sam.hadow/e2ee-messaging-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

constant time shared secret check

Browse Source
This commit is contained in:
Sam Hadow
2025-03-28 08:22:34 +01:00
parent bf71a47dc6
commit 6f513db94b
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/authentication.js
View File

@@ -1,11 +1,22 @@
const { subtle } = require('node:crypto').webcrypto; const { subtle } = require('node:crypto').webcrypto;
const stringutils = require("./stringutils"); const stringutils = require("./stringutils");
const crypto = require('crypto');
const sharedSecret = process.env.SHARED_SECRET; const sharedSecret = process.env.SHARED_SECRET;
const authentication = { const authentication = {
checkSharedSecret: (providedSecret) => { checkSharedSecret: (providedSecret) => {
return sharedSecret === providedSecret; const sharedSecretBuffer = Buffer.from(sharedSecret);
const providedSecretBuffer = Buffer.from(providedSecret);
const length = Math.max(sharedSecretBuffer.length, providedSecretBuffer.length);
const paddedSharedSecret = Buffer.alloc(length, 0);
const paddedProvidedSecret = Buffer.alloc(length, 0);
sharedSecretBuffer.copy(paddedSharedSecret);
providedSecretBuffer.copy(paddedProvidedSecret);
return crypto.timingSafeEqual(paddedSharedSecret, paddedProvidedSecret);
}, },
verifySignature : async (msg, sig, publicKeys) => { verifySignature : async (msg, sig, publicKeys) => {
try { try {