Move fixTimeComp. Closes #222

lib/crypto.js

@@ -127,14 +127,3 @@ exports.timestampMessage = function (credentials, localtimeOffsetMsec) {
     const tsm = exports.calculateTsMac(now, credentials);
     return { ts: now, tsm };
 };
-
-
-exports.fixedTimeComparison = function (a, b) {
-
-    try {
-        return Crypto.timingSafeEqual(new Buffer(a), new Buffer(b));
-    }
-    catch (err) {
-        return false;
-    }
-};

lib/server.js

@@ -3,6 +3,7 @@
 // Load modules
 
 const Boom = require('boom');
+const Cryptiles = require('cryptiles');
 const Hoek = require('hoek');
 
 const Crypto = require('./crypto');
@@ -158,7 +159,7 @@ exports.authenticate = async function (req, credentialsFunc, options) {
     // Calculate MAC
 
     const mac = Crypto.calculateMac('header', credentials, artifacts);
-    if (!Crypto.fixedTimeComparison(mac, attributes.mac)) {
+    if (!Cryptiles.fixedTimeComparison(mac, attributes.mac)) {
         throw Object.assign(Utils.unauthorized('Bad mac'), result);
     }
 
@@ -172,7 +173,7 @@ exports.authenticate = async function (req, credentialsFunc, options) {
         }
 
         const hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType);
-        if (!Crypto.fixedTimeComparison(hash, attributes.hash)) {
+        if (!Cryptiles.fixedTimeComparison(hash, attributes.hash)) {
             throw Object.assign(Utils.unauthorized('Bad payload hash'), result);
         }
     }
@@ -215,7 +216,7 @@ exports.authenticate = async function (req, credentialsFunc, options) {
 exports.authenticatePayload = function (payload, credentials, artifacts, contentType) {
 
     const calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType);
-    if (!Crypto.fixedTimeComparison(calculatedHash, artifacts.hash)) {
+    if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) {
         throw Object.assign(Utils.unauthorized('Bad payload hash'), { credentials, artifacts });
     }
 };
@@ -232,7 +233,7 @@ exports.authenticatePayload = function (payload, credentials, artifacts, content
 
 exports.authenticatePayloadHash = function (calculatedHash, artifacts) {
 
-    if (!Crypto.fixedTimeComparison(calculatedHash, artifacts.hash)) {
+    if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) {
         throw Object.assign(Utils.unauthorized('Bad payload hash'), { artifacts });
     }
 };
@@ -441,7 +442,7 @@ exports.authenticateBewit = async function (req, credentialsFunc, options) {
         ext: bewit.ext
     });
 
-    if (!Crypto.fixedTimeComparison(mac, bewit.mac)) {
+    if (!Cryptiles.fixedTimeComparison(mac, bewit.mac)) {
         throw Object.assign(Utils.unauthorized('Bad mac'), result);
     }
 
@@ -511,14 +512,14 @@ exports.authenticateMessage = async function (host, port, message, authorization
     // Calculate MAC
 
     const mac = Crypto.calculateMac('message', credentials, artifacts);
-    if (!Crypto.fixedTimeComparison(mac, authorization.mac)) {
+    if (!Cryptiles.fixedTimeComparison(mac, authorization.mac)) {
         throw Object.assign(Utils.unauthorized('Bad mac'), result);
     }
 
     // Check payload hash
 
     const hash = Crypto.calculatePayloadHash(message, credentials.algorithm);
-    if (!Crypto.fixedTimeComparison(hash, authorization.hash)) {
+    if (!Cryptiles.fixedTimeComparison(hash, authorization.hash)) {
         throw Object.assign(Utils.unauthorized('Bad message hash'), result);
     }