37 lines
853 B
JavaScript
37 lines
853 B
JavaScript
/*!
|
|
* ccmp.js - constant-time compare for bcoin
|
|
* Copyright (c) 2016-2017, Christopher Jeffrey (MIT License).
|
|
* https://github.com/bcoin-org/bcoin
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
const assert = require('assert');
|
|
|
|
/**
|
|
* memcmp in constant time (can only return true or false).
|
|
* This protects us against timing attacks when
|
|
* comparing an input against a secret string.
|
|
* @alias module:crypto.ccmp
|
|
* @see https://cryptocoding.net/index.php/Coding_rules
|
|
* @see `$ man 3 memcmp` (NetBSD's consttime_memequal)
|
|
* @param {Buffer} a
|
|
* @param {Buffer} b
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
module.exports = function ccmp(a, b) {
|
|
assert(Buffer.isBuffer(a));
|
|
assert(Buffer.isBuffer(b));
|
|
|
|
if (b.length === 0)
|
|
return a.length === 0;
|
|
|
|
let res = a.length ^ b.length;
|
|
|
|
for (let i = 0; i < a.length; i++)
|
|
res |= a[i] ^ b[i % b.length];
|
|
|
|
return res === 0;
|
|
};
|