forked from Mirrors/doipjs
Merge pull request 'Support proof hashing' (#25) from proof-hashing into main
Reviewed-on: https://codeberg.org/keyoxide/doipjs/pulls/25
This commit is contained in:
commit
f83713f256
5 changed files with 132 additions and 10 deletions
|
@ -14,6 +14,7 @@
|
||||||
"dotenv": "^8.2.0",
|
"dotenv": "^8.2.0",
|
||||||
"express": "^4.17.1",
|
"express": "^4.17.1",
|
||||||
"express-validator": "^6.10.0",
|
"express-validator": "^6.10.0",
|
||||||
|
"hash-wasm": "^4.9.0",
|
||||||
"irc-upd": "^0.11.0",
|
"irc-upd": "^0.11.0",
|
||||||
"jsdom": "^20.0.0",
|
"jsdom": "^20.0.0",
|
||||||
"merge-options": "^3.0.3",
|
"merge-options": "^3.0.3",
|
||||||
|
|
|
@ -21,6 +21,7 @@ const signatures = require('./signatures')
|
||||||
const enums = require('./enums')
|
const enums = require('./enums')
|
||||||
const defaults = require('./defaults')
|
const defaults = require('./defaults')
|
||||||
const utils = require('./utils')
|
const utils = require('./utils')
|
||||||
|
const verifications = require('./verifications')
|
||||||
|
|
||||||
exports.Claim = Claim
|
exports.Claim = Claim
|
||||||
exports.claimDefinitions = claimDefinitions
|
exports.claimDefinitions = claimDefinitions
|
||||||
|
@ -30,3 +31,4 @@ exports.signatures = signatures
|
||||||
exports.enums = enums
|
exports.enums = enums
|
||||||
exports.defaults = defaults
|
exports.defaults = defaults
|
||||||
exports.utils = utils
|
exports.utils = utils
|
||||||
|
exports.verifications = verifications
|
||||||
|
|
|
@ -15,21 +15,64 @@ limitations under the License.
|
||||||
*/
|
*/
|
||||||
const utils = require('./utils')
|
const utils = require('./utils')
|
||||||
const E = require('./enums')
|
const E = require('./enums')
|
||||||
|
const { bcryptVerify, argon2Verify } = require('hash-wasm')
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @module verifications
|
* @module verifications
|
||||||
* @ignore
|
* @ignore
|
||||||
*/
|
*/
|
||||||
|
|
||||||
const containsProof = async (data, target) => {
|
const containsProof = async (data, fingerprint, claimFormat) => {
|
||||||
|
const fingerprintFormatted = utils.generateClaim(fingerprint, claimFormat)
|
||||||
|
const fingerprintURI = utils.generateClaim(fingerprint, E.ClaimFormat.URI)
|
||||||
let result = false
|
let result = false
|
||||||
|
|
||||||
// Check for plaintext proof
|
// Check for plaintext proof
|
||||||
result = data.replace(/\r?\n|\r/g, '')
|
result = data.replace(/\r?\n|\r/g, '')
|
||||||
.toLowerCase()
|
.toLowerCase()
|
||||||
.indexOf(target.toLowerCase()) !== -1
|
.indexOf(fingerprintFormatted.toLowerCase()) !== -1
|
||||||
|
|
||||||
// Check for HTTP proof if plaintext not found
|
// Check for hashed proof
|
||||||
|
if (!result) {
|
||||||
|
const hashRe = /\$(argon2(?:id|d|i)|2a|2b|2y)(?:\$[a-zA-Z0-9=+\-,.]+)+/g
|
||||||
|
let match
|
||||||
|
|
||||||
|
while (!result && (match = hashRe.exec(data)) != null) {
|
||||||
|
switch (match[1]) {
|
||||||
|
case '2a':
|
||||||
|
case '2b':
|
||||||
|
case '2y':
|
||||||
|
try {
|
||||||
|
result = await bcryptVerify({
|
||||||
|
password: fingerprintURI,
|
||||||
|
hash: match[0]
|
||||||
|
})
|
||||||
|
} catch (err) {
|
||||||
|
result = false
|
||||||
|
}
|
||||||
|
break
|
||||||
|
|
||||||
|
case 'argon2':
|
||||||
|
case 'argon2i':
|
||||||
|
case 'argon2d':
|
||||||
|
case 'argon2id':
|
||||||
|
try {
|
||||||
|
result = await argon2Verify({
|
||||||
|
password: fingerprintURI,
|
||||||
|
hash: match[0]
|
||||||
|
})
|
||||||
|
} catch (err) {
|
||||||
|
