util.jwt: Use constant-time comparison with expected signature

author: Matthew Wild <mwild1@gmail.com> 2021-05-13 14:13:07 +0100
committer: Matthew Wild <mwild1@gmail.com> 2021-05-13 14:13:07 +0100
commit: 8048b53d183f3e225c85f4ca06e54ebc0b07e058 (patch)
tree: cf7afec3d73d103bb7116b652c6f9012c0369241 /util/jwt.lua
parent: 5bc8b2a379e21901429e4d7f5e10e424ca85e403 (diff)
download: prosody-8048b53d183f3e225c85f4ca06e54ebc0b07e058.tar.gz
prosody-8048b53d183f3e225c85f4ca06e54ebc0b07e058.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/util/jwt.lua b/util/jwt.lua
index 2b172d38..bf106dfa 100644
--- a/util/jwt.lua
+++ b/util/jwt.lua
@@ -3,6 +3,7 @@ local json = require "util.json";
 local hashes = require "util.hashes";
 local base64_encode = require "util.encodings".base64.encode;
 local base64_decode = require "util.encodings".base64.decode;
+local secure_equals = require "util.hashes".equals;
 
 local b64url_rep = { ["+"] = "-", ["/"] = "_", ["="] = "", ["-"] = "+", ["_"] = "/" };
 local function b64url(data)
@@ -33,7 +34,7 @@ local function verify(key, blob)
 	elseif header.alg ~= "HS256" then
 		return nil, "unsupported-algorithm";
 	end
-	if b64url(hashes.hmac_sha256(key, signed)) ~= signature then
+	if not secure_equals(b64url(hashes.hmac_sha256(key, signed)), signature) then
 		return false, "signature-mismatch";
 	end
 	local payload, err = json.decode(unb64url(bpayload));
author	Matthew Wild <mwild1@gmail.com>	2021-05-13 14:13:07 +0100
committer	Matthew Wild <mwild1@gmail.com>	2021-05-13 14:13:07 +0100
commit	8048b53d183f3e225c85f4ca06e54ebc0b07e058 (patch)
tree	cf7afec3d73d103bb7116b652c6f9012c0369241 /util/jwt.lua
parent	5bc8b2a379e21901429e4d7f5e10e424ca85e403 (diff)
download	prosody-8048b53d183f3e225c85f4ca06e54ebc0b07e058.tar.gz prosody-8048b53d183f3e225c85f4ca06e54ebc0b07e058.zip