Home Explore Help
Sign In
Lawsun
/
ysjj-system
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: efde00f228
Branches Tags
ysjj-system
/
node_modules
/
tsscmp
/
lib
/
index.js

index.js 1.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738 
  1. 'use strict';
    2. 

  2. 

  3. // Implements Brad Hill's Double HMAC pattern from
    4. 

  4. // https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/.
    5. 

  5. // The approach is similar to the node's native implementation of timing safe buffer comparison that will be available on v6+.
    6. 

  6. // https://github.com/nodejs/node/issues/3043
    7. 

  7. // https://github.com/nodejs/node/pull/3073
    8. 

  8. 

  9. var crypto = require('crypto');
    10. 

  10. 

  11. function bufferEqual(a, b) {
    12. 

  12.   if (a.length !== b.length) {
    13. 

  13.     return false;
    14. 

  14.   }
    15. 

  15.   // `crypto.timingSafeEqual` was introduced in Node v6.6.0
    16. 

  16.   // <https://github.com/jshttp/basic-auth/issues/39>
    17. 

  17.   if (crypto.timingSafeEqual) {
    18. 

  18.     return crypto.timingSafeEqual(a, b);
    19. 

  19.   }
    20. 

  20.   for (var i = 0; i < a.length; i++) {
    21. 

  21.     if (a[i] !== b[i]) {
    22. 

  22.       return false;
    23. 

  23.     }
    24. 

  24.   }
    25. 

  25.   return true;
    26. 

  26. }
    27. 

  27. 

  28. function timeSafeCompare(a, b) {
    29. 

  29.   var sa = String(a);
    30. 

  30.   var sb = String(b);
    31. 

  31.   var key = crypto.pseudoRandomBytes(32);
    32. 

  32.   var ah = crypto.createHmac('sha256', key).update(sa).digest();
    33. 

  33.   var bh = crypto.createHmac('sha256', key).update(sb).digest();
    34. 

  34. 

  35.   return bufferEqual(ah, bh) && a === b;
    36. 

  36. }
    37. 

  37. 

  38. module.exports = timeSafeCompare;
    39.