use constant-time check when validating codes

diff --git a/lib/hotp.js b/lib/hotp.js
index 1fa41c9406301f8e2809d04a96bc7b3f6fd17cd7..052fab1d9736d3c253799db282558dd3adf206f1 100644 (file)
--- a/lib/hotp.js
+++ b/lib/hotp.js
@@ -128,7 +128,10 @@ class HMACBasedOneTimePassword {
    */
   validate(hotp, count) {
     const codeString = this.generate(count);
-    return codeString === hotp.trim();
+    const codeStringB = Buffer.from(codeString);
+    const hotpB = Buffer.from(hotp.trim());
+    return codeStringB.length === hotpB.length
+      && crypto.timingSafeEqual(hotpB, codeStringB);
   }
 
   /**

diff --git a/lib/totp.js b/lib/totp.js
index aff5d961331caa33389f337efeef17122f6f53df..2e2100949f12019d9b9a15ef04c9bdd0626d4c7e 100644 (file)
--- a/lib/totp.js
+++ b/lib/totp.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const HOTP = require('./hotp');
+const crypto = require('node:crypto');
 
 class TimeBasedOneTimePassword extends HOTP {
   /**
@@ -80,9 +81,11 @@ class TimeBasedOneTimePassword extends HOTP {
    */
   validate(hotp, count) {
     const counter = count ?? this.counter;
+    const hotpB = Buffer.from(hotp.trim());
     for (const offset of this.driftOffsets) {
       const codeString = this.generate(counter + offset);
-      if (codeString === hotp.trim()) {
+      const codeStringB = Buffer.from(codeString);
+      if (hotpB.length === codeString.length && crypto.timingSafeEqual(hotpB, codeStringB)) {
         return true;
       }
     }