + Contract.Requires<ArgumentNullException>(first != null); + Contract.Requires<ArgumentNullException>(second != null); + if (first.Length != second.Length) { + return false; + } + + int result = 0; + for (int i = 0; i < first.Length; i++) { + result |= first[i] ^ second[i]; + } + return result == 0; + } + + /// <summary> /// Tests two sequences for same contents and ordering. /// </summary> /// <typeparam name="T">The type of elements in the arrays.</typeparam> diff --git a/src/DotNetOpenAuth/OAuth2/ChannelElements/UriStyleMessageFormatter.cs b/src/DotNetOpenAuth/OAuth2/ChannelElements/UriStyleMessageFormatter.cs index 690082a..cf1b522 100644 --- a/src/DotNetOpenAuth/OAuth2/ChannelElements/UriStyleMessageFormatter.cs +++ b/src/DotNetOpenAuth/OAuth2/ChannelElements/UriStyleMessageFormatter.cs @@ -232,7 +232,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { byte[] bytesToSign = this.GetBytesToSign(message); return this.asymmetricSigning.VerifyData(bytesToSign, this.hasherForAsymmetricSigning, message.Signature); } else { - return MessagingUtilities.AreEquivalent(message.Signature, this.CalculateSignature(message)); + return MessagingUtilities.AreEquivalentConstantTime(message.Signature, this.CalculateSignature(message)); } } |