Merge pull request 'Fix potential timing side-channels in authentication mechanisms' (#737) from fix-auth-ct-eq into mainv0.9.2-rc1

Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/737
author: Alex <alex@adnab.me> 2024-02-29 14:04:38 +0000
committer: Alex <alex@adnab.me> 2024-02-29 14:04:38 +0000
commit: b8c7a560ef339142607106649f8cef88def82fb8 (patch)
tree: 0d563334084896f5e583e4a5d7f061348412c9da /src/api/signature
parent: d3cf560e5ce6117b822fd0a117c5baf7d9ecb119 (diff)
parent: 6d33e721c41bdb0fe7da6404e6d6d32509eed6be (diff)
download: garage-b8c7a560ef339142607106649f8cef88def82fb8.tar.gz
garage-b8c7a560ef339142607106649f8cef88def82fb8.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs
index 949da601..a9e7d34d 100644
--- a/src/api/signature/payload.rs
+++ b/src/api/signature/payload.rs
@@ -375,9 +375,10 @@ pub async fn verify_v4(
 	)
 	.ok_or_internal_error("Unable to build signing HMAC")?;
 	hmac.update(payload);
-	let our_signature = hex::encode(hmac.finalize().into_bytes());
-	if auth.signature != our_signature {
-		return Err(Error::forbidden("Invalid signature".to_string()));
+	let signature =
+		hex::decode(&auth.signature).map_err(|_| Error::forbidden("Invalid signature"))?;
+	if hmac.verify_slice(&signature).is_err() {
+		return Err(Error::forbidden("Invalid signature"));
 	}
 
 	Ok(key)
author	Alex <alex@adnab.me>	2024-02-29 14:04:38 +0000
committer	Alex <alex@adnab.me>	2024-02-29 14:04:38 +0000
commit	b8c7a560ef339142607106649f8cef88def82fb8 (patch)
tree	0d563334084896f5e583e4a5d7f061348412c9da /src/api/signature
parent	d3cf560e5ce6117b822fd0a117c5baf7d9ecb119 (diff)
parent	6d33e721c41bdb0fe7da6404e6d6d32509eed6be (diff)
download	garage-b8c7a560ef339142607106649f8cef88def82fb8.tar.gz garage-b8c7a560ef339142607106649f8cef88def82fb8.zip