From 4b41ce0ae242815a10f599ce9bce2d0f6695c340 Mon Sep 17 00:00:00 2001
From: Niklas Fiekas <niklas.fiekas@backscattering.de>
Date: Sun, 5 May 2019 01:21:41 +0200
Subject: [PATCH] fix timing side channel in StringToken (closes
 lichess-org/talk#11)

---
 modules/security/src/main/StringToken.scala | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/security/src/main/StringToken.scala b/modules/security/src/main/StringToken.scala
index e7be269d1a..b462c9cfdc 100644
--- a/modules/security/src/main/StringToken.scala
+++ b/modules/security/src/main/StringToken.scala
@@ -2,6 +2,7 @@ package lila.security
 
 import com.roundeights.hasher.Algo
 import lila.common.String.base64
+import org.mindrot.BCrypt
 
 import StringToken.ValueChecker
 
@@ -24,7 +25,7 @@ private[security] final class StringToken[A](
   def read(token: String): Fu[Option[A]] = (base64 decode token) ?? {
     _ split separator match {
       case Array(payloadStr, hashed, checksum) =>
-        (makeHash(signPayload(payloadStr, hashed)) == checksum) ?? {
+        BCrypt.bytesEqualSecure(makeHash(signPayload(payloadStr, hashed)).getBytes("utf-8"), checksum.getBytes("utf-8")) ?? {
           val payload = serializer read payloadStr
           (valueChecker match {
             case ValueChecker.Same => hashCurrentValue(payload) map (hashed ==)