From a35176a298480676d16fe195971ed89b21a78357 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Fri, 9 Aug 2013 13:29:01 +0200
Subject: Make server auth time-insensitive.

---
 server/src/leap/soledad/server/auth.py                   | 16 ++++++++++++----
 .../changes/feature_3399-check-auth-in-constant-way      |  1 +
 2 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 soledad_server/changes/feature_3399-check-auth-in-constant-way

diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py
index e9d2b032..57f600a1 100644
--- a/server/src/leap/soledad/server/auth.py
+++ b/server/src/leap/soledad/server/auth.py
@@ -30,6 +30,7 @@ from abc import ABCMeta, abstractmethod
 from routes.mapper import Mapper
 from couchdb.client import Server
 from twisted.python import log
+from hashlib import sha512
 
 
 from leap.soledad.common import (
@@ -415,10 +416,17 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
         server = Server(url=self._app.state.couch_url)
         dbname = self.TOKENS_DB
         db = server[dbname]
-        token = db.get(token)
-        if token is None or \
-                token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF or \
-                token[self.TOKENS_USER_ID_KEY] != uuid:
+        # lookup key is a hash of the token to prevent timing attacks.
+        token = db.get(sha512(token).hexdigest())
+        if token is None:
+            raise InvalidAuthTokenError()
+        # we compare uuid hashes to avoid possible timing attacks that
+        # might exploit python's builtin comparison operator behaviour,
+        # which fails immediatelly when non-matching bytes are found.
+        couch_uuid_hash = sha512(token[self.TOKENS_USER_ID_KEY]).digest()
+        req_uuid_hash = sha512(uuid).digest()
+        if token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF \
+                or couch_uuid_hash != req_uuid_hash:
             raise InvalidAuthTokenError()
         return True
 
diff --git a/soledad_server/changes/feature_3399-check-auth-in-constant-way b/soledad_server/changes/feature_3399-check-auth-in-constant-way
new file mode 100644
index 00000000..ebd18680
--- /dev/null
+++ b/soledad_server/changes/feature_3399-check-auth-in-constant-way
@@ -0,0 +1 @@
+  o Authenticate in time-insensitive manner. Closes #3399.
-- 
cgit v1.2.3