[Pkg-javascript-commits] [node-keygrip] 53/68: use scmp lib for constant time compare
Andrew Kelley
andrewrk-guest at moszumanska.debian.org
Fri Jun 27 22:13:28 UTC 2014
This is an automated email from the git hooks/post-receive script.
andrewrk-guest pushed a commit to branch master
in repository node-keygrip.
commit 1043de984431355981798296e894cd9f6431dc3a
Author: Jonathan Ong <jonathanrichardong at gmail.com>
Date: Sat May 17 15:21:11 2014 -0700
use scmp lib for constant time compare
---
index.js | 31 +++++--------------------------
package.json | 3 +++
2 files changed, 8 insertions(+), 26 deletions(-)
diff --git a/index.js b/index.js
index 2e9ae8b..0fa4c01 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,9 @@
+
var crypto = require("crypto")
-
+var constantTimeCompare = require('scmp')
+
+module.exports = Keygrip
+
function Keygrip(keys, algorithm, encoding) {
if (!algorithm) algorithm = "sha1";
if (!encoding) encoding = "base64";
@@ -36,28 +40,3 @@ function Keygrip(keys, algorithm, encoding) {
Keygrip.sign = Keygrip.verify = Keygrip.index = function() {
throw new Error("Usage: require('keygrip')(<array-of-keys>)")
}
-
-//http://codahale.com/a-lesson-in-timing-attacks/
-var constantTimeCompare = function(val1, val2){
- if(val1 == null && val2 != null){
- return false;
- } else if(val2 == null && val1 != null){
- return false;
- } else if(val1 == null && val2 == null){
- return true;
- }
-
- if(val1.length !== val2.length){
- return false;
- }
-
- var matches = 1;
-
- for(var i = 0; i < val1.length; i++){
- matches &= (val1.charAt(i) === val2.charAt(i) ? 1 : 0); //Don't short circuit
- }
-
- return matches === 1;
-};
-
-module.exports = Keygrip
diff --git a/package.json b/package.json
index e45908c..2f4f2ac 100644
--- a/package.json
+++ b/package.json
@@ -6,6 +6,9 @@
"test": "mocha --reporter spec"
},
"repository": "expressjs/keygrip",
+ "dependencies": {
+ "scmp": "0.0.3"
+ },
"devDependencies": {
"mocha": "1"
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-keygrip.git
More information about the Pkg-javascript-commits
mailing list