feat: protect signing from timing attacks

innocenzi · innocenzi · commit bf5f34c335b1 · 2025-07-03T18:28:53.000+02:00
diff --git a/packages/cryptography/composer.json b/packages/cryptography/composer.json
@@ -6,10 +6,8 @@
     "require": {
         "php": "^8.4",
         "tempest/container": "dev-main",
-        "tempest/support": "dev-main"
-    },
-    "suggest": {
-        "tempest/clock": "For time-lock support"
+        "tempest/support": "dev-main",
+        "tempest/clock": "dev-main"
     },
     "autoload": {
         "psr-4": {
diff --git a/packages/cryptography/src/Signing/GenericSigner.php b/packages/cryptography/src/Signing/GenericSigner.php
@@ -3,6 +3,8 @@
 namespace Tempest\Cryptography\Signing;
 
 use Tempest\Cryptography\Signing\Exceptions\SigningKeyWasMissing;
+use Tempest\Cryptography\Timelock;
+use Tempest\DateTime\Duration;
 
 final class GenericSigner implements Signer
 {
@@ -22,6 +24,7 @@ final class GenericSigner implements Signer
 
     public function __construct(
         private readonly SigningConfig $config,
+        private readonly Timelock $timelock,
     ) {}
 
     public function sign(string $data): Signature
@@ -35,9 +38,12 @@ public function sign(string $data): Signature
 
     public function verify(string $data, Signature $signature): bool
     {
-        return hash_equals(
-            known_string: $this->sign($data)->signature,
-            user_string: $signature->signature,
+        return $this->timelock->invoke(
+            callback: fn () => hash_equals(
+                known_string: $this->sign($data)->signature,
+                user_string: $signature->signature,
+            ),
+            duration: $this->config->minimumExecutionDuration ?: Duration::zero(),
         );
     }
 }
diff --git a/packages/cryptography/src/Signing/SignerInitializer.php b/packages/cryptography/src/Signing/SignerInitializer.php
@@ -5,12 +5,16 @@
 use Tempest\Container\Container;
 use Tempest\Container\Initializer;
 use Tempest\Container\Singleton;
+use Tempest\Cryptography\Timelock;
 
 final class SignerInitializer implements Initializer
 {
     #[Singleton]
     public function initialize(Container $container): Signer
     {
-        return new GenericSigner($container->get(SigningConfig::class));
+        return new GenericSigner(
+            config: $container->get(SigningConfig::class),
+            timelock: $container->get(Timelock::class),
+        );
     }
 }
diff --git a/packages/cryptography/src/Signing/SigningConfig.php b/packages/cryptography/src/Signing/SigningConfig.php
@@ -2,15 +2,19 @@
 
 namespace Tempest\Cryptography\Signing;
 
+use Tempest\DateTime\Duration;
+
 final class SigningConfig
 {
     /**
      * @param SigningAlgorithm $algorithm The algorithm used for signing and verifying signatures.
      * @param non-empty-string $key The key used for signing and verifying signatures.
+     * @param Duration|false $minimumExecutionDuration The minimum execution duration for signing operations, to prevent timing attacks. Set `false` to disable timing attack protection.
      */
     public function __construct(
         public SigningAlgorithm $algorithm,
         #[\SensitiveParameter]
         public string $key,
+        public false|Duration $minimumExecutionDuration,
     ) {}
 }
diff --git a/packages/cryptography/src/Signing/signing.config.php b/packages/cryptography/src/Signing/signing.config.php
@@ -6,4 +6,5 @@
 return new SigningConfig(
     algorithm: SigningAlgorithm::SHA256,
     key: Tempest\env('SIGNING_KEY', default: ''),
+    minimumExecutionDuration: false,
 );
diff --git a/packages/cryptography/tests/Signing/SignerTest.php b/packages/cryptography/tests/Signing/SignerTest.php
@@ -3,18 +3,36 @@
 namespace Tempest\Cryptography\Tests\Signing;
 
 use PHPUnit\Framework\TestCase;
+use Tempest\Clock\Clock;
+use Tempest\Clock\GenericClock;
+use Tempest\Clock\MockClock;
 use Tempest\Cryptography\Signing\Exceptions\SigningKeyWasMissing;
 use Tempest\Cryptography\Signing\GenericSigner;
 use Tempest\Cryptography\Signing\SigningAlgorithm;
 use Tempest\Cryptography\Signing\SigningConfig;
+use Tempest\Cryptography\Timelock;
+use Tempest\DateTime\Duration;
 
 final class SignerTest extends TestCase
 {
+    private function createSigner(SigningConfig $config, ?Clock $clock = null): GenericSigner
+    {
+        return new GenericSigner(
+            config: $config ?? new SigningConfig(
+                algorithm: SigningAlgorithm::SHA256,
+                key: 'my_secret_key',
+                minimumExecutionDuration: false,
+            ),
+            timelock: new Timelock($clock ?? new GenericClock()),
+        );
+    }
+
     public function test_good_signature(): void
     {
-        $signer = new GenericSigner(new SigningConfig(
+        $signer = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
         $data = 'important data';
@@ -25,9 +43,10 @@ public function test_good_signature(): void
 
     public function test_bad_signature(): void
     {
-        $signer = new GenericSigner(new SigningConfig(
+        $signer = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
         $data = 'important data';
@@ -41,14 +60,16 @@ public function test_bad_signature(): void
 
     public function test_different_algoritms(): void
     {
-        $signer1 = new GenericSigner(new SigningConfig(
+        $signer1 = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
-        $signer2 = new GenericSigner(new SigningConfig(
+        $signer2 = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA512,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
         $data = 'important data';
@@ -71,19 +92,21 @@ public function test_no_signing_key(): void
     {
         $this->expectException(SigningKeyWasMissing::class);
 
