Glimesh / janus-ftl-plugin

A plugin for the Janus WebRTC gateway to enable relaying of audio/video streams utilizing Mixer's FTL (Faster-Than-Light) protocol.
https://hayden.fyi/posts/2020-08-03-Faster-Than-Light-protocol-engineering-notes.html
GNU Affero General Public License v3.0
46 stars 11 forks source link

Timing attack on streaming key HMAC comparison #104

Closed danstiner closed 3 years ago

danstiner commented 3 years ago

See https://security.stackexchange.com/questions/74547/timing-attack-against-hmac-in-authenticated-encryption for context.

Instead of the current loop: https://github.com/Glimesh/janus-ftl-plugin/blob/ab5b74ba90f4e1877d9b43124d675ca7501a6a49/src/FtlControlConnection.cpp#L225-L241

We should do something like:

bool match = (bufferLength == hmacHash.size()) && (CRYPTO_memcmp(buffer, hmacHash.data(), hmacHash.size()) == 0);

See also https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying#Verifying_HMAC

This is basically impossible to exploit because we only allow one try before closing the connection (and the new connection will have a new challenge nonce), so I'm not going to follow any responsible disclosure rules.