Merge pull request 'Support proof hashing' (#25) from proof-hashing into main

Reviewed-on: https://codeberg.org/keyoxide/doipjs/pulls/25
This commit is contained in:
Yarmo Mackenbach 2022-09-21 09:57:06 +02:00
commit f83713f256
5 changed files with 132 additions and 10 deletions

View file

@ -14,6 +14,7 @@
"dotenv": "^8.2.0", "dotenv": "^8.2.0",
"express": "^4.17.1", "express": "^4.17.1",
"express-validator": "^6.10.0", "express-validator": "^6.10.0",
"hash-wasm": "^4.9.0",
"irc-upd": "^0.11.0", "irc-upd": "^0.11.0",
"jsdom": "^20.0.0", "jsdom": "^20.0.0",
"merge-options": "^3.0.3", "merge-options": "^3.0.3",

View file

@ -21,6 +21,7 @@ const signatures = require('./signatures')
const enums = require('./enums') const enums = require('./enums')
const defaults = require('./defaults') const defaults = require('./defaults')
const utils = require('./utils') const utils = require('./utils')
const verifications = require('./verifications')
exports.Claim = Claim exports.Claim = Claim
exports.claimDefinitions = claimDefinitions exports.claimDefinitions = claimDefinitions
@ -30,3 +31,4 @@ exports.signatures = signatures
exports.enums = enums exports.enums = enums
exports.defaults = defaults exports.defaults = defaults
exports.utils = utils exports.utils = utils
exports.verifications = verifications

View file

@ -15,21 +15,64 @@ limitations under the License.
*/ */
const utils = require('./utils') const utils = require('./utils')
const E = require('./enums') const E = require('./enums')
const { bcryptVerify, argon2Verify } = require('hash-wasm')
/** /**
* @module verifications * @module verifications
* @ignore * @ignore
*/ */
const containsProof = async (data, target) => { const containsProof = async (data, fingerprint, claimFormat) => {
const fingerprintFormatted = utils.generateClaim(fingerprint, claimFormat)
const fingerprintURI = utils.generateClaim(fingerprint, E.ClaimFormat.URI)
let result = false let result = false
// Check for plaintext proof // Check for plaintext proof
result = data.replace(/\r?\n|\r/g, '') result = data.replace(/\r?\n|\r/g, '')
.toLowerCase() .toLowerCase()
.indexOf(target.toLowerCase()) !== -1 .indexOf(fingerprintFormatted.toLowerCase()) !== -1
// Check for HTTP proof if plaintext not found // Check for hashed proof
if (!result) {
const hashRe = /\$(argon2(?:id|d|i)|2a|2b|2y)(?:\$[a-zA-Z0-9=+\-,.]+)+/g
let match
while (!result && (match = hashRe.exec(data)) != null) {
switch (match[1]) {
case '2a':
case '2b':
case '2y':
try {
result = await bcryptVerify({
password: fingerprintURI,
hash: match[0]
})
} catch (err) {
result = false
}
break
case 'argon2':
case 'argon2i':
case 'argon2d':
case 'argon2id':
try {
result = await argon2Verify({
password: fingerprintURI,
hash: match[0]
})
} catch (err) {
result = false
}
break
default:
continue
}
}
}
// Check for HTTP proof
if (!result) { if (!result) {
const uris = utils.getUriFromString(data) const uris = utils.getUriFromString(data)
@ -63,14 +106,14 @@ const containsProof = async (data, target) => {
result = response.headers.get('ariadne-identity-proof') result = response.headers.get('ariadne-identity-proof')
.toLowerCase() .toLowerCase()
.indexOf(target.toLowerCase()) !== -1 .indexOf(fingerprintURI.toLowerCase()) !== -1
} }
} }
return result return result
} }
const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => { const runJSON = async (proofData, checkPath, checkClaim, checkClaimFormat, checkRelation) => {
if (!proofData) { if (!proofData) {
return false return false
} }
@ -85,7 +128,7 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
continue continue
} }
result = await runJSON(item, checkPath, checkClaim, checkRelation) result = await runJSON(item, checkPath, checkClaim, checkClaimFormat, checkRelation)
} }
return result return result
@ -94,12 +137,12 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
if (checkPath.length === 0) { if (checkPath.length === 0) {
switch (checkRelation) { switch (checkRelation) {
case E.ClaimRelation.ONEOF: case E.ClaimRelation.ONEOF:
return await containsProof(proofData.join('|'), checkClaim) return await containsProof(proofData.join('|'), checkClaim, checkClaimFormat)
case E.ClaimRelation.CONTAINS: case E.ClaimRelation.CONTAINS:
case E.ClaimRelation.EQUALS: case E.ClaimRelation.EQUALS:
default: default:
return await containsProof(proofData, checkClaim) return await containsProof(proofData, checkClaim, checkClaimFormat)
} }
} }
@ -111,6 +154,7 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
proofData[checkPath[0]], proofData[checkPath[0]],
checkPath.slice(1), checkPath.slice(1),
checkClaim, checkClaim,
checkClaimFormat,
checkRelation checkRelation
) )
} }
@ -136,7 +180,8 @@ const run = async (proofData, claimData, fingerprint) => {
res.result = await runJSON( res.result = await runJSON(
proofData, proofData,
claimData.claim.path, claimData.claim.path,
utils.generateClaim(fingerprint, claimData.claim.format), fingerprint,
claimData.claim.format,
claimData.claim.relation claimData.claim.relation
) )
res.completed = true res.completed = true
@ -147,7 +192,8 @@ const run = async (proofData, claimData, fingerprint) => {
case E.ProofFormat.TEXT: case E.ProofFormat.TEXT:
try { try {
res.result = await containsProof(proofData, res.result = await containsProof(proofData,
utils.generateClaim(fingerprint, claimData.claim.format)) fingerprint,
claimData.claim.format)
res.completed = true res.completed = true
} catch (error) { } catch (error) {
res.errors.push('err_unknown_text_verification') res.errors.push('err_unknown_text_verification')

