pax_global_header00006660000000000000000000000064127633665160014531gustar00rootroot0000000000000052 comment=2c34befad99084806bf8471a2fb870615ab7225b cryptiles-3.1.1/000077500000000000000000000000001276336651600135515ustar00rootroot00000000000000cryptiles-3.1.1/.gitignore000066400000000000000000000002621276336651600155410ustar00rootroot00000000000000.idea *.iml npm-debug.log dump.rdb node_modules results.tap results.xml npm-shrinkwrap.json config.json .DS_Store */.DS_Store */*/.DS_Store ._* */._* */*/._* coverage.* lib-cov cryptiles-3.1.1/.npmignore000066400000000000000000000000261276336651600155460ustar00rootroot00000000000000* !lib/** !.npmignore cryptiles-3.1.1/.travis.yml000077500000000000000000000001041276336651600156600ustar00rootroot00000000000000language: node_js node_js: - "4" - "6" - "node" sudo: false cryptiles-3.1.1/LICENSE000077500000000000000000000032021276336651600145560ustar00rootroot00000000000000Copyright (c) 2014-2016, Eran Hammer and Project contributors All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * The names of any contributors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS AND CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * * The complete list of contributors can be found at: https://github.com/hueniverse/cryptiles/graphs/contributors cryptiles-3.1.1/README.md000077500000000000000000000014261276336651600150360ustar00rootroot00000000000000cryptiles ========= General purpose crypto utilities [![Build Status](https://secure.travis-ci.org/hapijs/cryptiles.png)](http://travis-ci.org/hapijs/cryptiles) Lead Maintainer - [C J Silverio](https://github.com/ceejbot) ## Methods ### `randomString( size)` Returns a cryptographically strong pseudo-random data string. Takes a size argument for the length of the string. ### `randomDigits( size)` Returns a cryptographically strong pseudo-random data string consisting of only numerical digits (0-9). Takes a size argument for the length of the string. ### `fixedTimeComparison( a, b)` Compare two strings using fixed time algorithm (to prevent time-based analysis of MAC digest match). Returns `true` if the strings match, `false` if they differ. cryptiles-3.1.1/lib/000077500000000000000000000000001276336651600143175ustar00rootroot00000000000000cryptiles-3.1.1/lib/index.js000077500000000000000000000033561276336651600157760ustar00rootroot00000000000000'use strict'; // Load modules const Crypto = require('crypto'); const Boom = require('boom'); // Declare internals const internals = {}; // Generate a cryptographically strong pseudo-random data exports.randomString = function (size) { const buffer = exports.randomBits((size + 1) * 6); if (buffer instanceof Error) { return buffer; } const string = buffer.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, ''); return string.slice(0, size); }; // Return a random string of digits exports.randomDigits = function (size) { const buffer = exports.randomBits(size * 8); if (buffer instanceof Error) { return buffer; } const digits = []; for (let i = 0; i < buffer.length; ++i) { digits.push(Math.floor(buffer[i] / 25.6)); } return digits.join(''); }; // Generate a buffer of random bits exports.randomBits = function (bits) { if (!bits || bits < 0) { return Boom.internal('Invalid random bits count'); } const bytes = Math.ceil(bits / 8); try { return Crypto.randomBytes(bytes); } catch (err) { return Boom.internal('Failed generating random bits: ' + err.message); } }; // Compare two strings using fixed time algorithm (to prevent time-based analysis of MAC digest match) exports.fixedTimeComparison = function (a, b) { if (typeof a !== 'string' || typeof b !== 'string') { return false; } let mismatch = (a.length === b.length ? 0 : 1); if (mismatch) { b = a; } for (let i = 0; i < a.length; ++i) { const ac = a.charCodeAt(i); const bc = b.charCodeAt(i); mismatch |= (ac ^ bc); } return (mismatch === 0); }; cryptiles-3.1.1/package.json000077500000000000000000000010521276336651600160400ustar00rootroot00000000000000{ "name": "cryptiles", "description": "General purpose crypto utilities", "version": "3.1.1", "repository": "git://github.com/hapijs/cryptiles", "main": "lib/index.js", "keywords": [ "cryptography", "security", "utilites" ], "engines": { "node": ">=4.0.0" }, "dependencies": { "boom": "4.x.x" }, "devDependencies": { "code": "3.x.x", "lab": "11.x.x" }, "scripts": { "test": "lab -a code -t 100 -L", "test-cov-html": "lab -a code -r html -o coverage.html" }, "license": "BSD-3-Clause" } cryptiles-3.1.1/test/000077500000000000000000000000001276336651600145305ustar00rootroot00000000000000cryptiles-3.1.1/test/index.js000077500000000000000000000057331276336651600162100ustar00rootroot00000000000000'use strict'; // Load modules const Code = require('code'); const Cryptiles = require('..'); const Lab = require('lab'); // Declare internals const internals = {}; // Test shortcuts const lab = exports.lab = Lab.script(); const describe = lab.describe; const it = lab.it; const expect = Code.expect; describe('randomString()', () => { it('should generate the right length string', (done) => { for (let i = 1; i <= 1000; ++i) { expect(Cryptiles.randomString(i).length).to.equal(i); } done(); }); it('returns an error on invalid bits size', (done) => { expect(Cryptiles.randomString(99999999999999999999).message).to.match(/Failed generating random bits/); done(); }); }); describe('randomDigits()', () => { it('should generate the right length string', (done) => { for (let i = 1; i <= 1000; ++i) { const string = Cryptiles.randomDigits(i); expect(string.length).to.equal(i); expect(string).to.match(/^\d+$/); } done(); }); it('returns an error on invalid bits size', (done) => { expect(Cryptiles.randomDigits(99999999999999999999).message).to.match(/Failed generating random bits/); done(); }); }); describe('randomBits()', () => { it('returns an error on invalid input', (done) => { expect(Cryptiles.randomBits(0).message).to.equal('Invalid random bits count'); done(); }); }); describe('fixedTimeComparison()', () => { const a = Cryptiles.randomString(50000); const b = Cryptiles.randomString(150000); it('should take the same amount of time comparing different string sizes', (done) => { let now = Date.now(); Cryptiles.fixedTimeComparison(b, a); const t1 = Date.now() - now; now = Date.now(); Cryptiles.fixedTimeComparison(b, b); const t2 = Date.now() - now; expect(t2 - t1).to.be.within(-20, 20); done(); }); it('should return true for equal strings', (done) => { expect(Cryptiles.fixedTimeComparison(a, a)).to.equal(true); done(); }); it('should return false for different strings (size, a < b)', (done) => { expect(Cryptiles.fixedTimeComparison(a, a + 'x')).to.equal(false); done(); }); it('should return false for different strings (size, a > b)', (done) => { expect(Cryptiles.fixedTimeComparison(a + 'x', a)).to.equal(false); done(); }); it('should return false for different strings (size, a = b)', (done) => { expect(Cryptiles.fixedTimeComparison(a + 'x', a + 'y')).to.equal(false); done(); }); it('should return false when not a string', (done) => { expect(Cryptiles.fixedTimeComparison('x', null)).to.equal(false); done(); }); it('should return false when not a string (left)', (done) => { expect(Cryptiles.fixedTimeComparison(null, 'x')).to.equal(false); done(); }); });