result = false
|
||||||
|
}
|
||||||
|
break
|
||||||
|
|
||||||
|
default:
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check for HTTP proof
|
||||||
if (!result) {
|
if (!result) {
|
||||||
const uris = utils.getUriFromString(data)
|
const uris = utils.getUriFromString(data)
|
||||||
|
|
||||||
|
@ -63,14 +106,14 @@ const containsProof = async (data, target) => {
|
||||||
|
|
||||||
result = response.headers.get('ariadne-identity-proof')
|
result = response.headers.get('ariadne-identity-proof')
|
||||||
.toLowerCase()
|
.toLowerCase()
|
||||||
.indexOf(target.toLowerCase()) !== -1
|
.indexOf(fingerprintURI.toLowerCase()) !== -1
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
|
const runJSON = async (proofData, checkPath, checkClaim, checkClaimFormat, checkRelation) => {
|
||||||
if (!proofData) {
|
if (!proofData) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -85,7 +128,7 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
result = await runJSON(item, checkPath, checkClaim, checkRelation)
|
result = await runJSON(item, checkPath, checkClaim, checkClaimFormat, checkRelation)
|
||||||
}
|
}
|
||||||
|
|
||||||
return result
|
return result
|
||||||
|
@ -94,12 +137,12 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
|
||||||
if (checkPath.length === 0) {
|
if (checkPath.length === 0) {
|
||||||
switch (checkRelation) {
|
switch (checkRelation) {
|
||||||
case E.ClaimRelation.ONEOF:
|
case E.ClaimRelation.ONEOF:
|
||||||
return await containsProof(proofData.join('|'), checkClaim)
|
return await containsProof(proofData.join('|'), checkClaim, checkClaimFormat)
|
||||||
|
|
||||||
case E.ClaimRelation.CONTAINS:
|
case E.ClaimRelation.CONTAINS:
|
||||||
case E.ClaimRelation.EQUALS:
|
case E.ClaimRelation.EQUALS:
|
||||||
default:
|
default:
|
||||||
return await containsProof(proofData, checkClaim)
|
return await containsProof(proofData, checkClaim, checkClaimFormat)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -111,6 +154,7 @@ const runJSON = async (proofData, checkPath, checkClaim, checkRelation) => {
|
||||||
proofData[checkPath[0]],
|
proofData[checkPath[0]],
|
||||||
checkPath.slice(1),
|
checkPath.slice(1),
|
||||||
checkClaim,
|
checkClaim,
|
||||||
|
checkClaimFormat,
|
||||||
checkRelation
|
checkRelation
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -136,7 +180,8 @@ const run = async (proofData, claimData, fingerprint) => {
|
||||||
res.result = await runJSON(
|
res.result = await runJSON(
|
||||||
proofData,
|
proofData,
|
||||||
claimData.claim.path,
|
claimData.claim.path,
|
||||||
utils.generateClaim(fingerprint, claimData.claim.format),
|
fingerprint,
|
||||||
|
claimData.claim.format,
|
||||||
claimData.claim.relation
|
claimData.claim.relation
|
||||||
)
|
)
|
||||||
res.completed = true
|
res.completed = true
|
||||||
|
@ -147,7 +192,8 @@ const run = async (proofData, claimData, fingerprint) => {
|
||||||
case E.ProofFormat.TEXT:
|
case E.ProofFormat.TEXT:
|
||||||
try {
|
try {
|
||||||
res.result = await containsProof(proofData,
|
res.result = await containsProof(proofData,
|
||||||
utils.generateClaim(fingerprint, claimData.claim.format))
|
fingerprint,
|
||||||
|
claimData.claim.format)
|
||||||
res.completed = true
|
res.completed = true
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
res.errors.push('err_unknown_text_verification')
|
res.errors.push('err_unknown_text_verification')
|
||||||
|
|
68
test/verifications.test.js
Normal file
68
test/verifications.test.js
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
