From ff658703ebcaaa3baf1a2f57844fcaed75ce5e14 Mon Sep 17 00:00:00 2001 From: Calvin Metcalf Date: Fri, 16 Sep 2016 08:55:45 -0400 Subject: [PATCH 1/6] add timingSafeEqual --- README.md | 1 + index.js | 2 ++ package.json | 3 ++- test/index.js | 1 + test/timing-safe-equal.js | 28 ++++++++++++++++++++++++++++ 5 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 test/timing-safe-equal.js diff --git a/README.md b/README.md index 1b9cf3b..6b1a01f 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ Here is the subset that is currently implemented: * createECDH (secp256k1) * publicEncrypt/privateDecrypt (rsa) * privateEncrypt/publicDecrypt (rsa) +* timingSafeEqual ## todo diff --git a/index.js b/index.js index b6d4d24..92705e1 100644 --- a/index.js +++ b/index.js @@ -52,6 +52,8 @@ exports.privateEncrypt = publicEncrypt.privateEncrypt exports.publicDecrypt = publicEncrypt.publicDecrypt exports.privateDecrypt = publicEncrypt.privateDecrypt +exports.timingSafeEqual = require('timing-safe-equal') + // the least I can do is make error messages for the rest of the node.js/crypto api. // ;[ // 'createCredentials' diff --git a/package.json b/package.json index 7de383b..ffa8c11 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,8 @@ "pbkdf2": "^3.0.3", "public-encrypt": "^4.0.0", "randombytes": "^2.0.0", - "randomfill": "^1.0.3" + "randomfill": "^1.0.3", + "timing-safe-equal": "^1.0.0" }, "devDependencies": { "hash-test-vectors": "~1.3.2", diff --git a/test/index.js b/test/index.js index e48ee9b..f093588 100644 --- a/test/index.js +++ b/test/index.js @@ -12,6 +12,7 @@ try { require('./random-bytes') require('./sign') require('./random-fill') + require('./timing-safe-equal') } catch (e) { console.log('no secure rng avaiable') } diff --git a/test/timing-safe-equal.js b/test/timing-safe-equal.js new file mode 100644 index 0000000..7bb1fe2 --- /dev/null +++ b/test/timing-safe-equal.js @@ -0,0 +1,28 @@ +var test = require('tape') +var timingSafeEqual = require('timing-safe-equal/browser') +test('timingSafeEqual', function (t) { + t.plan(5) + t.strictEqual( + timingSafeEqual(Buffer.from('foo'), Buffer.from('foo')), + true, + 'should consider equal strings to be equal' + ) + + t.strictEqual( + timingSafeEqual(Buffer.from('foo'), Buffer.from('bar')), + false, + 'should consider unequal strings to be unequal' + ) + + t.throws(function () { + timingSafeEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2])) + }, 'should throw when given buffers with different lengths') + + t.throws(function () { + timingSafeEqual('not a buffer', Buffer.from([1, 2])) + }, 'should throw if the first argument is not a buffer') + + t.throws(function () { + timingSafeEqual(Buffer.from([1, 2]), 'not a buffer') + }, 'should throw if the second argument is not a buffer') +}) From 9767b7bc05773b1c4df85cfa8cba966abd2aa7ad Mon Sep 17 00:00:00 2001 From: Calvin Metcalf Date: Fri, 16 Sep 2016 09:16:28 -0400 Subject: [PATCH 2/6] use buffer shims --- package.json | 1 + test/timing-safe-equal.js | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index ffa8c11..9b8f437 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,7 @@ "timing-safe-equal": "^1.0.0" }, "devDependencies": { + "buffer-shims": "^1.0.0", "hash-test-vectors": "~1.3.2", "pseudorandombytes": "^2.0.0", "safe-buffer": "^5.1.1", diff --git a/test/timing-safe-equal.js b/test/timing-safe-equal.js