Your IP : 216.73.216.86

Current Path : /home/emeraadmin/public_html/4d695/
Upload File :
Current File : /home/emeraadmin/public_html/4d695/scmp.tar

benchmark/benchmark.js000064400000001415151701467500010775 0ustar00'use strict'

const Benchmark = require('benchmark')
const scmp = require('../')

// `safe-buffer` in case `Buffer.from` in newer versions of node aren't available
const Buffer = require('safe-buffer').Buffer

const HASH1 = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const HASH2 = Buffer.from('f727d1464ae12436e899a726da5b2f11d8381b26', 'hex')

const suite = new Benchmark.Suite()
suite.add('short-circuit compares', function () {
  // eslint-disable-next-line no-unused-expressions
  HASH1 === HASH2
})
  .add('scmp compares', function () {
    scmp(HASH1, HASH2)
  })
  .on('cycle', function (event) {
    console.log(String(event.target))
  })
  .on('complete', function () {
    console.log('Fastest is ' + this.filter('fastest').map('name'))
  })
  .run()
benchmark/crypto-check.js000064400000001701151701467500011434 0ustar00'use strict'

const crypto = require('crypto')
const Benchmark = require('benchmark')

const scmpCompare = require('../lib/scmpCompare')
const compareFn = crypto.timingSafeEqual || scmpCompare

// `safe-buffer` in case `Buffer.from` in newer versions of node aren't available
const Buffer = require('safe-buffer').Buffer

const HASH1 = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const HASH2 = Buffer.from('f727d1464ae12436e899a726da5b2f11d8381b26', 'hex')

const suite = new Benchmark.Suite()
suite.add('crypto check each fn call', function () {
  if (crypto.timingSafeEqual) {
    return crypto.timingSafeEqual(HASH1, HASH2)
  }
  return scmpCompare(HASH1, HASH2)
})
  .add('crypto check once', function () {
    return compareFn(HASH1, HASH2)
  })
  .on('cycle', function (event) {
    console.log(String(event.target))
  })
  .on('complete', function () {
    console.log('Fastest is ' + this.filter('fastest').map('name'))
  })
  .run()
package.json000064400000003145151701467500007043 0ustar00{
  "_from": "scmp@^2.1.0",
  "_id": "scmp@2.1.0",
  "_inBundle": false,
  "_integrity": "sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q==",
  "_location": "/scmp",
  "_phantomChildren": {},
  "_requested": {
    "type": "range",
    "registry": true,
    "raw": "scmp@^2.1.0",
    "name": "scmp",
    "escapedName": "scmp",
    "rawSpec": "^2.1.0",
    "saveSpec": null,
    "fetchSpec": "^2.1.0"
  },
  "_requiredBy": [
    "/twilio"
  ],
  "_resolved": "https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz",
  "_shasum": "37b8e197c425bdeb570ab91cc356b311a11f9c9a",
  "_spec": "scmp@^2.1.0",
  "_where": "C:\\xampp\\htdocs\\emeraltd\\node_modules\\twilio",
  "author": {
    "name": "Sean Lavine"
  },
  "bugs": {
    "url": "https://github.com/freewil/scmp/issues"
  },
  "bundleDependencies": false,
  "dependencies": {},
  "deprecated": false,
  "description": "safe, constant-time comparison of Buffers",
  "devDependencies": {
    "benchmark": "^2.1.4",
    "mocha": "^6.2.0",
    "safe-buffer": "^5.1.2",
    "standard": "^14.3.1"
  },
  "homepage": "https://github.com/freewil/scmp#readme",
  "keywords": [
    "safe-compare",
    "compare",
    "time-equivalent-comparison",
    "time equivalent",
    "constant-time",
    "constant time"
  ],
  "license": "BSD-3-Clause",
  "main": "index.js",
  "name": "scmp",
  "repository": {
    "type": "git",
    "url": "git://github.com/freewil/scmp.git"
  },
  "scripts": {
    "posttest": "node benchmark/benchmark.js && node benchmark/crypto-check.js",
    "pretest": "standard --verbose",
    "test": "mocha"
  },
  "version": "2.1.0"
}
lib/scmpCompare.js000064400000000275151701467510010134 0ustar00'use strict'

module.exports = function scmpCompare (a, b) {
  const len = a.length
  let result = 0
  for (let i = 0; i < len; ++i) {
    result |= a[i] ^ b[i]
  }
  return result === 0
}
.travis.yml000064400000000064151701467510006664 0ustar00language: node_js
node_js:
  - "6"
  - "8"
  - "10"
test/test.js000064400000002363151701467510007053 0ustar00/* eslint-env mocha */
'use strict'

const assert = require('assert')
const scmp = require('../')