/*
|
||||||
|
Copyright 2022 Yarmo Mackenbach
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
const chai = require('chai')
|
||||||
|
const expect = chai.expect
|
||||||
|
chai.use(require('chai-as-promised'))
|
||||||
|
|
||||||
|
const doipjs = require('../src')
|
||||||
|
|
||||||
|
const fingerprint = '3637202523e7c1309ab79e99ef2dc5827b445f4b'
|
||||||
|
const plaintextCorrectProofData = [
|
||||||
|
'openpgp4fpr:3637202523e7c1309ab79e99ef2dc5827b445f4b'
|
||||||
|
]
|
||||||
|
const plaintextIncorrectProofData = [
|
||||||
|
'openpgp4pr:b4f544b7285cd2fe99e97ba9031c7e3252027363'
|
||||||
|
]
|
||||||
|
const argon2CorrectProofData = [
|
||||||
|
'$argon2id$v=19$m=16,t=2,p=1$UElOT0ZIU09mSHlReE1lcg$2nJmgFL0s3DHPksuSE2enw'
|
||||||
|
]
|
||||||
|
const argon2IncorrectProofData = [
|
||||||
|
'$argon2id$v=19$m=16,t=2,p=1$UElOT0ZIU09mSHlReE1lcg$QH+tj5w78d2MZ8PrmOjXqQ'
|
||||||
|
]
|
||||||
|
const bcryptCorrectProofData = [
|
||||||
|
'$2a$10$zNJGxR.xyKZ7djXpwWshpuhULOhRxerqRVZ.14fJAnkSPVxKSqGBC'
|
||||||
|
]
|
||||||
|
const bcryptIncorrectProofData = [
|
||||||
|
'$2y$10$iHUhy320iUqJRVh7a/WlneAuJA/xRI/YEv7qxW8jfCDVmC7bmezX2'
|
||||||
|
]
|
||||||
|
const claimData = doipjs.claimDefinitions.data.irc.processURI('irc://domain.tld/test')
|
||||||
|
|
||||||
|
describe('verifications.run', () => {
|
||||||
|
it('should verify a plaintext proof', async () => {
|
||||||
|
const result = await doipjs.verifications.run(plaintextCorrectProofData, claimData, fingerprint)
|
||||||
|
expect(result.result).to.be.true
|
||||||
|
})
|
||||||
|
it('should not verify a wrong plaintext proof', async () => {
|
||||||
|
const result = await doipjs.verifications.run(plaintextIncorrectProofData, claimData, fingerprint)
|
||||||
|
expect(result.result).to.be.false
|
||||||
|
})
|
||||||
|
it('should verify a argon2-hashed proof', async () => {
|
||||||
|
const result = await doipjs.verifications.run(argon2CorrectProofData, claimData, fingerprint)
|
||||||
|
expect(result.result).to.be.true
|
||||||
|
})
|
||||||
|
it('should not verify a wrong argon2-hashed proof', async () => {
|
||||||
|
const result = await doipjs.verifications.run(argon2IncorrectProofData, claimData, fingerprint)
|
||||||
|
expect(result.result).to.be.false
|
||||||
|
})
|
||||||
|
it('should verify a bcrypt-hashed proof', async () => {
|
||||||
|
const result = await doipjs.verifications.run(bcryptCorrectProofData, claimData, fingerprint)
|
||||||
|
expect(result.result).to.be.true
|
||||||
|
})
|
||||||
|
it('should not verify a wrong bcrypt-hashed proof', async () => {
|
||||||
|
const result = await doipjs.verifications.run(bcryptIncorrectProofData, claimData, fingerprint)
|
||||||
|
expect(result.result).to.be.false
|
||||||
|
})
|
||||||
|
})
|
|
@ -2801,6 +2801,11 @@ hash-base@^3.0.0:
|
||||||
readable-stream "^3.6.0"
|
readable-stream "^3.6.0"
|
||||||
safe-buffer "^5.2.0"
|
safe-buffer "^5.2.0"
|
||||||
|
|
||||||
|
hash-wasm@^4.9.0:
|
||||||
|
version "4.9.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/hash-wasm/-/hash-wasm-4.9.0.tgz#7e9dcc9f7d6bd0cc802f2a58f24edce999744206"
|
||||||
|
integrity sha512-7SW7ejyfnRxuOc7ptQHSf4LDoZaWOivfzqw+5rpcQku0nHfmicPKE51ra9BiRLAmT8+gGLestr1XroUkqdjL6w==
|
||||||
|
|
||||||
hash.js@^1.0.0, hash.js@^1.0.3:
|
hash.js@^1.0.0, hash.js@^1.0.3:
|
||||||
version "1.1.7"
|
version "1.1.7"
|
||||||
resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42"
|
resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42"
|
||||||
|
|
Loading…
Reference in a new issue