search

ramarao1990 / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

Association.verifySignature() is vulnerable to timing attacks #123

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Association.verifySignature() uses String.equals() to verify signatures. This 
is vulnerable to timing attacks. This can be remedied by using a constant-time 
comparison.

For background on timing attacks:
http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/

Original issue reported on code.google.com by stevew...@gmail.com on 19 Jul 2010 at 11:52

GoogleCodeExporter commented 8 years ago 
This can be fixed easily with the following code substituted for 
Association.verifySignature():

    public boolean verifySignature(String text, String signature) throws AssociationException
    {
        if (DEBUG) _log.debug("Verifying signature: " + signature);

        return constantTimeEquals(signature, sign(text));
    }

    private boolean constantTimeEquals(String objA, String objB) {
        if (objA == objB) {
            return true;
        }
        int n = objA.length();
        if (n == objB.length()) {
            char v1[] = new char[n];
            objA.getChars(0, n, v1, 0);
            char v2[] = new char[n];
            objB.getChars(0, n, v2, 0);
            int i = 0;
            int j = 0;
            boolean isEqual = true;
            while (n-- != 0) {
                if (v1[i++] != v2[j++])
                    isEqual = false;
            }
            return isEqual;
        }
        return false;
    }

Original comment by Dan.Troe...@gmail.com on 10 Dec 2010 at 4:24

GoogleCodeExporter commented 8 years ago 
The problem has been fixed in r641, so close this issue.

Original comment by zhoushu...@gmail.com on 9 Jan 2011 at 8:22