Mirrors/doipjs
1
0
Fork 1
mirror of https://codeberg.org/keyoxide/doipjs.git synced 2024-12-22 06:29:28 -07:00
Code Issues Projects Releases Packages Wiki Activity

fix: normalize case before hash verification

Browse source
This commit is contained in:
Yarmo Mackenbach 2023-09-22 08:59:33 +02:00
parent 9c9b387fc9
commit beb78e8227
No known key found for this signature in database
GPG key ID: 3C57D093219103A3
2 changed files with 49 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
src/verifications.js
View file

@ -89,7 +89,7 @@ const containsProof = async (data, params) => {
if (parseInt(match[0].split('$')[2]) > 12) continue
const hashPromise = bcryptVerify({
password: fingerprintURI,
password: fingerprintURI.toLowerCase(),
hash: match[0]
})
.then(result => result)
@ -102,6 +102,28 @@ const containsProof = async (data, params) => {
} catch (err) {
result = false
}
// Accept mixed-case fingerprints until deadline
if (!result) {
try {
// Patch until promise.race properly works on WASM
if (parseInt(match[0].split('$')[2]) > 12) continue
const hashPromise = bcryptVerify({
password: fingerprintURI,
hash: match[0]
})
.then(result => result)
.catch(_ => false)
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
clearTimeout(timeoutHandle)
return result
})
} catch (err) {
result = false
}
}
break
case 'argon2':
@ -110,7 +132,7 @@ const containsProof = async (data, params) => {
case 'argon2id':
try {
const hashPromise = argon2Verify({
password: fingerprintURI,
password: fingerprintURI.toLowerCase(),
hash: match[0]
})
.then(result => result)
@ -123,6 +145,25 @@ const containsProof = async (data, params) => {
} catch (err) {
result = false
}
// Accept mixed-case fingerprints until deadline
if (!result) {
try {
const hashPromise = argon2Verify({
password: fingerprintURI,
hash: match[0]
})
.then(result => result)
.catch(_ => false)
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
clearTimeout(timeoutHandle)
return result
})
} catch (err) {
result = false
}
}
break
default:

6
test/verifications.test.js
View file

@ -50,6 +50,8 @@ describe('verifications.run', () => {
it('should verify a plaintext proof', async () => {
const result = await verifications.run(plaintextCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
const result2 = await verifications.run(plaintextCorrectProofData, claimData, fingerprint.toUpperCase())
expect(result2.result).to.be.true
})
// issue #22
it('should handle a plaintext proof with whitespace', async () => {
@ -63,6 +65,8 @@ describe('verifications.run', () => {
it('should verify a argon2-hashed proof', async () => {
const result = await verifications.run(argon2CorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
const result2 = await verifications.run(argon2CorrectProofData, claimData, fingerprint.toUpperCase())
expect(result2.result).to.be.true
})
it('should reject a wrong argon2-hashed proof', async () => {
const result = await verifications.run(argon2IncorrectProofData, claimData, fingerprint)
@ -71,6 +75,8 @@ describe('verifications.run', () => {
it('should verify a bcrypt-hashed proof', async () => {
const result = await verifications.run(bcryptCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
const result2 = await verifications.run(bcryptCorrectProofData, claimData, fingerprint.toUpperCase())
expect(result2.result).to.be.true
})
it('should reject a wrong bcrypt-hashed proof', async () => {
const result = await verifications.run(bcryptIncorrectProofData, claimData, fingerprint)