summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-08-09 13:29:01 +0200
committerdrebs <drebs@leap.se>2014-06-05 10:45:29 -0300
commita35176a298480676d16fe195971ed89b21a78357 (patch)
tree2870e6d7d194b2f5e54b6a6eaed094e89f1d903f /server
parent7d9d827a5f66993863ca0c532c01ad3bf2c4353e (diff)
Make server auth time-insensitive.
Diffstat (limited to 'server')
-rw-r--r--server/src/leap/soledad/server/auth.py16
1 files changed, 12 insertions, 4 deletions
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py
index e9d2b032..57f600a1 100644
--- a/server/src/leap/soledad/server/auth.py
+++ b/server/src/leap/soledad/server/auth.py
@@ -30,6 +30,7 @@ from abc import ABCMeta, abstractmethod
from routes.mapper import Mapper
from couchdb.client import Server
from twisted.python import log
+from hashlib import sha512
from leap.soledad.common import (
@@ -415,10 +416,17 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
server = Server(url=self._app.state.couch_url)
dbname = self.TOKENS_DB
db = server[dbname]
- token = db.get(token)
- if token is None or \
- token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF or \
- token[self.TOKENS_USER_ID_KEY] != uuid:
+ # lookup key is a hash of the token to prevent timing attacks.
+ token = db.get(sha512(token).hexdigest())
+ if token is None:
+ raise InvalidAuthTokenError()
+ # we compare uuid hashes to avoid possible timing attacks that
+ # might exploit python's builtin comparison operator behaviour,
+ # which fails immediatelly when non-matching bytes are found.
+ couch_uuid_hash = sha512(token[self.TOKENS_USER_ID_KEY]).digest()
+ req_uuid_hash = sha512(uuid).digest()
+ if token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF \
+ or couch_uuid_hash != req_uuid_hash:
raise InvalidAuthTokenError()
return True