fix: Use constant-time comparison for HMAC signatures (box/box-codegen#739) (#630)

Author: box-sdk-build

.codegen.json

@@ -1 +1 @@
-{ "engineHash": "4e4fdf6", "specHash": "630fc85", "version": "1.15.1" }
+{ "engineHash": "d18eeee", "specHash": "630fc85", "version": "1.15.1" }

src/internal/utils.ts

@@ -1,6 +1,7 @@
 import { v4 as uuidv4 } from 'uuid';
 import {
   calculateMD5Hash,
+  compareSignatures,
   computeWebhookSignature,
   createAgent,
   createJwtAssertion,
@@ -45,6 +46,7 @@ export {
   readTextFromFile,
   createAgent,
   jsonStringifyWithEscapedUnicode,
+  compareSignatures,
   computeWebhookSignature,
   calculateMD5Hash,
   getEnvVar,

src/internal/utilsBrowser.ts

@@ -282,6 +282,7 @@ export function jsonStringifyWithEscapedUnicode(body: string) {
  * @param {string} body - The request body of the webhook message
  * @param {Object} headers - The request headers of the webhook message
  * @param {string} signatureKey - The signature to verify the message with
+ * @param {string} escapeBody - Indicates if payload should be escaped or left as is
  * @returns {?string} - The message signature (or null, if it can't be computed)
  * @private
  */
@@ -293,14 +294,14 @@ export async function computeWebhookSignature(
   signatureKey: string,
   escapeBody: boolean = false,
 ): Promise<string | null> {
-  const escapedBody = escapeBody ? jsonStringifyWithEscapedUnicode(body) : body;
   if (headers['box-signature-version'] !== '1') {
     return null;
   }
   if (headers['box-signature-algorithm'] !== 'HmacSHA256') {
     return null;
   }
   let signature: string | null = null;
+  const escapedBody = escapeBody ? jsonStringifyWithEscapedUnicode(body) : body;
   const hashFunc = createSHA256();
   const hmac = await createHMAC(hashFunc, signatureKey);
   hmac.init();
@@ -312,6 +313,23 @@ export async function computeWebhookSignature(
   return signature;
 }
 
+export async function compareSignatures(
+  expectedSignature: string | null,
+  receivedSignature: string | null,
+): Promise<boolean> {
+  if (!expectedSignature || !receivedSignature) {
+    return false;
+  }
+  if (expectedSignature.length !== receivedSignature.length) return false;
+
+  let result = 0;
+  for (let i = 0; i < expectedSignature.length; i++) {
+    result |= expectedSignature.charCodeAt(i) ^ receivedSignature.charCodeAt(i);
+  }
+
+  return result === 0;
+}
+
 export async function calculateMD5Hash(data: string | Buffer): Promise<string> {
   return await sha1(data);
 }

src/internal/utilsNode.ts

@@ -249,7 +249,6 @@ export async function computeWebhookSignature(
   signatureKey: string,
   escapeBody: boolean = false,
 ): Promise<string | null> {
-  const escapedBody = escapeBody ? jsonStringifyWithEscapedUnicode(body) : body;
   if (headers['box-signature-version'] !== '1') {
     return null;
   }
@@ -258,13 +257,32 @@ export async function computeWebhookSignature(
   }
   let signature: string | null = null;
 
+  const escapedBody = escapeBody ? jsonStringifyWithEscapedUnicode(body) : body;
   let hmac = crypto.createHmac('sha256', signatureKey);
   hmac.update(escapedBody);
   hmac.update(headers['box-delivery-timestamp']);
   signature = hmac.digest('base64');
   return signature;
 }
 
+export async function compareSignatures(
+  expectedSignature: string | null,
+  receivedSignature: string | null,
+): Promise<boolean> {
+  if (!expectedSignature || !receivedSignature) {
+    return false;
+  }
+
+  const expectedBuffer = Buffer.from(expectedSignature, 'base64');
+  const receivedBuffer = Buffer.from(receivedSignature, 'base64');
+
+  if (expectedBuffer.length !== receivedBuffer.length) {
+    return false;
+  }
+
+  return crypto.timingSafeEqual(expectedBuffer, receivedBuffer);
+}
+
 export function random(min: number, max: number): number {
   return Math.random() * (max - min) + min;
 }

src/managers/webhooks.generated.ts

@@ -23,6 +23,7 @@ import { CancellationToken } from '../internal/utils.js';
 import { sdToJson } from '../serialization/json.js';
 import { SerializedData } from '../serialization/json.js';
 import { computeWebhookSignature } from '../internal/utils.js';
+import { compareSignatures } from '../internal/utils.js';
 import { dateTimeFromString } from '../internal/utils.js';
 import { getEpochTimeInSeconds } from '../internal/utils.js';
 import { dateTimeToEpochSeconds } from '../internal/utils.js';
@@ -680,29 +681,37 @@ export class WebhooksManager {
     }
     if (
       primaryKey &&
-      (await computeWebhookSignature(body, headers, primaryKey, false)) ==
-        headers['box-signature-primary']
+      (await compareSignatures(
+        await computeWebhookSignature(body, headers, primaryKey, false),
+        headers['box-signature-primary'],
+      ))
     ) {
       return true;
     }
     if (
       primaryKey &&
-      (await computeWebhookSignature(body, headers, primaryKey, true)) ==
-        headers['box-signature-primary']
+      (await compareSignatures(
+        await computeWebhookSignature(body, headers, primaryKey, true),
+        headers['box-signature-primary'],
+      ))
     ) {
       return true;
     }
     if (
       secondaryKey &&
-      (await computeWebhookSignature(body, headers, secondaryKey, false)) ==
-        headers['box-signature-secondary']
+      (await compareSignatures(
+        await computeWebhookSignature(body, headers, secondaryKey, false),
+        headers['box-signature-secondary'],
+      ))
     ) {
       return true;
     }
     if (
       secondaryKey &&
-      (await computeWebhookSignature(body, headers, secondaryKey, true)) ==
-        headers['box-signature-secondary']
+      (await compareSignatures(
+        await computeWebhookSignature(body, headers, secondaryKey, true),
+        headers['box-signature-secondary'],
+      ))
     ) {
       return true;
     }