Move constant-time compare function to utils.security

2019-02-12 11:57:49 +00:00 · 2019-02-12 11:57:49 +00:00 · 9667b8a6e0
commit 9667b8a6e0
parent 305b998a52
2 changed files with 8 additions and 2 deletions
--- a/modules/sasl/scram.py
+++ b/modules/sasl/scram.py
@ -1,4 +1,5 @@
 import base64, enum, hashlib, hmac, os, typing
+from src import utils

 # IANA Hash Function Textual Names
 # https://tools.ietf.org/html/rfc5802#section-4
@ -101,7 +102,7 @@ class SCRAM(object):
        server_key = self._hmac(self._salted_password, b"Server Key")
        server_signature = self._hmac(server_key, self._auth_message)

-        if self._constant_time_compare(server_signature, verifier):
+        if utils.security.constant_time_compare(server_signature, verifier):
            self.state = SCRAMState.Success
            return True
        else:
--- a/src/utils/security.py
+++ b/src/utils/security.py
@ -1,4 +1,4 @@
-import socket, ssl
+import hmac, socket, ssl, typing

 def ssl_context(cert: str=None, key: str=None, verify: bool=True
        ) -> ssl.SSLContext:
@ -21,3 +21,8 @@ def ssl_wrap(sock: socket.socket, cert: str=None, key: str=None,
    context = ssl_context(cert=cert, key=key, verify=verify)
    return context.wrap_socket(sock, server_side=server_side,
        server_hostname=hostname)
+
+def constant_time_compare(
+        a: typing.Union[str, bytes],
+        b: typing.Union[str, bytes]) -> bool:
+    return hmac.compare_digest(a, b)