From 305b998a524da30587e046c313c5ae7d5be122bb Mon Sep 17 00:00:00 2001
From: jesopo
Date: Tue, 12 Feb 2019 11:50:37 +0000
Subject: Use `hmac.compare_digest` to do a constant-time compare (sasl.scram)

---
 modules/sasl/scram.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'modules')

diff --git a/modules/sasl/scram.py b/modules/sasl/scram.py
index 19ec4e8c..463843e4 100644
--- a/modules/sasl/scram.py
+++ b/modules/sasl/scram.py
@@ -51,6 +51,9 @@ class SCRAM(object):
     def _hash(self, msg: bytes) -> bytes:
         return hashlib.new(self._algo, msg).digest()
 
+    def _constant_time_compare(self, b1: bytes, b2: bytes):
+        return hmac.compare_digest(b1, b2)
+
     def client_first(self) -> bytes:
         self.state = SCRAMState.ClientFirst
         self._client_first = b"n=%s,r=%s" % (
@@ -93,14 +96,14 @@ class SCRAM(object):
             self.state = SCRAMState.Failed
             return False
 
-        verifier = pieces[b"v"]
+        verifier = base64.b64decode(pieces[b"v"])
 
         server_key = self._hmac(self._salted_password, b"Server Key")
         server_signature = self._hmac(server_key, self._auth_message)
 
-        if server_signature != base64.b64decode(verifier):
-            self.state = SCRAMState.VerifyFailed
-            return False
-        else:
+        if self._constant_time_compare(server_signature, verifier):
             self.state = SCRAMState.Success
             return True
+        else:
+            self.state = SCRAMState.VerifyFailed
+            return False
-- 
cgit v1.3.1-10-gc9f91