-        $signer = new GenericSigner(new SigningConfig(
+        $signer = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: '',
+            minimumExecutionDuration: false,
         ));
 
         $signer->sign('important data');
     }
 
     public function test_empty_data(): void
     {
-        $signer = new GenericSigner(new SigningConfig(
+        $signer = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
         $signature = $signer->sign('');
@@ -94,9 +117,10 @@ public function test_empty_data(): void
 
     public function test_consistent_signature(): void
     {
-        $signer = new GenericSigner(new SigningConfig(
+        $signer = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
         $data = 'important data';
@@ -109,14 +133,16 @@ public function test_consistent_signature(): void
 
     public function test_different_keys(): void
     {
-        $signer1 = new GenericSigner(new SigningConfig(
+        $signer1 = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'signer1_key_foo',
+            minimumExecutionDuration: false,
         ));
 
-        $signer2 = new GenericSigner(new SigningConfig(
+        $signer2 = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA512,
             key: 'signer2_key_bar',
+            minimumExecutionDuration: false,
         ));
 
         $data = 'important data';
@@ -134,4 +160,40 @@ public function test_different_keys(): void
         $this->assertFalse($signer1->verify($data, $signature2));
         $this->assertFalse($signer2->verify($data, $signature1));
     }
+
+    public function test_time_protection(): void
+    {
+        $signer = $this->createSigner(new SigningConfig(
+            algorithm: SigningAlgorithm::SHA256,
+            key: 'my_secret_key',
+            minimumExecutionDuration: Duration::milliseconds(300),
+        ));
+
+        $data = 'important data';
+        $signature = $signer->sign($data);
+
+        $start = microtime(true);
+        $this->assertTrue($signer->verify($data, $signature));
+        $elapsed = microtime(true) - $start;
+
+        $this->assertGreaterThanOrEqual(0.3, $elapsed);
+    }
+
+    public function test_time_protection_with_mock_clock(): void
+    {
+        $signer = $this->createSigner(new SigningConfig(
+            algorithm: SigningAlgorithm::SHA256,
+            key: 'my_secret_key',
+            minimumExecutionDuration: Duration::second(),
+        ), $clock = new MockClock());
+
+        $data = 'important data';
+        $signature = $signer->sign($data);
+
+        $ms = $clock->timestamp()->getMilliseconds();
+        $this->assertTrue($signer->verify($data, $signature));
+        $elapsed = $clock->timestamp()->getMilliseconds() - $ms;
+
+        $this->assertSame(1_000, $elapsed);
+    }
 }
diff --git a/packages/cryptography/tests/TimelockTest.php b/packages/cryptography/tests/TimelockTest.php
@@ -11,15 +11,6 @@
 
 final class TimelockTest extends TestCase
 {
-    protected function setUp(): void
-    {
-        parent::setUp();
-
-        if (! interface_exists(Clock::class)) {
-            $this->markTestSkipped('The Clock interface is not available. This test requires the `tempest/clock` package.');
-        }
-    }
-
     public function test_callback_is_executed(): void
     {
         $clock = new GenericClock();
diff --git a/tests/Integration/Cryptography/SignerTest.php b/tests/Integration/Cryptography/SignerTest.php
@@ -23,6 +23,7 @@ public function test_signature_valid(): void
         $this->container->config(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
         $data = 'important data';
@@ -36,6 +37,7 @@ public function test_update_key(): void
         $this->container->config(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key',
+            minimumExecutionDuration: false,
         ));
 
         $signature = $this->signer->sign('important data');
@@ -44,6 +46,7 @@ public function test_update_key(): void
         $this->container->config(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,
             key: 'my_secret_key2',
+            minimumExecutionDuration: false,
         ));
 
         $this->container->unregister(Signer::class);

Original file line number	Diff line number	Diff line change
`@@ -5,12 +5,16 @@`
`5`	`5`	`use Tempest\Container\Container;`
`6`	`6`	`use Tempest\Container\Initializer;`
`7`	`7`	`use Tempest\Container\Singleton;`
	`8`	`+use Tempest\Cryptography\Timelock;`
`8`	`9`
`9`	`10`	`final class SignerInitializer implements Initializer`
`10`	`11`	`{`
`11`	`12`	`#[Singleton]`
`12`	`13`	`public function initialize(Container $container): Signer`
`13`	`14`	`{`
`14`		`- return new GenericSigner($container->get(SigningConfig::class));`
	`15`	`+ return new GenericSigner(`
	`16`	`+ config: $container->get(SigningConfig::class),`
	`17`	`+ timelock: $container->get(Timelock::class),`
	`18`	`+ );`
`15`	`19`	`}`
`16`	`20`	`}`