Skip to content
This repository

Avoid timing attacks in AuthTktAutenticationPolicy #320

Merged
merged 1 commit into from over 2 years ago

2 participants

Ryan Kelly Chris McDonough
Ryan Kelly
rfk commented October 14, 2011

This factors out the timing-invariant string comparison code from
session.py and re-uses it for signature checking in AuthTkt code.

Ryan Kelly Avoid timing attacks in AuthTktAutenticationPolicy
This factors out the timing-invariant string comparison code from
session.py and re-uses it for signature checking in AuthTkt code.
13906d6
Chris McDonough mcdonc merged commit d1527f4 into from October 14, 2011
Chris McDonough mcdonc closed this October 14, 2011
Chris McDonough
Owner

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Oct 15, 2011
Ryan Kelly Avoid timing attacks in AuthTktAutenticationPolicy
This factors out the timing-invariant string comparison code from
session.py and re-uses it for signature checking in AuthTkt code.
13906d6
This page is out of date. Refresh to see the latest.
6  pyramid/authentication.py
@@ -22,6 +22,8 @@
22 22
 from pyramid.security import Authenticated
23 23
 from pyramid.security import Everyone
24 24
 
  25
+from pyramid.util import strings_differ
  26
+
25 27
 VALID_TOKEN = re.compile(r"^[A-Za-z][A-Za-z0-9+_-]*$")
26 28
 
27 29
 class CallbackAuthenticationPolicy(object):
@@ -485,7 +487,9 @@ def parse_ticket(secret, ticket, ip):
485 487
     expected = calculate_digest(ip, timestamp, secret,
486 488
                                 userid, tokens, user_data)
487 489
 
488  
-    if expected != digest:
  490
+    # Avoid timing attacks (see
  491
+    # http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf)
  492
+    if strings_differ(expected, digest):
489 493
         raise BadTicket('Digest signature is not correct',
490 494
                         expected=(expected, digest))
491 495
 
12  pyramid/session.py
@@ -13,6 +13,7 @@
13 13
 from pyramid.compat import bytes_
14 14
 from pyramid.compat import native_
15 15
 from pyramid.interfaces import ISession
  16
+from pyramid.util import strings_differ
16 17
 
17 18
 def manage_accessed(wrapped):
18 19
     """ Decorator which causes a cookie to be set when a wrapped
@@ -262,17 +263,10 @@ def signed_deserialize(serialized, secret, hmac=hmac):
262 263
 
263 264
     sig = hmac.new(bytes_(secret), pickled, sha1).hexdigest()
264 265
 
265  
-    if len(sig) != len(input_sig):
266  
-        raise ValueError('Wrong signature length')
267  
-
268 266
     # Avoid timing attacks (see
269 267
     # http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf)
270  
-    invalid_bits = 0
271  
-    for a, b in zip(sig, input_sig):
272  
-        invalid_bits += a != b
273  
-
274  
-    if invalid_bits:
275  
-        raise ValueError('Invalid bits in signature')
  268
+    if strings_differ(sig, input_sig):
  269
+        raise ValueError('Invalid signature')
276 270
 
277 271
     return pickle.loads(pickled)
278 272
 
20  pyramid/util.py
@@ -208,3 +208,23 @@ def last(self):
208 208
             oid = self._order[-1]
209 209
             return self._items[oid]()
210 210
 
  211
+def strings_differ(string1, string2):
  212
+    """Check whether two strings differ while avoiding timing attacks.
  213
+
  214
+    This function returns True if the given strings differ and False
  215
+    if they are equal.  It's careful not to leak information about *where*
  216
+    they differ as a result of its running time, which can be very important
  217
+    to avoid certain timing-related crypto attacks:
  218
+
  219
+        http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf
  220
+
  221
+    """
  222
+    if len(string1) != len(string2):
  223
+        return True
  224
+
  225
+    invalid_bits = 0
  226
+    for a, b in zip(string1, string2):
  227
+        invalid_bits += a != b
  228
+
  229
+    return invalid_bits != 0
  230
+
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.