index 7bb1fe2..2b91c41 100644 --- a/test/timing-safe-equal.js +++ b/test/timing-safe-equal.js @@ -1,28 +1,29 @@ var test = require('tape') var timingSafeEqual = require('timing-safe-equal/browser') +var bufferShims = require('buffer-shims') test('timingSafeEqual', function (t) { t.plan(5) t.strictEqual( - timingSafeEqual(Buffer.from('foo'), Buffer.from('foo')), + timingSafeEqual(bufferShims.from('foo'), bufferShims.from('foo')), true, 'should consider equal strings to be equal' ) t.strictEqual( - timingSafeEqual(Buffer.from('foo'), Buffer.from('bar')), + timingSafeEqual(bufferShims.from('foo'), bufferShims.from('bar')), false, 'should consider unequal strings to be unequal' ) t.throws(function () { - timingSafeEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2])) + timingSafeEqual(bufferShims.from([1, 2, 3]), bufferShims.from([1, 2])) }, 'should throw when given buffers with different lengths') t.throws(function () { - timingSafeEqual('not a buffer', Buffer.from([1, 2])) + timingSafeEqual('not a buffer', bufferShims.from([1, 2])) }, 'should throw if the first argument is not a buffer') t.throws(function () { - timingSafeEqual(Buffer.from([1, 2]), 'not a buffer') + timingSafeEqual(bufferShims.from([1, 2]), 'not a buffer') }, 'should throw if the second argument is not a buffer') }) From d1088bf83a8e519f0c83a3f5202aaf706624a73d Mon Sep 17 00:00:00 2001 From: Calvin Metcalf Date: Fri, 16 Sep 2016 10:21:51 -0400 Subject: [PATCH 3/6] remove broken iphone --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index 5ad8439..21148a7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,9 +15,13 @@ matrix: - node_js: '4' env: TEST_SUITE=browser BROWSER_NAME=chrome BROWSER_VERSION="-2..beta" - node_js: '4' +<<<<<<< HEAD env: TEST_SUITE=browser BROWSER_NAME=firefox BROWSER_VERSION="-2..latest" - node_js: '4' env: TEST_SUITE=browser BROWSER_NAME=safari BROWSER_VERSION="7..latest" +======= + env: TEST_SUITE=browser BROWSER_NAME=safari BROWSER_VERSION="5..latest" +>>>>>>> remove broken iphone - node_js: '4' env: TEST_SUITE=browser BROWSER_NAME=android BROWSER_VERSION="5.0..latest" script: "npm run-script $TEST_SUITE" From bc593db5eb6e1d41648e3802f0ac208dadf74f0c Mon Sep 17 00:00:00 2001 From: Calvin Metcalf Date: Thu, 9 Aug 2018 13:53:49 -0400 Subject: [PATCH 4/6] switch to safe-buffer --- package.json | 5 ++++- test/timing-safe-equal.js | 12 ++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 9b8f437..d17765f 100644 --- a/package.json +++ b/package.json @@ -32,10 +32,13 @@ "timing-safe-equal": "^1.0.0" }, "devDependencies": { - "buffer-shims": "^1.0.0", "hash-test-vectors": "~1.3.2", "pseudorandombytes": "^2.0.0", +<<<<<<< HEAD "safe-buffer": "^5.1.1", +======= + "safe-buffer": "^5.1.2", +>>>>>>> switch to safe-buffer "standard": "^5.0.2", "tape": "~2.3.2", "zuul": "^3.6.0" diff --git a/test/timing-safe-equal.js b/test/timing-safe-equal.js index 2b91c41..92431d4 100644 --- a/test/timing-safe-equal.js +++ b/test/timing-safe-equal.js @@ -1,29 +1,29 @@ var test = require('tape') var timingSafeEqual = require('timing-safe-equal/browser') -var bufferShims = require('buffer-shims') +var Buffer = require('safe-buffer').Buffer test('timingSafeEqual', function (t) { t.plan(5) t.strictEqual( - timingSafeEqual(bufferShims.from('foo'), bufferShims.from('foo')), + timingSafeEqual(Buffer.from('foo'), Buffer.from('foo')), true, 