View file

@ -0,0 +1,68 @@
/*
Copyright 2022 Yarmo Mackenbach
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const chai = require('chai')
const expect = chai.expect
chai.use(require('chai-as-promised'))
const doipjs = require('../src')
const fingerprint = '3637202523e7c1309ab79e99ef2dc5827b445f4b'
const plaintextCorrectProofData = [
'openpgp4fpr:3637202523e7c1309ab79e99ef2dc5827b445f4b'
]
const plaintextIncorrectProofData = [
'openpgp4pr:b4f544b7285cd2fe99e97ba9031c7e3252027363'
]
const argon2CorrectProofData = [
'$argon2id$v=19$m=16,t=2,p=1$UElOT0ZIU09mSHlReE1lcg$2nJmgFL0s3DHPksuSE2enw'
]
const argon2IncorrectProofData = [
'$argon2id$v=19$m=16,t=2,p=1$UElOT0ZIU09mSHlReE1lcg$QH+tj5w78d2MZ8PrmOjXqQ'
]
const bcryptCorrectProofData = [
'$2a$10$zNJGxR.xyKZ7djXpwWshpuhULOhRxerqRVZ.14fJAnkSPVxKSqGBC'
]
const bcryptIncorrectProofData = [
'$2y$10$iHUhy320iUqJRVh7a/WlneAuJA/xRI/YEv7qxW8jfCDVmC7bmezX2'
]
const claimData = doipjs.claimDefinitions.data.irc.processURI('irc://domain.tld/test')
describe('verifications.run', () => {
it('should verify a plaintext proof', async () => {
const result = await doipjs.verifications.run(plaintextCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
})
it('should not verify a wrong plaintext proof', async () => {
const result = await doipjs.verifications.run(plaintextIncorrectProofData, claimData, fingerprint)
expect(result.result).to.be.false
})
it('should verify a argon2-hashed proof', async () => {
const result = await doipjs.verifications.run(argon2CorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
})
it('should not verify a wrong argon2-hashed proof', async () => {
const result = await doipjs.verifications.run(argon2IncorrectProofData, claimData, fingerprint)
expect(result.result).to.be.false
})
it('should verify a bcrypt-hashed proof', async () => {
const result = await doipjs.verifications.run(bcryptCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
})
it('should not verify a wrong bcrypt-hashed proof', async () => {
const result = await doipjs.verifications.run(bcryptIncorrectProofData, claimData, fingerprint)
expect(result.result).to.be.false
})
})

View file

@ -2801,6 +2801,11 @@ hash-base@^3.0.0:
readable-stream "^3.6.0" readable-stream "^3.6.0"
safe-buffer "^5.2.0" safe-buffer "^5.2.0"
hash-wasm@^4.9.0:
version "4.9.0"
resolved "https://registry.yarnpkg.com/hash-wasm/-/hash-wasm-4.9.0.tgz#7e9dcc9f7d6bd0cc802f2a58f24edce999744206"
integrity sha512-7SW7ejyfnRxuOc7ptQHSf4LDoZaWOivfzqw+5rpcQku0nHfmicPKE51ra9BiRLAmT8+gGLestr1XroUkqdjL6w==
hash.js@^1.0.0, hash.js@^1.0.3: hash.js@^1.0.0, hash.js@^1.0.3:
version "1.1.7" version "1.1.7"
resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42" resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42"