fix(webhook): constant-time signature verification (close timing side-channel)#171
Merged
liplus-lin-lay merged 1 commit intoJun 21, 2026
Conversation
…verify verifyGitHubSignature recomputed the HMAC and string-compared it with `===`, which early-exits on the first mismatched character and leaks the expected signature through response timing (#167). Switch to crypto.subtle.verify, which recomputes and compares in constant time. Malformed input (bad prefix / wrong length / non-hex) is rejected up front. Behavior is unchanged (valid -> true, invalid -> false), so webhook.test.ts stays green; a non-hex case was added. webhook 署名検証を `===` から定数時間の crypto.subtle.verify に置換し、タイミング 側チャネル(#167)を塞いだ。挙動は不変。 Closes #167
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
github-rag-mcp | c8d70a1 | Jun 21 2026, 03:20 AM |
liplus-lin-lay
commented
Jun 21, 2026
liplus-lin-lay
left a comment
Member
Author
There was a problem hiding this comment.
AI セルフレビュー (auto mode)
- ✅ CI 全 green:
test(node 42 + workers 15)+tsc --noEmit+ wrangler dry-run + Workers Builds。ローカルでも確認済み。 - ✅ 修正は
src/webhook.tsのverifyGitHubSignatureのみ。crypto.subtle.verifyによる定数時間比較に置換し、===のタイミング側チャネルを除去。 - ✅ 挙動不変:
webhook.test.tsの契約(valid→true / 不正・malformed→false)はそのまま green、non-hex ケース1件追加。 - ✅ malformed 署名は crypto に触れる前に形式検証(prefix + 64 hex)で一律 false。
- リリース種別: 挙動変更なし → patch。
self-review pass。auto mode のため squash merge → #167 close。merge 時の Workers Builds で本番 Worker に定数時間版がデプロイされる。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概要
src/webhook.tsのverifyGitHubSignatureを 定数時間比較に修正(#167)。旧実装は HMAC を再計算して
expected === signatureで文字列比較していた。===は最初の不一致で早期終了するため、「先頭が何文字一致したか」が応答時間に滲み、理論上は署名を1バイトずつ当てる timing attack に晒される(タイミング側チャネル)。変更
crypto.subtle.verify("HMAC", ...)に置換。verify は HMAC を再計算して定数時間で比較するので、時間から情報が漏れない。sha256=prefix + 64 hex)。malformed は crypto に触れる前に一律 false。webhook.test.tsの既存契約はそのまま green、non-hex ケースを1件追加。影響範囲
src/webhook.ts(worker 側)のみ。npm パッケージ(mcp-server/)は不変。修正は merge 時の Workers Builds で本番 Worker にデプロイされる。Closes #167