'should consider equal strings to be equal' ) t.strictEqual( - timingSafeEqual(bufferShims.from('foo'), bufferShims.from('bar')), + timingSafeEqual(Buffer.from('foo'), Buffer.from('bar')), false, 'should consider unequal strings to be unequal' ) t.throws(function () { - timingSafeEqual(bufferShims.from([1, 2, 3]), bufferShims.from([1, 2])) + timingSafeEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2])) }, 'should throw when given buffers with different lengths') t.throws(function () { - timingSafeEqual('not a buffer', bufferShims.from([1, 2])) + timingSafeEqual('not a buffer', Buffer.from([1, 2])) }, 'should throw if the first argument is not a buffer') t.throws(function () { - timingSafeEqual(bufferShims.from([1, 2]), 'not a buffer') + timingSafeEqual(Buffer.from([1, 2]), 'not a buffer') }, 'should throw if the second argument is not a buffer') }) From 4aff6af7f6f77b744cf95ce352e4abf8e99360fe Mon Sep 17 00:00:00 2001 From: Calvin Metcalf Date: Thu, 9 Aug 2018 14:02:03 -0400 Subject: [PATCH 5/6] now rebased right --- .travis.yml | 4 ---- package.json | 4 ---- 2 files changed, 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index 21148a7..5ad8439 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,13 +15,9 @@ matrix: - node_js: '4' env: TEST_SUITE=browser BROWSER_NAME=chrome BROWSER_VERSION="-2..beta" - node_js: '4' -<<<<<<< HEAD env: TEST_SUITE=browser BROWSER_NAME=firefox BROWSER_VERSION="-2..latest" - node_js: '4' env: TEST_SUITE=browser BROWSER_NAME=safari BROWSER_VERSION="7..latest" -======= - env: TEST_SUITE=browser BROWSER_NAME=safari BROWSER_VERSION="5..latest" ->>>>>>> remove broken iphone - node_js: '4' env: TEST_SUITE=browser BROWSER_NAME=android BROWSER_VERSION="5.0..latest" script: "npm run-script $TEST_SUITE" diff --git a/package.json b/package.json index d17765f..6c0c1a1 100644 --- a/package.json +++ b/package.json @@ -34,11 +34,7 @@ "devDependencies": { "hash-test-vectors": "~1.3.2", "pseudorandombytes": "^2.0.0", -<<<<<<< HEAD - "safe-buffer": "^5.1.1", -======= "safe-buffer": "^5.1.2", ->>>>>>> switch to safe-buffer "standard": "^5.0.2", "tape": "~2.3.2", "zuul": "^3.6.0" From 9dd6c366e58c916a1f1f0e92cc2add97f3b4eeb5 Mon Sep 17 00:00:00 2001 From: Calvin Metcalf Date: Fri, 10 Aug 2018 10:06:57 -0400 Subject: [PATCH 6/6] add tests for errors --- test/timing-safe-equal.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/timing-safe-equal.js b/test/timing-safe-equal.js index 92431d4..7ed1a09 100644 --- a/test/timing-safe-equal.js +++ b/test/timing-safe-equal.js @@ -17,13 +17,13 @@ test('timingSafeEqual', function (t) { t.throws(function () { timingSafeEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2])) - }, 'should throw when given buffers with different lengths') + }, /TypeError: Input buffers must have the same length/, 'should throw when given buffers with different lengths') t.throws(function () { timingSafeEqual('not a buffer', Buffer.from([1, 2])) - }, 'should throw if the first argument is not a buffer') + }, /TypeError: First argument must be a buffer/, 'should throw if the first argument is not a buffer') t.throws(function () { timingSafeEqual(Buffer.from([1, 2]), 'not a buffer') - }, 'should throw if the second argument is not a buffer') + }, /TypeError: Second argument must be a buffer/, 'should throw if the second argument is not a buffer') })