Use a constant time algorithm to compare signature strings.

This guards against timing attacks of the class outlined
in http://codahale.com/a-lesson-in-timing-attacks/

src/oauth.erl

@@ -124,10 +124,10 @@ hmac_sha1_signature(BaseString, Consumer, TokenSecret) ->
   base64:encode_to_string(crypto:sha_mac(Key, BaseString)).
 
 hmac_sha1_verify(Signature, HttpMethod, URL, Params, Consumer, TokenSecret) ->
-  Signature =:= hmac_sha1_signature(HttpMethod, URL, Params, Consumer, TokenSecret).
+  verify_in_constant_time(Signature, hmac_sha1_signature(HttpMethod, URL, Params, Consumer, TokenSecret)).
 
 hmac_sha1_verify(Signature, BaseString, Consumer, TokenSecret) ->
-  Signature =:= hmac_sha1_signature(BaseString, Consumer, TokenSecret).
+  verify_in_constant_time(Signature, hmac_sha1_signature(BaseString, Consumer, TokenSecret)).
 
 rsa_sha1_signature(HttpMethod, URL, Params, Consumer) ->
   BaseString = signature_base_string(HttpMethod, URL, Params),
@@ -145,6 +145,22 @@ rsa_sha1_verify(Signature, BaseString, Consumer) ->
   Key = read_cert_key(consumer_secret(Consumer)),
   public_key:verify(to_binary(BaseString), sha, base64:decode(Signature), Key).
 
+verify_in_constant_time([X|RestX], [Y|RestY], Result) ->
+    verify_in_constant_time(RestX, RestY, (X bxor Y) bor Result);
+verify_in_constant_time([], [], Result) ->
+    Result == 0.
+
+verify_in_constant_time(<<X/binary>>, <<Y/binary>>) ->
+    verify_in_constant_time(binary_to_list(X), binary_to_list(Y));
+verify_in_constant_time(X, Y) when is_list(X) and is_list(Y) ->
+    case length(X) == length(Y) of
+        true ->
+            verify_in_constant_time(X, Y, 0);
+        false ->
+            false
+    end;
+verify_in_constant_time(_X, _Y) -> false.
+
 signature_base_string(HttpMethod, URL, Params) ->
   uri_join([HttpMethod, uri_normalize(URL), params_encode(Params)]).