Conch MAC verification should use cryptography

[twisted-trac]

	@mithrandi reported
Trac ID	trac#8199
Type	defect
Created	2016-02-06 17:30:20Z

Currently verification is done using ==; this is bad because it is not a constant-time comparison. Cryptography's HMAC objects have a verify() method that does the right thing, as well as a general-purpose constant-time comparison, so now that we use Cryptography for the rest of our crypto, we should just use these.

Searchable metadata

trac-id__8199 8199
type__defect defect
reporter__mithrandi mithrandi
priority__normal normal
milestone__None None
branch__ 
branch_author__ 
status__closed closed
resolution__fixed fixed
component__conch conch
keywords__None None
time__1454779820235485 1454779820235485
changetime__1626936906376695 1626936906376695
version__None None
owner__glyph glyph
cc__z3p

[twisted-trac]

	@wiml commented

This seems like a good idea; on Python3.6+, we could also use secrets.compare_digest().

[twisted-trac]

	@wiml commented

PR here, using hmac.compare_digest() since we're using the hmac digest for digesting anyway: #1580

[twisted-trac]

	@wiml set owner to @wiml @wiml set status to assigned

Taking this out of review until I write up a unit test that covers the untested part of the change

[twisted-trac]

	@adiroiban commented

Maybe related #4536

[twisted-trac]

	@wiml removed owner @wiml set status to new

[twisted-trac]

	@wiml commented

Replying to Adi Roiban:

Yes I think this is a subset of [#4536](#4536) (as is another open PR, for ticket #10086, which is disjoint from this one). I think a lot of the concerns in #4536 disappear with the availability of compare_digest() in python's stdlib.

The PR I submitted for this ticket just covers the couple cases in conch, which are I think more straightforward to resolve than a few of the other sensitive comparisons in Twisted. Hopefully this can chip away at the variety of comparisons mentioned by #4536 until that ticket is easier to resolve.

[twisted-trac]

	@glyph set owner to @glyph

Thanks for making such a nice bite-sized change. I'll approve and land it!

[twisted-trac]

	@glyph set status to closed

In changeset 65f382f

#!CommitTicketReference repository="" revision="65f382f43dfe9bec9d25d99ce0cb05db115f5fac"
Merge pull request #1580 from wiml/8199-conch-constant-time-compare

Author: wiml
Reviewer: glyph
Fixes: ticket:8199
Refs: ticket:4536

Use constant-time compare_digest() for MACs and similar secret data.