Merge pull request #238 from rararulab/issue-233-timing-attack

fix(ingestor): use constant-time comparison for URL signatures (#233)

Author: crrow

crates/core/src/domain/mod.rs

@@ -13,7 +13,7 @@ pub use processing_task::{ProcessingTask, TaskStatus};
 #[doc(inline)]
 pub use share_link::ShareLink;
 #[doc(inline)]
-pub use token::{ConnectionToken, TokenAction, TokenError};
+pub use token::{ConnectionToken, TokenAction, TokenError, constant_time_eq};
 #[doc(inline)]
 pub use video::{Video, VideoStatus};
 

crates/core/src/domain/token.rs

@@ -159,8 +159,11 @@ fn compute_hmac(secret: &[u8], data: &[u8]) -> String {
     hex::encode(mac.finalize().into_bytes())
 }
 
-/// Constant-time comparison to prevent timing attacks.
-fn constant_time_eq(a: &[u8], b: &[u8]) -> bool {
+/// Constant-time byte-slice comparison to prevent timing attacks.
+///
+/// Uses XOR folding so that execution time is independent of where
+/// (or whether) the slices differ.
+pub fn constant_time_eq(a: &[u8], b: &[u8]) -> bool {
     if a.len() != b.len() {
         return false;
     }

crates/ingestor/src/handlers.rs

@@ -290,7 +290,9 @@ fn verify_upload_url(secret: &[u8], video_id: &str, part: u64, exp: u64, sig: &s
     mac.update(format!("{video_id}:{part}:{exp}").as_bytes());
     let expected = hex::encode(mac.finalize().into_bytes());
 
-    if expected != sig {
+    // Use constant-time comparison to prevent timing attacks on signature
+    // verification
+    if !stream_core::domain::constant_time_eq(expected.as_bytes(), sig.as_bytes()) {
         return Err(IngestorError::Unauthorized);
     }
     Ok(())