1. Advisor
  2. @hapi/cryptiles
  3. functions
  4. @hapi/cryptiles.fixedTimeComparison
View all @hapi/cryptiles analysis

How to use the @hapi/cryptiles.fixedTimeComparison function in @hapi/cryptiles

To help you get started, we’ve selected a few @hapi/cryptiles examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github hapijs / hawk / lib / server.js View on Github external
host,
        port,
        hash: authorization.hash
    };

    // Calculate MAC

    const mac = Crypto.calculateMac('message', credentials, artifacts);
    if (!Cryptiles.fixedTimeComparison(mac, authorization.mac)) {
        throw Object.assign(Utils.unauthorized('Bad mac'), result);
    }

    // Check payload hash

    const hash = Crypto.calculatePayloadHash(message, credentials.algorithm);
    if (!Cryptiles.fixedTimeComparison(hash, authorization.hash)) {
        throw Object.assign(Utils.unauthorized('Bad message hash'), result);
    }

    // Check nonce

    if (options.nonceFunc) {
        try {
            await options.nonceFunc(credentials.key, authorization.nonce, authorization.ts);
        }
        catch (err) {
            throw Object.assign(Utils.unauthorized('Invalid nonce'), result);
        }
    }

    // Check timestamp staleness
github hapijs / iron / lib / index.js View on Github external
password = password[passwordId || 'default'];
        if (!password) {
            throw new Boom.Boom('Cannot find password: ' + passwordId);
        }
    }

    password = internals.normalizePassword(password);

    // Check hmac

    const macOptions = Hoek.clone(options.integrity);
    macOptions.salt = hmacSalt;
    const mac = await exports.hmacWithPassword(password.integrity, macOptions, macBaseString);

    if (!Cryptiles.fixedTimeComparison(mac.digest, hmac)) {
        throw new Boom.Boom('Bad hmac value');
    }

    // Decrypt

    try {
        var encrypted = B64.base64urlDecode(encryptedB64, 'buffer');
    }
    catch (err) {
        throw Boom.boomify(err);
    }

    const decryptOptions = Hoek.clone(options.encryption);
    decryptOptions.salt = encryptionSalt;

    try {
github hapijs / hawk / lib / server.js View on Github external
const result = { credentials, artifacts };

    if (!credentials.key ||
        !credentials.algorithm) {

        throw new Boom('Invalid credentials', { decorate: result });
    }

    if (Crypto.algorithms.indexOf(credentials.algorithm) === -1) {
        throw new Boom('Unknown algorithm', { decorate: result });
    }

    // Calculate MAC

    const mac = Crypto.calculateMac('header', credentials, artifacts);
    if (!Cryptiles.fixedTimeComparison(mac, attributes.mac)) {
        throw Object.assign(Utils.unauthorized('Bad mac'), result);
    }

    // Check payload hash

    if (options.payload ||
        options.payload === '') {

        if (!attributes.hash) {
            throw Object.assign(Utils.unauthorized('Missing required payload hash'), result);
        }

        const hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType);
        if (!Cryptiles.fixedTimeComparison(hash, attributes.hash)) {
            throw Object.assign(Utils.unauthorized('Bad payload hash'), result);
        }
github hapijs / hawk / lib / server.js View on Github external
throw new Boom('Unknown algorithm', { decorate: result });
    }

    // Calculate MAC

    const mac = Crypto.calculateMac('bewit', credentials, {
        ts: bewit.exp,
        nonce: '',
        method: 'GET',
        resource: url,
        host: request.host,
        port: request.port,
        ext: bewit.ext
    });

    if (!Cryptiles.fixedTimeComparison(mac, bewit.mac)) {
        throw Object.assign(Utils.unauthorized('Bad mac'), result);
    }

    // Successful authentication

    return result;
};
github hapijs / statehood / lib / index.js View on Github external
if (!sig) {
        throw Boom.badRequest('Missing signature');
    }

    const sigParts = sig.split('*');
    if (sigParts.length !== 2) {
        throw Boom.badRequest('Invalid signature format');
    }

    const hmacSalt = sigParts[0];
    const hmac = sigParts[1];

    const macOptions = Hoek.clone(definition.sign.integrity || Iron.defaults.integrity);
    macOptions.salt = hmacSalt;
    const mac = await Iron.hmacWithPassword(definition.sign.password, macOptions, [internals.macPrefix, name, unsigned].join('\n'));
    if (!Cryptiles.fixedTimeComparison(mac.digest, hmac)) {
        throw Boom.badRequest('Invalid hmac value');
    }

    return unsigned;
};
github hapijs / hawk / lib / server.js View on Github external
exports.authenticatePayloadHash = function (calculatedHash, artifacts) {

    if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) {
        throw Object.assign(Utils.unauthorized('Bad payload hash'), { artifacts });
    }
};
github hapijs / hawk / lib / server.js View on Github external
exports.authenticatePayload = function (payload, credentials, artifacts, contentType) {

    const calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType);
    if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) {
        throw Object.assign(Utils.unauthorized('Bad payload hash'), { credentials, artifacts });
    }
};

@hapi/cryptiles

General purpose crypto utilities

GitHub
BSD-3-Clause
Latest version published 2 years ago

Package Health Score

74 / 100
Full package analysis

Popular @hapi/cryptiles functions

Similar packages