diff options
author | drebs <drebs@leap.se> | 2013-08-09 13:29:01 +0200 |
---|---|---|
committer | drebs <drebs@leap.se> | 2014-06-05 10:45:29 -0300 |
commit | a35176a298480676d16fe195971ed89b21a78357 (patch) | |
tree | 2870e6d7d194b2f5e54b6a6eaed094e89f1d903f /server/src/leap | |
parent | 7d9d827a5f66993863ca0c532c01ad3bf2c4353e (diff) |
Make server auth time-insensitive.
Diffstat (limited to 'server/src/leap')
-rw-r--r-- | server/src/leap/soledad/server/auth.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index e9d2b032..57f600a1 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -30,6 +30,7 @@ from abc import ABCMeta, abstractmethod from routes.mapper import Mapper from couchdb.client import Server from twisted.python import log +from hashlib import sha512 from leap.soledad.common import ( @@ -415,10 +416,17 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware): server = Server(url=self._app.state.couch_url) dbname = self.TOKENS_DB db = server[dbname] - token = db.get(token) - if token is None or \ - token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF or \ - token[self.TOKENS_USER_ID_KEY] != uuid: + # lookup key is a hash of the token to prevent timing attacks. + token = db.get(sha512(token).hexdigest()) + if token is None: + raise InvalidAuthTokenError() + # we compare uuid hashes to avoid possible timing attacks that + # might exploit python's builtin comparison operator behaviour, + # which fails immediatelly when non-matching bytes are found. + couch_uuid_hash = sha512(token[self.TOKENS_USER_ID_KEY]).digest() + req_uuid_hash = sha512(uuid).digest() + if token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF \ + or couch_uuid_hash != req_uuid_hash: raise InvalidAuthTokenError() return True |