|
|
- // Copyright 2015 Joyent, Inc.
-
- var assert = require('assert-plus');
- var crypto = require('crypto');
- var sshpk = require('sshpk');
- var utils = require('./utils');
-
- var HASH_ALGOS = utils.HASH_ALGOS;
- var PK_ALGOS = utils.PK_ALGOS;
- var InvalidAlgorithmError = utils.InvalidAlgorithmError;
- var HttpSignatureError = utils.HttpSignatureError;
- var validateAlgorithm = utils.validateAlgorithm;
-
- ///--- Exported API
-
- module.exports = {
- /**
- * Verify RSA/DSA signature against public key. You are expected to pass in
- * an object that was returned from `parse()`.
- *
- * @param {Object} parsedSignature the object you got from `parse`.
- * @param {String} pubkey RSA/DSA private key PEM.
- * @return {Boolean} true if valid, false otherwise.
- * @throws {TypeError} if you pass in bad arguments.
- * @throws {InvalidAlgorithmError}
- */
- verifySignature: function verifySignature(parsedSignature, pubkey) {
- assert.object(parsedSignature, 'parsedSignature');
- if (typeof (pubkey) === 'string' || Buffer.isBuffer(pubkey))
- pubkey = sshpk.parseKey(pubkey);
- assert.ok(sshpk.Key.isKey(pubkey, [1, 1]), 'pubkey must be a sshpk.Key');
-
- var alg = validateAlgorithm(parsedSignature.algorithm);
- if (alg[0] === 'hmac' || alg[0] !== pubkey.type)
- return (false);
-
- var v = pubkey.createVerify(alg[1]);
- v.update(parsedSignature.signingString);
- return (v.verify(parsedSignature.params.signature, 'base64'));
- },
-
- /**
- * Verify HMAC against shared secret. You are expected to pass in an object
- * that was returned from `parse()`.
- *
- * @param {Object} parsedSignature the object you got from `parse`.
- * @param {String} secret HMAC shared secret.
- * @return {Boolean} true if valid, false otherwise.
- * @throws {TypeError} if you pass in bad arguments.
- * @throws {InvalidAlgorithmError}
- */
- verifyHMAC: function verifyHMAC(parsedSignature, secret) {
- assert.object(parsedSignature, 'parsedHMAC');
- assert.string(secret, 'secret');
-
- var alg = validateAlgorithm(parsedSignature.algorithm);
- if (alg[0] !== 'hmac')
- return (false);
-
- var hashAlg = alg[1].toUpperCase();
-
- var hmac = crypto.createHmac(hashAlg, secret);
- hmac.update(parsedSignature.signingString);
-
- /*
- * Now double-hash to avoid leaking timing information - there's
- * no easy constant-time compare in JS, so we use this approach
- * instead. See for more info:
- * https://www.isecpartners.com/blog/2011/february/double-hmac-
- * verification.aspx
- */
- var h1 = crypto.createHmac(hashAlg, secret);
- h1.update(hmac.digest());
- h1 = h1.digest();
- var h2 = crypto.createHmac(hashAlg, secret);
- h2.update(new Buffer(parsedSignature.params.signature, 'base64'));
- h2 = h2.digest();
-
- /* Node 0.8 returns strings from .digest(). */
- if (typeof (h1) === 'string')
- return (h1 === h2);
- /* And node 0.10 lacks the .equals() method on Buffers. */
- if (Buffer.isBuffer(h1) && !h1.equals)
- return (h1.toString('binary') === h2.toString('binary'));
-
- return (h1.equals(h2));
- }
- };
|