// use safe-buffer in case Buffer.from in newer versions of node aren't
// available
const Buffer = require('safe-buffer').Buffer

describe('scmp', function () {
  it('should return true for identical strings', function () {
    assert(scmp(Buffer.from('a', 'utf8'), Buffer.from('a', 'utf8')))
    assert(scmp(Buffer.from('abc', 'utf8'), Buffer.from('abc', 'utf8')))
    assert(scmp(Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex'), Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')))
  })

  it('should return false for non-identical strings', function () {
    assert(!scmp(Buffer.from('a', 'utf8'), Buffer.from('b', 'utf8')))
    assert(!scmp(Buffer.from('abc', 'utf8'), Buffer.from('b', 'utf8')))
    assert(!scmp(Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex'), Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex')))
  })

  it('should throw errors for non-Buffers', function () {
    assert.throws(scmp.bind(null, 'a', {}))
    assert.throws(scmp.bind(null, {}, 'b'))
    assert.throws(scmp.bind(null, 1, 2))
    assert.throws(scmp.bind(null, undefined, 2))
    assert.throws(scmp.bind(null, null, 2))
  })
})
LICENSE000064400000002746151701467510005571 0ustar00Copyright (c) 2014, Sean Lavine
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.
    * Neither the name of the scmp project nor the
      names of its contributors may be used to endorse or promote products
      derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
index.js000064400000001713151701467510006222 0ustar00'use strict'

const crypto = require('crypto')
const scmpCompare = require('./lib/scmpCompare')

/**
 * Does a constant-time Buffer comparison by not short-circuiting
 * on first sign of non-equivalency.
 *
 * @param {Buffer} a The first Buffer to be compared against the second
 * @param {Buffer} b The second Buffer to be compared against the first
 * @return {Boolean}
 */
module.exports = function scmp (a, b) {
  // check that both inputs are buffers
  if (!Buffer.isBuffer(a) || !Buffer.isBuffer(b)) {
    throw new Error('Both scmp args must be Buffers')
  }

  // return early here if buffer lengths are not equal since timingSafeEqual
  // will throw if buffer lengths are not equal
  if (a.length !== b.length) {
    return false
  }

  // use crypto.timingSafeEqual if available (since Node.js v6.6.0),
  // otherwise use our own scmp-internal function.
  if (crypto.timingSafeEqual) {
    return crypto.timingSafeEqual(a, b)
  }

  return scmpCompare(a, b)
}
HISTORY.md000064400000000626151701467510006242 0ustar00# History

## v2.1.0 (2019/12/26)
* code now uses `standard` as linter
* `var` has been replaced with `const` and `let`
* code now executed in strict mode

## v2.0.0 (2016/11/05)
* Buffers are now required to be passed as arguments. In 1.x,
  the arguments were assumed to be strings, and were always run through
  `String()`.
* Starting with Node.js v6.6.0, use `crypto.timingSafeEqual()` (if available).
README.md000064400000001771151701467510006040 0ustar00# scmp
[![travis][travis-image]][travis-url]
[![npm][npm-image]][npm-url]
[![downloads][downloads-image]][downloads-url]

[travis-image]: https://travis-ci.org/freewil/scmp.svg?branch=master
[travis-url]: https://travis-ci.org/freewil/scmp

[npm-image]: https://img.shields.io/npm/v/scmp.svg?style=flat
[npm-url]: https://npmjs.org/package/scmp

[downloads-image]: https://img.shields.io/npm/dm/scmp.svg?style=flat
[downloads-url]: https://npmjs.org/package/scmp

Safe, constant-time comparison of Buffers.

## Install

```
npm install scmp
```

## Why?

To minimize vulnerability against [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/).

## Example

```js
const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;

const hash      = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');

if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}

```