Merge pull request 'Support proof hashing' (#25) from proof-hashing into main

Reviewed-on: https://codeberg.org/keyoxide/doipjs/pulls/25
This commit is contained in:
Yarmo Mackenbach 2022-09-21 09:57:06 +02:00
commit f83713f256
5 changed files with 132 additions and 10 deletions

View file

@ -14,6 +14,7 @@
"dotenv": "^8.2.0",
"express": "^4.17.1",
"express-validator": "^6.10.0",
"hash-wasm": "^4.9.0",
"irc-upd": "^0.11.0",
"jsdom": "^20.0.0",
"merge-options": "^3.0.3",

View file

@ -21,6 +21,7 @@ const signatures = require('./signatures')
const enums = require('./enums')
const defaults = require('./defaults')
const utils = require('./utils')
const verifications = require('./verifications')
exports.Claim = Claim
exports.claimDefinitions = claimDefinitions
@ -30,3 +31,4 @@ exports.signatures = signatures
exports.enums = enums
exports.defaults = defaults
exports.utils = utils
exports.verifications = verifications

View file

@ -15,21 +15,64 @@ limitations under the License.
*/
const utils = require('./utils')
const E = require('./enums')
const { bcryptVerify, argon2Verify } = require('hash-wasm')
/**
* @module verifications
* @ignore
*/
const containsProof = async (data, target) => {
const containsProof = async (data, fingerprint, claimFormat) => {
const fingerprintFormatted = utils.generateClaim(fingerprint, claimFormat)
const fingerprintURI = utils.generateClaim(fingerprint, E.ClaimFormat.URI)
let result = false
// Check for plaintext proof
result = data.replace(/\r?\n|\r/g, '')
.toLowerCase()
.indexOf(target.toLowerCase()) !== -1
.indexOf(fingerprintFormatted.toLowerCase()) !== -1
// Check for HTTP proof if plaintext not found
// Check for hashed proof
if (!result) {
const hashRe = /\$(argon2(?:id|d|i)|2a|2b|2y)(?:\$[a-zA-Z0-9=+\-,.]+)+/g
let match
while (!result && (match = hashRe.exec(data)) != null) {
switch (match[1]) {
case '2a':
case '2b':
case '2y':
try {
result = await bcryptVerify({
password: fingerprintURI,
hash: match[0]
})
} catch (err) {
result = false
}
break
case 'argon2':
case 'argon2i':
case 'argon2d':
case 'argon2id':
try {
result = await argon2Verify({
password: fingerprintURI,
hash: match[0]
})
} catch (err) {
result = false
}
break
default:
continue
}
}
}
// Check for HTTP proof
if (!result) {
const uris = utils.getUriFromString(data)
@ -63,14 +106,14 @@ const containsProof = async (data, target) => {
result = response.headers.get('ariadne-identity-proof')
.toLowerCase()
.indexOf(target.toLowerCase()) !== -1
.indexOf(fingerprintURI.toLowerCase()) !== -1
}
}
return result
}
const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
const runJSON = async (proofData, checkPath, checkClaim, checkClaimFormat, checkRelation) => {
if (!proofData) {
return false
}
@ -85,7 +128,7 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
continue
}
result = await runJSON(item, checkPath, checkClaim, checkRelation)
result = await runJSON(item, checkPath, checkClaim, checkClaimFormat, checkRelation)
}
return result
@ -94,12 +137,12 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
if (checkPath.length === 0) {
switch (checkRelation) {
case E.ClaimRelation.ONEOF:
return await containsProof(proofData.join('|'), checkClaim)
return await containsProof(proofData.join('|'), checkClaim, checkClaimFormat)
case E.ClaimRelation.CONTAINS:
case E.ClaimRelation.EQUALS:
default:
return await containsProof(proofData, checkClaim)
return await containsProof(proofData, checkClaim, checkClaimFormat)
}
}
@ -111,6 +154,7 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
proofData[checkPath[0]],
checkPath.slice(1),
checkClaim,
checkClaimFormat,
checkRelation
)
}
@ -136,7 +180,8 @@ const run = async (proofData, claimData, fingerprint) => {
res.result = await runJSON(
proofData,
claimData.claim.path,
utils.generateClaim(fingerprint, claimData.claim.format),
fingerprint,
claimData.claim.format,
claimData.claim.relation
)
res.completed = true
@ -147,7 +192,8 @@ const run = async (proofData, claimData, fingerprint) => {
case E.ProofFormat.TEXT:
try {
res.result = await containsProof(proofData,
utils.generateClaim(fingerprint, claimData.claim.format))
fingerprint,
claimData.claim.format)
res.completed = true
} catch (error) {
res.errors.push('err_unknown_text_verification')

