Consistently use constant-time comparison of password hashes

As per golang/go#47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths. Signed-off-by: Brad Davidson <[email protected]>
k3s-io · May 8, 2023 · 2a52bbf · 2a52bbf
1 parent b32bf49
commit 2a52bbf
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 8 deletions.
diff --git a/pkg/authenticator/passwordfile/passwordfile.go b/pkg/authenticator/passwordfile/passwordfile.go
@@ -18,13 +18,13 @@ package passwordfile
 
 import (
 	"context"
-	"crypto/subtle"
 	"encoding/csv"
 	"fmt"
 	"io"
 	"os"
 	"strings"
 
+	"github.com/k3s-io/k3s/pkg/nodepassword"
 	"k8s.io/klog/v2"
 
 	"k8s.io/apiserver/pkg/authentication/authenticator"
@@ -88,7 +88,11 @@ func (a *PasswordAuthenticator) AuthenticatePassword(ctx context.Context, userna
 	if !ok {
 		return nil, false, nil
 	}
-	if subtle.ConstantTimeCompare([]byte(user.password), []byte(password)) == 0 {
+	userHash, err := nodepassword.Hasher.CreateHash(user.password)
+	if err != nil {
+		return nil, false, err
+	}
+	if err := nodepassword.Hasher.VerifyHash(userHash, password); err != nil {
 		return nil, false, nil
 	}
 	return &authenticator.Response{User: user.info}, true, nil

diff --git a/pkg/nodepassword/nodepassword.go b/pkg/nodepassword/nodepassword.go
@@ -18,8 +18,8 @@ import (
 )
 
 var (
-	// hasher provides the algorithm for generating and verifying hashes
-	hasher = hash.NewSCrypt()
+	// Hasher provides the algorithm for generating and verifying hashes
+	Hasher = hash.NewSCrypt()
 )
 
 func getSecretName(nodeName string) string {
@@ -33,7 +33,7 @@ func verifyHash(secretClient coreclient.SecretClient, nodeName, pass string) err
 		return err
 	}
 	if hash, ok := secret.Data["hash"]; ok {
-		if err := hasher.VerifyHash(string(hash), pass); err != nil {
+		if err := Hasher.VerifyHash(string(hash), pass); err != nil {
 			return errors.Wrapf(err, "unable to verify hash for node '%s'", nodeName)
 		}
 		return nil
@@ -47,7 +47,7 @@ func Ensure(secretClient coreclient.SecretClient, nodeName, pass string) error {
 		return err
 	}
 
-	hash, err := hasher.CreateHash(pass)
+	hash, err := Hasher.CreateHash(pass)
 	if err != nil {
 		return errors.Wrapf(err, "unable to create hash for node '%s'", nodeName)
 	}

diff --git a/pkg/server/router.go b/pkg/server/router.go
@@ -483,8 +483,12 @@ func verifyLocalPassword(ctx context.Context, config *Config, mu *sync.Mutex, de
 		return "", http.StatusInternalServerError, errors.Wrap(err, "unable to read node password file")
 	}
 
-	password := strings.TrimSpace(string(passBytes))
-	if password != node.Password {
+	passHash, err := nodepassword.Hasher.CreateHash(strings.TrimSpace(string(passBytes)))
+	if err != nil {
+		return "", http.StatusInternalServerError, errors.Wrap(err, "unable to hash node password file")
+	}
+
+	if err := nodepassword.Hasher.VerifyHash(passHash, node.Password); err != nil {
 		return "", http.StatusForbidden, errors.Wrapf(err, "unable to verify local password for node '%s'", node.Name)
 	}