diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-08 17:11:31 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-03-08 17:31:47 -0400 |
commit | 7cf181023c2dd69d5d2f6733df60b1c8332c85bf (patch) | |
tree | 29ea892bfbfec381ec0e7f5cf8bdd5e283f5c3df | |
parent | 1f8bd71e9d65fd23ac1ba2df7debd217285bb702 (diff) | |
download | jwcrypto-7cf181023c2dd69d5d2f6733df60b1c8332c85bf.tar.gz jwcrypto-7cf181023c2dd69d5d2f6733df60b1c8332c85bf.tar.xz jwcrypto-7cf181023c2dd69d5d2f6733df60b1c8332c85bf.zip |
Use a constant time comparison for comparing an HMAC
Fixes #2
-rw-r--r-- | jwcrypto/jwe.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/jwcrypto/jwe.py b/jwcrypto/jwe.py index 7845b26..3e7ea19 100644 --- a/jwcrypto/jwe.py +++ b/jwcrypto/jwe.py @@ -1,7 +1,7 @@ # Copyright (C) 2015 JWCrypto Project Contributors - see LICENSE file from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import hashes, hmac +from cryptography.hazmat.primitives import constant_time, hashes, hmac from cryptography.hazmat.primitives.padding import PKCS7 from cryptography.hazmat.primitives.asymmetric import padding from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes @@ -183,7 +183,7 @@ class _aes_cbc_hmac_sha2(_raw_jwe): dkey = k[self.blocksize:] # verify mac - if t != self._mac(hkey, a, iv, e): + if not constant_time.bytes_eq(t, self._mac(hkey, a, iv, e)): raise InvalidJWEData('Failed to verify MAC') # decrypt |