kms: use constant-time comparison for admin token verification

kvinwang · kvinwang · commit 12ce98be6935 · 2026-03-16T03:37:28.000Z
Replace timing-vulnerable `!=` with `subtle::ConstantTimeEq` to
prevent timing side-channel attacks on admin token hash comparison.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/kms/Cargo.toml b/kms/Cargo.toml
@@ -31,6 +31,7 @@ load_config.workspace = true
 serde-human-bytes.workspace = true
 reqwest = { workspace = true, features = ["json"] }
 sha2.workspace = true
+subtle = "2"
 sha3.workspace = true
 k256.workspace = true
 rand.workspace = true
diff --git a/kms/src/main_service.rs b/kms/src/main_service.rs
@@ -138,7 +138,8 @@ impl RpcHandler {
 
     fn ensure_admin(&self, token: &str) -> Result<()> {
         let token_hash = sha2::Sha256::new_with_prefix(token).finalize();
-        if token_hash.as_slice() != self.state.config.admin_token_hash.as_slice() {
+        use subtle::ConstantTimeEq;
+        if !bool::from(token_hash.as_slice().ct_eq(self.state.config.admin_token_hash.as_slice())) {
             bail!("Invalid token");
         }
         Ok(())

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,8 @@ impl RpcHandler {`
`138`	`138`
`139`	`139`	`fn ensure_admin(&self, token: &str) -> Result<()> {`
`140`	`140`	`let token_hash = sha2::Sha256::new_with_prefix(token).finalize();`
`141`		`- if token_hash.as_slice() != self.state.config.admin_token_hash.as_slice() {`
	`141`	`+ use subtle::ConstantTimeEq;`
	`142`	`+ if !bool::from(token_hash.as_slice().ct_eq(self.state.config.admin_token_hash.as_slice())) {`
`142`	`143`	`bail!("Invalid token");`
`143`	`144`	`}`
`144`	`145`	`Ok(())`