node-forge 0.6.32 → 0.6.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bower.json +1 -1
- package/js/aesCipherSuites.js +33 -7
- package/package.json +1 -1
package/bower.json
CHANGED
package/js/aesCipherSuites.js
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* @author Dave Longley
|
|
5
5
|
*
|
|
6
|
-
* Copyright (c) 2009-
|
|
6
|
+
* Copyright (c) 2009-2015 Digital Bazaar, Inc.
|
|
7
7
|
*
|
|
8
8
|
*/
|
|
9
9
|
(function() {
|
|
@@ -232,11 +232,9 @@ function decrypt_aes_cbc_sha1(record, s) {
|
|
|
232
232
|
// last 20 bytes = MAC
|
|
233
233
|
var macLen = s.macLength;
|
|
234
234
|
|
|
235
|
-
// create a
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
mac += String.fromCharCode(0);
|
|
239
|
-
}
|
|
235
|
+
// create a random MAC to check against should the mac length check fail
|
|
236
|
+
// Note: do this regardless of the failure to keep timing consistent
|
|
237
|
+
var mac = forge.random.getBytesSync(macLen);
|
|
240
238
|
|
|
241
239
|
// get fragment and mac
|
|
242
240
|
var len = cipher.output.length();
|
|
@@ -253,10 +251,38 @@ function decrypt_aes_cbc_sha1(record, s) {
|
|
|
253
251
|
// see if data integrity checks out, update sequence number
|
|
254
252
|
var mac2 = s.macFunction(s.macKey, s.sequenceNumber, record);
|
|
255
253
|
s.updateSequenceNumber();
|
|
256
|
-
rval = (
|
|
254
|
+
rval = compareMacs(s.macKey, mac, mac2) && rval;
|
|
257
255
|
return rval;
|
|
258
256
|
}
|
|
259
257
|
|
|
258
|
+
/**
|
|
259
|
+
* Safely compare two MACs. This function will compare two MACs in a way
|
|
260
|
+
* that protects against timing attacks.
|
|
261
|
+
*
|
|
262
|
+
* TODO: Expose elsewhere as a utility API.
|
|
263
|
+
*
|
|
264
|
+
* See: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
|
|
265
|
+
*
|
|
266
|
+
* @param key the MAC key to use.
|
|
267
|
+
* @param mac1 as a binary-encoded string of bytes.
|
|
268
|
+
* @param mac2 as a binary-encoded string of bytes.
|
|
269
|
+
*
|
|
270
|
+
* @return true if the MACs are the same, false if not.
|
|
271
|
+
*/
|
|
272
|
+
function compareMacs(key, mac1, mac2) {
|
|
273
|
+
var hmac = forge.hmac.create();
|
|
274
|
+
|
|
275
|
+
hmac.start('SHA1', key);
|
|
276
|
+
hmac.update(mac1);
|
|
277
|
+
mac1 = hmac.digest().getBytes();
|
|
278
|
+
|
|
279
|
+
hmac.start(null, null);
|
|
280
|
+
hmac.update(mac2);
|
|
281
|
+
mac2 = hmac.digest().getBytes();
|
|
282
|
+
|
|
283
|
+
return mac1 === mac2;
|
|
284
|
+
}
|
|
285
|
+
|
|
260
286
|
} // end module implementation
|
|
261
287
|
|
|
262
288
|
/* ########## Begin module wrapper ########## */
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "node-forge",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.33",
|
|
4
4
|
"description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
|
|
5
5
|
"homepage": "http://github.com/digitalbazaar/forge",
|
|
6
6
|
"author": {
|