Made signature verification time constant

TwoTenPvP · TwoTenPvP · commit 67af7b24e54b · 2019-01-31T08:51:57.000+01:00
diff --git a/MLAPI/NetworkingManagerComponents/Core/InternalMessageHandler.Receive.cs b/MLAPI/NetworkingManagerComponents/Core/InternalMessageHandler.Receive.cs
@@ -129,23 +129,14 @@ internal static void HandleHailResponse(uint clientId, Stream stream, int channe
                             {
                                 byte[] clientHash = rsa.Decrypt(diffieHellmanPublicSignature, false);
                                 byte[] serverHash = sha.ComputeHash(diffieHellmanPublic);
-                                if (clientHash.Length != serverHash.Length)
+                                
+                                if (!CryptographyHelper.ConstTimeArrayEqual(clientHash, serverHash))
                                 {
                                     //Man in the middle.
-                                    if (LogHelper.CurrentLogLevel <= LogLevel.Normal) if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogWarning("Signature length doesnt match for the key exchange public part. Disconnecting");
+                                    if (LogHelper.CurrentLogLevel <= LogLevel.Normal) if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogWarning("Signature doesnt match for the key exchange public part. Disconnecting");
                                     netManager.DisconnectClient(clientId);
                                     return;
                                 }
-                                for (int i = 0; i < clientHash.Length; i++)
-                                {
-                                    if (clientHash[i] != serverHash[i])
-                                    {
-                                        //Man in the middle.
-                                        if (LogHelper.CurrentLogLevel <= LogLevel.Normal) if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogWarning("Signature doesnt match for the key exchange public part. Disconnecting");
-                                        netManager.DisconnectClient(clientId);
-                                        return;
-                                    }
-                                }
                             }
                         }
                         else
diff --git a/MLAPI/NetworkingManagerComponents/Cryptography/CryptographyHelper.cs b/MLAPI/NetworkingManagerComponents/Cryptography/CryptographyHelper.cs
@@ -78,6 +78,23 @@ public static byte[] GetServerKey()
                 return NetworkingManager.Singleton.clientAesKey;
             }
         }
+
+        internal static bool ConstTimeArrayEqual(byte[] a, byte[] b)
+        {
+            if (a.Length != b.Length)
+                return false;
+            
+            int i = a.Length;
+            int cmp = 0;
+            
+            while (i != 0)
+            {
+                --i;
+                cmp |= (a[i] ^ b[i]);
+            }
+            
+            return cmp == 0;
+        }
     }
 }
 #endif

Original file line number	Diff line number	Diff line change
`@@ -129,23 +129,14 @@ internal static void HandleHailResponse(uint clientId, Stream stream, int channe`
`129`	`129`	`{`
`130`	`130`	`byte[] clientHash = rsa.Decrypt(diffieHellmanPublicSignature, false);`
`131`	`131`	`byte[] serverHash = sha.ComputeHash(diffieHellmanPublic);`
`132`		`- if (clientHash.Length != serverHash.Length)`
	`132`	`+`
	`133`	`+ if (!CryptographyHelper.ConstTimeArrayEqual(clientHash, serverHash))`
`133`	`134`	`{`
`134`	`135`	`//Man in the middle.`
`135`		`- if (LogHelper.CurrentLogLevel <= LogLevel.Normal) if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogWarning("Signature length doesnt match for the key exchange public part. Disconnecting");`
	`136`	`+ if (LogHelper.CurrentLogLevel <= LogLevel.Normal) if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogWarning("Signature doesnt match for the key exchange public part. Disconnecting");`
`136`	`137`	`netManager.DisconnectClient(clientId);`
`137`	`138`	`return;`
`138`	`139`	`}`
`139`		`- for (int i = 0; i < clientHash.Length; i++)`
`140`		`- {`
`141`		`- if (clientHash[i] != serverHash[i])`
`142`		`- {`
`143`		`- //Man in the middle.`
`144`		`- if (LogHelper.CurrentLogLevel <= LogLevel.Normal) if (LogHelper.CurrentLogLevel <= LogLevel.Normal) LogHelper.LogWarning("Signature doesnt match for the key exchange public part. Disconnecting");`
`145`		`- netManager.DisconnectClient(clientId);`
`146`		`- return;`
`147`		`- }`
`148`		`- }`
`149`	`140`	`}`
`150`	`141`	`}`
`151`	`142`	`else`
Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,23 @@ public static byte[] GetServerKey()`
`78`	`78`	`return NetworkingManager.Singleton.clientAesKey;`
`79`	`79`	`}`
`80`	`80`	`}`
	`81`	`+`
	`82`	`+ internal static bool ConstTimeArrayEqual(byte[] a, byte[] b)`
	`83`	`+ {`
	`84`	`+ if (a.Length != b.Length)`
	`85`	`+ return false;`
	`86`	`+`
	`87`	`+ int i = a.Length;`
	`88`	`+ int cmp = 0;`
	`89`	`+`
	`90`	`+ while (i != 0)`
	`91`	`+ {`
	`92`	`+ --i;`
	`93`	`+ cmp \|= (a[i] ^ b[i]);`
	`94`	`+ }`
	`95`	`+`
	`96`	`+ return cmp == 0;`
	`97`	`+ }`
`81`	`98`	`}`
`82`	`99`	`}`
`83`	`100`	`#endif`