Implementing constant-time comparison in JwtValidator (#111)

* Implementing constant-time comparison in JwtValidator * Bumping nuget version
jwt-dotnet · May 15, 2017 · e0092b8 · e0092b8
1 parent 532bb1c
commit e0092b8
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/src/JWT/JWT.csproj b/src/JWT/JWT.csproj
@@ -21,7 +21,7 @@
     <PackageProjectUrl>https://github.com/jwt-dotnet/jwt</PackageProjectUrl>
     <Authors>John Sheehan, Michael Lehenbauer, Alexander Batishchev</Authors>
     <PackageLicenseUrl>https://creativecommons.org/publicdomain/zero/1.0/</PackageLicenseUrl>
-    <Version>3.0.0-beta3</Version>
+    <Version>3.0.0-beta4</Version>
     <PackageTags>jwt json</PackageTags>
   </PropertyGroup>
 

diff --git a/src/JWT/JwtValidator.cs b/src/JWT/JwtValidator.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Text;
 
 namespace JWT
 {
@@ -31,7 +32,7 @@ public JwtValidator(IJsonSerializer jsonSerializer, IDateTimeProvider dateTimePr
         /// <inheritdoc />
         public void Validate(string payloadJson, string decodedCrypto, string decodedSignature)
         {
-            if (decodedCrypto != decodedSignature)
+            if (!CompareCryptoWithSignature(decodedCrypto, decodedSignature))
             {
                 throw new SignatureVerificationException("Invalid signature")
                 {
@@ -99,5 +100,25 @@ public void Validate(string payloadJson, string decodedCrypto, string decodedSig
                 }
             }
         }
+
+        /// <remarks>In the future this method can be open for extension so made protected virtual</remarks>
+        private static bool CompareCryptoWithSignature(string decodedCrypto, string decodedSignature)
+        {
+            if (decodedCrypto.Length != decodedSignature.Length)
+            {
+                return false;
+            }
+
+            byte[] decodedCryptoBytes = Encoding.ASCII.GetBytes(decodedCrypto);
+            byte[] decodedSignatureBytes = Encoding.ASCII.GetBytes(decodedSignature);
+
+            byte result = 0;
+            for (int i = 0; i < decodedCrypto.Length; i++)
+            {
+                result |= (byte)(decodedCryptoBytes[i] ^ decodedSignatureBytes[i]);
+            }
+
+            return result == 0;
+        }
     }
 }