Made HMAC verification constant time array checks

TwoTenPvP · TwoTenPvP · commit 40e11cb05259 · 2019-01-31T11:48:25.000+01:00
diff --git a/MLAPI/NetworkingManagerComponents/Core/MessageManager.cs b/MLAPI/NetworkingManagerComponents/Core/MessageManager.cs
@@ -89,14 +89,12 @@ internal static BitStream UnwrapMessage(BitStream inputStream, uint clientId, ou
                             {
                                 byte[] computedHmac = hmac.ComputeHash(inputStream.GetBuffer(), 0, (int)inputStream.Length);
 
-                                for (int i = 0; i < computedHmac.Length; i++)
+
+                                if (!CryptographyHelper.ConstTimeArrayEqual(computedHmac, HMAC_BUFFER))
                                 {
-                                    if (computedHmac[i] != HMAC_BUFFER[i])
-                                    {
-                                        if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Received HMAC at position [" + i + "] did not match the computed HMAC");
-                                        messageType = MLAPIConstants.INVALID;
-                                        return null;
-                                    }
+                                    if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Received HMAC did not match the computed HMAC");
+                                    messageType = MLAPIConstants.INVALID;
+                                    return null;
                                 }
                             }
                         }

Original file line number	Diff line number	Diff line change
`@@ -89,14 +89,12 @@ internal static BitStream UnwrapMessage(BitStream inputStream, uint clientId, ou`
`89`	`89`	`{`
`90`	`90`	`byte[] computedHmac = hmac.ComputeHash(inputStream.GetBuffer(), 0, (int)inputStream.Length);`
`91`	`91`
`92`		`- for (int i = 0; i < computedHmac.Length; i++)`
	`92`	`+`
	`93`	`+ if (!CryptographyHelper.ConstTimeArrayEqual(computedHmac, HMAC_BUFFER))`
`93`	`94`	`{`
`94`		`- if (computedHmac[i] != HMAC_BUFFER[i])`
`95`		`- {`
`96`		`- if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Received HMAC at position [" + i + "] did not match the computed HMAC");`
`97`		`- messageType = MLAPIConstants.INVALID;`
`98`		`- return null;`
`99`		`- }`
	`95`	`+ if (LogHelper.CurrentLogLevel <= LogLevel.Error) LogHelper.LogError("Received HMAC did not match the computed HMAC");`
	`96`	`+ messageType = MLAPIConstants.INVALID;`
	`97`	`+ return null;`
`100`	`98`	`}`
`101`	`99`	`}`
`102`	`100`	`}`