You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
3.0 KiB

  1. // Copyright 2015 Joyent, Inc.
  2. var assert = require('assert-plus');
  3. var crypto = require('crypto');
  4. var sshpk = require('sshpk');
  5. var utils = require('./utils');
  6. var HASH_ALGOS = utils.HASH_ALGOS;
  7. var PK_ALGOS = utils.PK_ALGOS;
  8. var InvalidAlgorithmError = utils.InvalidAlgorithmError;
  9. var HttpSignatureError = utils.HttpSignatureError;
  10. var validateAlgorithm = utils.validateAlgorithm;
  11. ///--- Exported API
  12. module.exports = {
  13. /**
  14. * Verify RSA/DSA signature against public key. You are expected to pass in
  15. * an object that was returned from `parse()`.
  16. *
  17. * @param {Object} parsedSignature the object you got from `parse`.
  18. * @param {String} pubkey RSA/DSA private key PEM.
  19. * @return {Boolean} true if valid, false otherwise.
  20. * @throws {TypeError} if you pass in bad arguments.
  21. * @throws {InvalidAlgorithmError}
  22. */
  23. verifySignature: function verifySignature(parsedSignature, pubkey) {
  24. assert.object(parsedSignature, 'parsedSignature');
  25. if (typeof (pubkey) === 'string' || Buffer.isBuffer(pubkey))
  26. pubkey = sshpk.parseKey(pubkey);
  27. assert.ok(sshpk.Key.isKey(pubkey, [1, 1]), 'pubkey must be a sshpk.Key');
  28. var alg = validateAlgorithm(parsedSignature.algorithm);
  29. if (alg[0] === 'hmac' || alg[0] !== pubkey.type)
  30. return (false);
  31. var v = pubkey.createVerify(alg[1]);
  32. v.update(parsedSignature.signingString);
  33. return (v.verify(parsedSignature.params.signature, 'base64'));
  34. },
  35. /**
  36. * Verify HMAC against shared secret. You are expected to pass in an object
  37. * that was returned from `parse()`.
  38. *
  39. * @param {Object} parsedSignature the object you got from `parse`.
  40. * @param {String} secret HMAC shared secret.
  41. * @return {Boolean} true if valid, false otherwise.
  42. * @throws {TypeError} if you pass in bad arguments.
  43. * @throws {InvalidAlgorithmError}
  44. */
  45. verifyHMAC: function verifyHMAC(parsedSignature, secret) {
  46. assert.object(parsedSignature, 'parsedHMAC');
  47. assert.string(secret, 'secret');
  48. var alg = validateAlgorithm(parsedSignature.algorithm);
  49. if (alg[0] !== 'hmac')
  50. return (false);
  51. var hashAlg = alg[1].toUpperCase();
  52. var hmac = crypto.createHmac(hashAlg, secret);
  53. hmac.update(parsedSignature.signingString);
  54. /*
  55. * Now double-hash to avoid leaking timing information - there's
  56. * no easy constant-time compare in JS, so we use this approach
  57. * instead. See for more info:
  58. * https://www.isecpartners.com/blog/2011/february/double-hmac-
  59. * verification.aspx
  60. */
  61. var h1 = crypto.createHmac(hashAlg, secret);
  62. h1.update(hmac.digest());
  63. h1 = h1.digest();
  64. var h2 = crypto.createHmac(hashAlg, secret);
  65. h2.update(new Buffer(parsedSignature.params.signature, 'base64'));
  66. h2 = h2.digest();
  67. /* Node 0.8 returns strings from .digest(). */
  68. if (typeof (h1) === 'string')
  69. return (h1 === h2);
  70. /* And node 0.10 lacks the .equals() method on Buffers. */
  71. if (Buffer.isBuffer(h1) && !h1.equals)
  72. return (h1.toString('binary') === h2.toString('binary'));
  73. return (h1.equals(h2));
  74. }
  75. };