From ed044a3d8b09f8bf25534431df9eef8f527599e4 Mon Sep 17 00:00:00 2001
From: Leon Klingele <git@leonklingele.de>
Date: Wed, 6 Jul 2016 09:37:52 +0200
Subject: [PATCH] Compare HMACs in constant time to mitigate timing attack

---
 go/channelling/server/users.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/go/channelling/server/users.go b/go/channelling/server/users.go
index 922d9858..78c51106 100644
--- a/go/channelling/server/users.go
+++ b/go/channelling/server/users.go
@@ -26,6 +26,7 @@ import (
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/sha256"
+	"crypto/subtle"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -95,7 +96,7 @@ func (uh *UsersSharedsecretHandler) Validate(snr *SessionNonceRequest, request *
 	}
 
 	secret := uh.createHMAC(snr.UseridCombo)
-	if snr.Secret != secret {
+	if subtle.ConstantTimeCompare([]byte(snr.Secret), []byte(secret)) != 1 {
 		return "", errors.New("invalid secret")
 	}