Make CI_Session's HMAC comparison time-attack-safe

commit: 3aa781a65267d72000009df0fa2feee5cb3bdd8d [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Thu Feb 06 05:34:19 2014 +0200
committer: Andrey Andreev <narf@devilix.net> Thu Feb 06 05:34:19 2014 +0200
tree: 45aae14cc3ad37240bedee7e2db71d1b06ae363f
parent: f6779f5e2510811a1d4fe39864923226a475f298 [diff] [blame]
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 971dfea..c8dfad6 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php

@@ -395,7 +395,15 @@
 		$hmac	 = substr($session, $len);
 		$session = substr($session, 0, $len);
 
-		if ($hmac !== hash_hmac('sha1', $session, $this->encryption_key))
+		// Time-attack-safe comparison
+		$hmac_check = hash_hmac('sha1', $session, $this->encryption_key);
+		$diff = 0;
+		for ($i = 0; $i < 40; $i++)
+		{
+			$diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]);
+		}
+
+		if ($diff !== 0)
 		{
 			log_message('error', 'The session cookie data did not match what was expected.');
 			$this->sess_destroy();
commit	3aa781a65267d72000009df0fa2feee5cb3bdd8d	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Thu Feb 06 05:34:19 2014 +0200
committer	Andrey Andreev <narf@devilix.net>	Thu Feb 06 05:34:19 2014 +0200
tree	45aae14cc3ad37240bedee7e2db71d1b06ae363f
parent	f6779f5e2510811a1d4fe39864923226a475f298 [diff] [blame]