MQTT Signature Verification Exposes Timing Side-Channel Vulnerability in secure_mqtt.cpp

A high-severity timing side-channel vulnerability has been identified in the MQTT envelope signature verification path, potentially allowing attackers to forge authentication tokens through careful measurement of response times. The flaw, classified as finding N2 with high severity, exists in `secure_mqtt.cpp:65` where HMAC signatures are compared using a non-constant-time `operator!=` function. This creates the same class of vulnerability previously documented in issue #69, but affects a different code path specifically handling MQTT message verification.

The vulnerability stems from `std::string::operator!=` performing short-circuit byte-by-byte comparison, which leaks timing information based on how many bytes match before a difference is detected. An attacker with the ability to observe response times could progressively guess the correct HMAC signature byte-by-byte, as each correct byte in a position causes the comparison to continue longer before failing. This timing oracle enables systematic recovery of valid signatures without knowing the secret key.

The security implications extend to the entire MQTT messaging infrastructure within the swarm network. Successful exploitation would allow token forgery for MQTT messages, granting unauthorized publish and subscribe capabilities. The recommended remediation involves replacing the vulnerable comparison with OpenSSL's `CRYPTO_memcmp` function, which performs constant-time comparison to eliminate timing leakage. This finding underscores the persistent challenge of implementing cryptographic verification correctly across multiple code paths, even when similar vulnerabilities have been previously identified and addressed elsewhere in the same codebase.