fix: use constant-time comparison for HMAC verification (#522)

Replace non-constant-time === operator with crypto.timingSafeEqual()
to prevent timing side-channel attacks on HMAC signature verification.

Fixes #522

Author: shunkica

src/signature-algorithms.ts

@@ -143,7 +143,17 @@ export class HmacSha1 implements SignatureAlgorithm {
       verifier.update(material);
       const res = verifier.digest("base64");
 
-      return res === signatureValue;
+      // Use constant-time comparison to prevent timing attacks (CWE-208)
+      // See: https://github.com/node-saml/xml-crypto/issues/522
+      try {
+        return crypto.timingSafeEqual(
+          Buffer.from(res, "base64"),
+          Buffer.from(signatureValue, "base64"),
+        );
+      } catch (e) {
+        // timingSafeEqual throws if buffer lengths don't match
+        return false;
+      }
     },
   );