From ef08b40c51475be501e06131d7adce638d7edb87 Mon Sep 17 00:00:00 2001
From: shunkica <shunkica.dev@gmail.com>
Date: Sat, 1 Nov 2025 01:07:20 +0100
Subject: [PATCH] fix: use constant-time comparison for HMAC verification
 (#522)

Replace non-constant-time === operator with crypto.timingSafeEqual()
to prevent timing side-channel attacks on HMAC signature verification.

Fixes #522
---
 src/signature-algorithms.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/signature-algorithms.ts b/src/signature-algorithms.ts
index c5a96a0d..52e09280 100644
--- a/src/signature-algorithms.ts
+++ b/src/signature-algorithms.ts
@@ -143,7 +143,17 @@ export class HmacSha1 implements SignatureAlgorithm {
       verifier.update(material);
       const res = verifier.digest("base64");
 
-      return res === signatureValue;
+      // Use constant-time comparison to prevent timing attacks (CWE-208)
+      // See: https://github.com/node-saml/xml-crypto/issues/522
+      try {
+        return crypto.timingSafeEqual(
+          Buffer.from(res, "base64"),
+          Buffer.from(signatureValue, "base64"),
+        );
+      } catch (e) {
+        // timingSafeEqual throws if buffer lengths don't match
+        return false;
+      }
     },
   );