hawk - npm Package Compare versions
Comparing version 0.5.2 to 0.5.3
| // Load modules | ||
| var Boom = require('boom'); | ||
| var Cryptiles = require('cryptiles'); | ||
| var Crypto = require('./crypto'); | ||
@@ -219,3 +220,3 @@ var Utils = require('./utils'); | ||
| if (!Utils.fixedTimeComparison(mac, attributes.mac)) { | ||
| if (!Cryptiles.fixedTimeComparison(mac, attributes.mac)) { | ||
| return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, attributes); | ||
@@ -234,3 +235,3 @@ } | ||
| var hash = Crypto.calculateHash(options.payload, credentials.algorithm); | ||
| if (!Utils.fixedTimeComparison(hash, attributes.hash)) { | ||
| if (!Cryptiles.fixedTimeComparison(hash, attributes.hash)) { | ||
| return callback(Boom.unauthorized('Bad payload hash', 'Hawk'), credentials, attributes); | ||
@@ -302,3 +303,3 @@ } | ||
| timestamp: options.timestamp || Math.floor(now / 1000), | ||
| nonce: options.nonce || Utils.randomString(6), | ||
| nonce: options.nonce || Cryptiles.randomString(6), | ||
| method: method, | ||
@@ -332,4 +333,4 @@ uri: uri, | ||
| var calculatedHash = Crypto.calculateHash(payload, credentials.algorithm); | ||
| return Utils.fixedTimeComparison(calculatedHash, hash); | ||
| return Cryptiles.fixedTimeComparison(calculatedHash, hash); | ||
| }; | ||
@@ -5,2 +5,3 @@ // Load modules | ||
| var Boom = require('boom'); | ||
| var Cryptiles = require('cryptiles'); | ||
| var Crypto = require('./crypto'); | ||
@@ -131,3 +132,3 @@ var Utils = require('./utils'); | ||
| if (!Utils.fixedTimeComparison(mac, bewit.mac)) { | ||
| if (!Cryptiles.fixedTimeComparison(mac, bewit.mac)) { | ||
| return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, bewit); | ||
@@ -134,0 +135,0 @@ } |
@@ -8,5 +8,3 @@ // Load modules | ||
| var internals = { | ||
| randomSource: 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' | ||
| }; | ||
| var internals = {}; | ||
@@ -36,36 +34,2 @@ | ||
| // Generate a random string of given size (not for crypto) | ||
| exports.randomString = function (size) { | ||
| var result = []; | ||
| var len = internals.randomSource.length; | ||
| for (var i = 0; i < size; ++i) { | ||
| result.push(internals.randomSource[Math.floor(Math.random() * len)]); | ||
| } | ||
| return result.join(''); | ||
| }; | ||
| // Compare two strings using fixed time algorithm (to prevent time-based analysis of MAC digest match) | ||
| exports.fixedTimeComparison = function (a, b) { | ||
| var mismatch = (a.length === b.length ? 0 : 1); | ||
| if (mismatch) { | ||
| b = a; | ||
| } | ||
| for (var i = 0, il = a.length; i < il; ++i) { | ||
| var ac = a.charCodeAt(i); | ||
| var bc = b.charCodeAt(i); | ||
| mismatch += (ac === bc ? 0 : 1); | ||
| } | ||
| return (mismatch === 0); | ||
| }; | ||
| // Extract host and port from request | ||
@@ -72,0 +36,0 @@ |
| { | ||
| "name": "hawk", | ||
| "description": "HTTP Hawk Authentication Scheme", | ||
| "version": "0.5.2", | ||
| "version": "0.5.3", | ||
| "author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)", | ||
@@ -20,3 +20,4 @@ "contributors": [], | ||
| "hoek": "0.0.x", | ||
| "boom": "0.0.x" | ||
| "boom": "0.0.x", | ||
| "cryptiles": "0.0.x" | ||
| }, | ||
@@ -23,0 +24,0 @@ "devDependencies": { |
@@ -6,3 +6,3 @@  | ||
| Current version: **0.5.2** | ||
| Current version: **0.5.3** | ||
@@ -9,0 +9,0 @@ [](http://travis-ci.org/hueniverse/hawk) |
@@ -30,46 +30,2 @@ // Load modules | ||
| }); | ||
| describe('#fixedTimeComparison', function () { | ||
| var a = Hawk.utils.randomString(50000); | ||
| var b = Hawk.utils.randomString(150000); | ||
| it('should take the same amount of time comparing different string sizes', function (done) { | ||
| var now = Date.now(); | ||
| Hawk.utils.fixedTimeComparison(b, a); | ||
| var t1 = Date.now() - now; | ||
| now = Date.now(); | ||
| Hawk.utils.fixedTimeComparison(b, b); | ||
| var t2 = Date.now() - now; | ||
| expect(t2 - t1).to.be.within(-2, 2); | ||
| done(); | ||
| }); | ||
| it('should return true for equal strings', function (done) { | ||
| expect(Hawk.utils.fixedTimeComparison(a, a)).to.equal(true); | ||
| done(); | ||
| }); | ||
| it('should return false for different strings (size, a < b)', function (done) { | ||
| expect(Hawk.utils.fixedTimeComparison(a, a + 'x')).to.equal(false); | ||
| done(); | ||
| }); | ||
| it('should return false for different strings (size, a > b)', function (done) { | ||
| expect(Hawk.utils.fixedTimeComparison(a + 'x', a)).to.equal(false); | ||
| done(); | ||
| }); | ||
| it('should return false for different strings (size, a = b)', function (done) { | ||
| expect(Hawk.utils.fixedTimeComparison(a + 'x', a + 'y')).to.equal(false); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
@@ -76,0 +32,0 @@ }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-2.07%
109237
- Dependency count
- increased by50%
3
- Lines of code
- decreased by-3.19%
1578
Dependency changes
+ Addedcryptiles@0.0.x
+ Addedboom@0.2.1(transitive)
+ Addedcryptiles@0.0.2(transitive)
+ Addedhoek@0.4.5(transitive)