Use hmac.compare_digest to compare signature

hmac.compare_digest must be used to compare sample signature to avoid timing-attack. We also provide a best-effort version of hmac.compare_digest for python version that doesn't have the C version. Closes bug #1332390 Change-Id: Ia313c98b7cccf0e8aed4fb933292bd7e6141b801
2014-06-22 12:56:49 +02:00 · 2014-06-22 12:56:49 +02:00 · 8b4e4987a5
commit 8b4e4987a5
parent 0b77c8a214
2 changed files with 62 additions and 2 deletions
--- a/ceilometer/publisher/utils.py
+++ b/ceilometer/publisher/utils.py
@ -60,15 +60,52 @@ def compute_signature(message, secret):
    return digest_maker.hexdigest()
 def besteffort_compare_digest(first, second):
    """Returns True if both string inputs are equal, otherwise False.
    This function should take a constant amount of time regardless of
    how many characters in the strings match.
    """
    # NOTE(sileht): compare_digest method protected for timing-attacks
    # exists since python >= 2.7.7 and python >= 3.3
    # this a bit less-secure python fallback version
    # taken from https://github.com/openstack/python-keystoneclient/blob/
    # master/keystoneclient/middleware/memcache_crypt.py#L88
    if len(first) != len(second):
        return False
    result = 0
    if six.PY3 and isinstance(first, bytes) and isinstance(second, bytes):
        for x, y in zip(first, second):
            result |= x ^ y
    else:
        for x, y in zip(first, second):
            result |= ord(x) ^ ord(y)
    return result == 0
 if hasattr(hmac, 'compare_digest'):
    compare_digest = hmac.compare_digest
 else:
    compare_digest = besteffort_compare_digest
 def verify_signature(message, secret):
    """Check the signature in the message.
    Message is verified against the value computed from the rest of the
    contents.
    """
-    old_sig = message.get('message_signature')
+    old_sig = message.get('message_signature', '')
    new_sig = compute_signature(message, secret)
-    return new_sig == old_sig
+
    if isinstance(old_sig, six.text_type):
        try:
            old_sig = old_sig.encode('ascii')
        except UnicodeDecodeError:
            return False
    return compare_digest(new_sig, old_sig)
 def meter_message_from_counter(sample, secret):
--- a/ceilometer/tests/publisher/test_utils.py
+++ b/ceilometer/tests/publisher/test_utils.py
@ -74,6 +74,16 @@ class TestSignature(test.BaseTestCase):
                'message_signature': 'Not the same'}
        self.assertFalse(utils.verify_signature(data, 'not-so-secret'))
    def test_verify_signature_invalid_encoding(self):
        data = {'a': 'A', 'b': 'B',
                'message_signature': ''}
        self.assertFalse(utils.verify_signature(data, 'not-so-secret'))
    def test_verify_signature_unicode(self):
        data = {'a': 'A', 'b': 'B',
                'message_signature': u''}
        self.assertFalse(utils.verify_signature(data, 'not-so-secret'))
    def test_verify_signature_nested(self):
        data = {'a': 'A',
                'b': 'B',
@ -100,3 +110,16 @@ class TestSignature(test.BaseTestCase):
            'not-so-secret')
        jsondata = jsonutils.loads(jsonutils.dumps(data))
        self.assertTrue(utils.verify_signature(jsondata, 'not-so-secret'))
    def test_besteffort_compare_digest(self):
        hash1 = "f5ac3fe42b80b80f979825d177191bc5"
        hash2 = "f5ac3fe42b80b80f979825d177191bc5"
        hash3 = "1dece7821bf3fd70fe1309eaa37d52a2"
        hash4 = b"f5ac3fe42b80b80f979825d177191bc5"
        hash5 = b"f5ac3fe42b80b80f979825d177191bc5"
        hash6 = b"1dece7821bf3fd70fe1309eaa37d52a2"
        self.assertTrue(utils.besteffort_compare_digest(hash1, hash2))
        self.assertFalse(utils.besteffort_compare_digest(hash1, hash3))
        self.assertTrue(utils.besteffort_compare_digest(hash4, hash5))
        self.assertFalse(utils.besteffort_compare_digest(hash4, hash6))