fix: normalize case before hash verification

This commit is contained in:
Yarmo Mackenbach 2023-09-22 08:59:33 +02:00
parent 9c9b387fc9
commit beb78e8227
No known key found for this signature in database
GPG key ID: 3C57D093219103A3
2 changed files with 49 additions and 2 deletions

View file

@ -84,6 +84,27 @@ const containsProof = async (data, params) => {
case '2a':
case '2b':
case '2y':
try {
// Patch until promise.race properly works on WASM
if (parseInt(match[0].split('$')[2]) > 12) continue
const hashPromise = bcryptVerify({
password: fingerprintURI.toLowerCase(),
hash: match[0]
})
.then(result => result)
.catch(_ => false)
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
clearTimeout(timeoutHandle)
return result
})
} catch (err) {
result = false
}
// Accept mixed-case fingerprints until deadline
if (!result) {
try {
// Patch until promise.race properly works on WASM
if (parseInt(match[0].split('$')[2]) > 12) continue
@ -102,12 +123,31 @@ const containsProof = async (data, params) => {
} catch (err) {
result = false
}
}
break
case 'argon2':
case 'argon2i':
case 'argon2d':
case 'argon2id':
try {
const hashPromise = argon2Verify({
password: fingerprintURI.toLowerCase(),
hash: match[0]
})
.then(result => result)
.catch(_ => false)
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
clearTimeout(timeoutHandle)
return result
})
} catch (err) {
result = false
}
// Accept mixed-case fingerprints until deadline
if (!result) {
try {
const hashPromise = argon2Verify({
password: fingerprintURI,
@ -123,6 +163,7 @@ const containsProof = async (data, params) => {
} catch (err) {
result = false
}
}
break
default:

View file

@ -50,6 +50,8 @@ describe('verifications.run', () => {
it('should verify a plaintext proof', async () => {
const result = await verifications.run(plaintextCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
const result2 = await verifications.run(plaintextCorrectProofData, claimData, fingerprint.toUpperCase())
expect(result2.result).to.be.true
})
// issue #22
it('should handle a plaintext proof with whitespace', async () => {
@ -63,6 +65,8 @@ describe('verifications.run', () => {
it('should verify a argon2-hashed proof', async () => {
const result = await verifications.run(argon2CorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
const result2 = await verifications.run(argon2CorrectProofData, claimData, fingerprint.toUpperCase())
expect(result2.result).to.be.true
})
it('should reject a wrong argon2-hashed proof', async () => {
const result = await verifications.run(argon2IncorrectProofData, claimData, fingerprint)
@ -71,6 +75,8 @@ describe('verifications.run', () => {
it('should verify a bcrypt-hashed proof', async () => {
const result = await verifications.run(bcryptCorrectProofData, claimData, fingerprint)
expect(result.result).to.be.true
const result2 = await verifications.run(bcryptCorrectProofData, claimData, fingerprint.toUpperCase())
expect(result2.result).to.be.true
})
it('should reject a wrong bcrypt-hashed proof', async () => {
const result = await verifications.run(bcryptIncorrectProofData, claimData, fingerprint)