Proxmox/proxmox
5
0
Fork 1
Code Issues Pull Requests Releases Activity

auth-api: use constant time comparison for csrf tokens

Browse Source 
by using openssl's `memcmp::eq()` we can avoid potential side-channel
attack on the csrf token comparison. this comparison's runtime only
depends on the length of the two byte vectors, not their contents.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit is contained in:
Stefan Sterz 2024-03-06 13:36:01 +01:00 committed by Wolfgang Bumiller
parent b926ea1f5c
commit 8609fb58ef
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
proxmox-auth-api/src/api/access.rs
View File

@ -286,14 +286,15 @@ fn verify_csrf_prevention_token_do(
}
let timestamp = parts.pop_front().unwrap();
let sig = parts.pop_front().unwrap();
let sig = parts.pop_front().unwrap().as_bytes();
let ttime = i64::from_str_radix(timestamp, 16)
.map_err(|err| format_err!("timestamp format error - {}", err))?;
let digest = compute_csrf_secret_digest(ttime, secret, userid);
let digest = digest.as_bytes();
if digest != sig {
if digest.len() != sig.len() || !openssl::memcmp::eq(digest, sig) {
bail!("invalid signature.");
}