From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 931F997D47 for ; Wed, 6 Mar 2024 13:36:18 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 61D7416F52 for ; Wed, 6 Mar 2024 13:36:18 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 6 Mar 2024 13:36:17 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 1A0D748851 for ; Wed, 6 Mar 2024 13:36:17 +0100 (CET) From: Stefan Sterz To: pbs-devel@lists.proxmox.com Date: Wed, 6 Mar 2024 13:36:01 +0100 Message-Id: <20240306123609.164021-5-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240306123609.164021-1-s.sterz@proxmox.com> References: <20240306123609.164021-1-s.sterz@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.076 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH proxmox v2 04/12] auth-api: use constant time comparison for csrf tokens X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2024 12:36:18 -0000 by using openssl's `memcmp::eq()` we can avoid potential side-channel attack on the csrf token comparison. this comparison's runtime only depends on the length of the two byte vectors, not their contents. Signed-off-by: Stefan Sterz --- proxmox-auth-api/src/api/access.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/proxmox-auth-api/src/api/access.rs b/proxmox-auth-api/src/api/access.rs index 428d22a..e22eea2 100644 --- a/proxmox-auth-api/src/api/access.rs +++ b/proxmox-auth-api/src/api/access.rs @@ -286,14 +286,15 @@ fn verify_csrf_prevention_token_do( } let timestamp = parts.pop_front().unwrap(); - let sig = parts.pop_front().unwrap(); + let sig = parts.pop_front().unwrap().as_bytes(); let ttime = i64::from_str_radix(timestamp, 16) .map_err(|err| format_err!("timestamp format error - {}", err))?; let digest = compute_csrf_secret_digest(ttime, secret, userid); + let digest = digest.as_bytes(); - if digest != sig { + if digest.len() != sig.len() || !openssl::memcmp::eq(digest, sig) { bail!("invalid signature."); } -- 2.39.2