Remove unnecessary utility-method

simplesamlphp · May 10, 2024 · 08c3b64 · 08c3b64
1 parent aa26c50
commit 08c3b64
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 51 deletions.
diff --git a/src/Backend/HMAC.php b/src/Backend/HMAC.php
@@ -8,8 +8,8 @@
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
 use SimpleSAML\XMLSecurity\Key\KeyInterface;
-use SimpleSAML\XMLSecurity\Utils\Security;
 
+use function hash_equals;
 use function hash_hmac;
 
 /**
@@ -77,6 +77,6 @@ public function sign(KeyInterface $key, string $plaintext): string
      */
     public function verify(KeyInterface $key, string $plaintext, string $signature): bool
     {
-        return Security::compareStrings(hash_hmac($this->digest, $plaintext, $key->getMaterial(), true), $signature);
+        return hash_equals(hash_hmac($this->digest, $plaintext, $key->getMaterial(), true), $signature);
     }
 }
diff --git a/src/Utils/Security.php b/src/Utils/Security.php
@@ -17,23 +17,6 @@
  */
 class Security
 {
-    /**
-     * Compare two strings in constant time.
-     *
-     * This function allows us to compare two given strings without any timing side channels
-     * leaking information about them.
-     *
-     * @param string $known The reference string.
-     * @param string $user The user-provided string to test.
-     *
-     * @return bool True if both strings are equal, false otherwise.
-     */
-    public static function compareStrings(string $known, string $user): bool
-    {
-        return hash_equals($known, $user);
-    }
-
-
     /**
      * Compute the hash for some data with a given algorithm.
      *

diff --git a/src/XML/SignedElementTrait.php b/src/XML/SignedElementTrait.php
@@ -151,7 +151,7 @@ private function validateReference(SignedInfo $signedInfo): SignedElementInterfa
         $data = XML::processTransforms($reference->getTransforms(), $xml);
         $digest = Security::hash($reference->getDigestMethod()->getAlgorithm(), $data, false);
 
-        if (Security::compareStrings($digest, base64_decode($reference->getDigestValue()->getRawContent(), true)) !== true) {
+        if (hash_equals($digest, base64_decode($reference->getDigestValue()->getRawContent(), true)) !== true) {
             throw new SignatureVerificationFailedException('Failed to verify signature.');
         }
 

diff --git a/tests/Utils/SecurityTest.php b/tests/Utils/SecurityTest.php