View file

@ -0,0 +1,68 @@
/*
Copyright 2022 Yarmo Mackenbach
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const chai = require('chai')
const expect = chai.expect
chai.use(require('chai-as-promised'))
const doipjs = require('../src')
const fingerprint = '3637202523e7c1309ab79e99ef2dc5827b445f4b'
const plaintextCorrectProofData = [
'openpgp4fpr:3637202523e7c1309ab79e99ef2dc5827b445f4b'
]
const plaintextIncorrectProofData = [
'openpgp4pr:b4f544b7285cd2fe99e97ba9031c7e3252027363'
]
const argon2CorrectProofData = [
'$argon2id$v=19$m=16,t=2,p=1$UElOT0ZIU09mSHlReE1lcg$2nJmgFL0s3DHPksuSE2enw'
]
const argon2IncorrectProofData = [
'$argon2id$v=19$m=16,t=2,p=1$UElOT0ZIU09mSHlReE1lcg$QH+tj5w78d2MZ8PrmOjXqQ'
]
const bcryptCorrectProofData = [
'$2a$10$zNJGxR.xyKZ7djXpwWshpuhULOhRxerqRVZ.14fJAnkSPVxKSqGBC'
]
const bcryptIncorrectProofData = [
'$2y$10$iHUhy320iUqJRVh7a/WlneAuJA/xRI/YEv7qxW8jfCDVmC7bmezX2'
]
const claimData = doipjs.claimDefinitions.data.irc.processURI('irc://domain.tld/test')
describe('verifications.run', () => {
it('should verify a plaintext proof', async () => {
const result = await doipjs.verifications.run(plaintextCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
})
it('should not verify a wrong plaintext proof', async () => {
const result = await doipjs.verifications.run(plaintextIncorrectProofData, claimData, fingerprint)
expect(result.result).to.be.false
})
it('should verify a argon2-hashed proof', async () => {
const result = await doipjs.verifications.run(argon2CorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
})
it('should not verify a wrong argon2-hashed proof', async () => {
const result = await doipjs.verifications.run(argon2IncorrectProofData, claimData, fingerprint)
expect(result.result).to.be.false
})
it('should verify a bcrypt-hashed proof', async () => {
const result = await doipjs.verifications.run(bcryptCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
})
it('should not verify a wrong bcrypt-hashed proof', async () => {
const result = await doipjs.verifications.run(bcryptIncorrectProofData, claimData, fingerprint)
expect(result.result).to.be.false
})
})

View file

@ -2801,6 +2801,11 @@ hash-base@^3.0.0:
readable-stream "^3.6.0"
safe-buffer "^5.2.0"
hash-wasm@^4.9.0:
version "4.9.0"
resolved "https://registry.yarnpkg.com/hash-wasm/-/hash-wasm-4.9.0.tgz#7e9dcc9f7d6bd0cc802f2a58f24edce999744206"
integrity sha512-7SW7ejyfnRxuOc7ptQHSf4LDoZaWOivfzqw+5rpcQku0nHfmicPKE51ra9BiRLAmT8+gGLestr1XroUkqdjL6w==
hash.js@^1.0.0, hash.js@^1.0.3:
version "1.1.7"
resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42"