Skip to content

Constant-time HMAC comparison#186

Open
0xd6cb6d73 wants to merge 2 commits into
MythicAgents:masterfrom
0xd6cb6d73:fix-hmac-compare
Open

Constant-time HMAC comparison#186
0xd6cb6d73 wants to merge 2 commits into
MythicAgents:masterfrom
0xd6cb6d73:fix-hmac-compare

Conversation

@0xd6cb6d73

Copy link
Copy Markdown

Use a constant-time function to compare HMAC values.

The current code uses the language's basic == operator to compare the expected value to the one obtained from the network message. This may enable HMAC forging through a timing attack.

Although I believe my fix is sound, I have not been able to test whether it truly is constant time.

@0xd6cb6d73

Copy link
Copy Markdown
Author

The short-circuit when lhs and rhs aren't the same length matches what the standard library's blessed implementation CryptographicOperations.FixedTimeEquals does: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptographicoperations.fixedtimeequals?view=net-10.0#remarks. Unfortunately, that does not seem to be available in any version of .NET framework.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant