Skip to content

Harden HMAC authentication against timing and validation bypasses#98

Merged
pwelter34 merged 3 commits intomainfrom
claude/security-review-hash-auth-cwPAK
Apr 13, 2026
Merged

Harden HMAC authentication against timing and validation bypasses#98
pwelter34 merged 3 commits intomainfrom
claude/security-review-hash-auth-cwPAK

Conversation

@pwelter34
Copy link
Copy Markdown
Member

@pwelter34 pwelter34 commented Apr 13, 2026

Summary

This PR strengthens the HMAC authentication implementation with critical security hardening across three areas: timing side-channel resistance, CIDR validation bounds checking, and mandatory signed header enforcement.

Key Changes

1. Timing Side-Channel Protection in FixedTimeEquals

  • Before: Length mismatches caused early returns, leaking information about input lengths via timing
  • After: Constant-time comparison that does not reveal length differences
    • On .NET Standard 2.0: XOR lengths into result accumulator before comparison loop
    • On .NET 6+: Guard length check with dummy comparison to maintain constant-time behavior
  • Prevents attackers from using timing analysis to infer signature or hash lengths

2. CIDR Prefix Length Validation in IpAddressWhitelist

  • Before: Invalid prefix lengths (negative or exceeding address family limits) were not validated, potentially matching all IPs
  • After: Explicit bounds checking ensures prefix length is within valid range
    • IPv4: 0-32 bits
    • IPv6: 0-128 bits
    • Returns false for out-of-range values
  • Prevents misconfiguration from accidentally whitelisting unintended IP ranges

3. Mandatory Signed Header Enforcement in HmacAuthenticationHandler

  • Before: Clients could omit critical headers (x-timestamp, x-content-sha256) from SignedHeaders, weakening security
  • After: New ValidateRequiredSignedHeaders() method enforces both headers are always included
    • Prevents replay attacks by ensuring timestamp is cryptographically bound
    • Prevents body substitution by ensuring content hash is cryptographically bound
    • Returns MissingRequiredSignedHeaders failure if validation fails

4. Content-Length Bypass Prevention

  • Before: Trusted Content-Length: 0 header to skip body hashing
  • After: Only skips hashing for Stream.Null (no body stream at all)
  • Prevents malicious clients/proxies from sending Content-Length: 0 with actual body content, causing hash mismatch

Implementation Details

  • All changes maintain backward compatibility for legitimate clients
  • Added comprehensive security-focused test suite (SecurityTests.cs) covering:
    • Timing side-channel scenarios
    • CIDR validation edge cases
    • Signed header enforcement
  • Uses logging to track security validation failures for monitoring

https://claude.ai/code/session_0188rXmpYc7jnR1xnXV2BVBQ

claude added 3 commits April 13, 2026 13:08
@claude
fix: harden HMAC authentication against timing, CIDR, and body-hash b…
71a9195 
…ypass attacks

Security fixes:
- FixedTimeEquals: eliminate timing side-channel on length mismatch by
  avoiding early return; XOR lengths into accumulator (NETSTANDARD) or
  perform a dummy comparison to burn constant time (.NET 8+).
- IpAddressWhitelist: reject negative and out-of-range CIDR prefix lengths
  that previously caused IsIpInNetwork to match all IPs.
- GenerateContentHash: stop trusting Content-Length header; always read the
  body stream to prevent TOCTOU gap between auth and application layers.
- Enforce that x-timestamp and x-content-sha256 are present in SignedHeaders,
  ensuring replay-protection and body-integrity are cryptographically bound.

Includes comprehensive security-focused unit tests.

https://claude.ai/code/session_0188rXmpYc7jnR1xnXV2BVBQ
@claude
docs: document x-timestamp and x-content-sha256 as required signed he…
f9728cd 
…aders

Update README.md and Implementation.md to reflect that the server now
enforces the presence of x-timestamp and x-content-sha256 in SignedHeaders.
This ensures replay protection and body integrity are always cryptographically
bound to the HMAC signature.

https://claude.ai/code/session_0188rXmpYc7jnR1xnXV2BVBQ
@claude
docs: add Python and Java samples to README.md
5a591e4 
https://claude.ai/code/session_0188rXmpYc7jnR1xnXV2BVBQ
@pwelter34 pwelter34 merged commit e6680ca into main Apr 13, 2026
8 checks passed
@pwelter34 pwelter34 deleted the claude/security-review-hash-auth-cwPAK branch April 13, 2026 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pwelter34 @claude