[SECURITY] HMAC signature verification should use constant-time comparison #522
Description
Summary
HMAC signature verification in src/signature-algorithms.ts uses JavaScript's === operator which is not constant-time. This violates cryptographic best practices and should be fixed to use crypto.timingSafeEqual().
Issue
The === operator performs short-circuit evaluation, potentially creating timing side-channels:
- Stops comparing as soon as first mismatch is found
- Different error positions = different comparison times
While timing variance is measurable, I could not demonstrate practical exploitation in a test environment. This appears to be more of a theoretical vulnerability and code quality issue.
Security Best Practice
Per cryptographic best practices and CWE-208 (Observable Timing Discrepancy), secret comparisons should use constant-time algorithms to prevent timing attacks.
Node.js provides crypto.timingSafeEqual() specifically for this purpose.
Impact
Who is affected:
- Applications using HMAC signatures (via
sig.enableHMAC())
References
- CWE-208: Observable Timing Discrepancy - https://cwe.mitre.org/data/definitions/208.html
- Node.js crypto.timingSafeEqual() - https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b