1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
|
/**
* bcrypt namespace.
* @type {Object.<string,*>}
*/
var bcrypt = {};
/**
* The random implementation to use as a fallback.
* @type {?function(number):!Array.<number>}
* @inner
*/
var randomFallback = null;
/**
* Generates cryptographically secure random bytes.
* @function
* @param {number} len Bytes length
* @returns {!Array.<number>} Random bytes
* @throws {Error} If no random implementation is available
* @inner
*/
function random(len) {
/* node */ if (typeof module !== 'undefined' && module && module['exports'])
try {
return require("crypto")['randomBytes'](len);
} catch (e) {}
/* WCA */ try {
var a; (self['crypto']||self['msCrypto'])['getRandomValues'](a = new Uint32Array(len));
return Array.prototype.slice.call(a);
} catch (e) {}
/* fallback */ if (!randomFallback)
throw Error("Neither WebCryptoAPI nor a crypto module is available. Use bcrypt.setRandomFallback to set an alternative");
return randomFallback(len);
}
// Test if any secure randomness source is available
var randomAvailable = false;
try {
random(1);
randomAvailable = true;
} catch (e) {}
// Default fallback, if any
randomFallback = /*? if (ISAAC) { */function(len) {
for (var a=[], i=0; i<len; ++i)
a[i] = ((0.5 + isaac() * 2.3283064365386963e-10) * 256) | 0;
return a;
};/*? } else { */null;/*? }*/
/**
* Sets the pseudo random number generator to use as a fallback if neither node's `crypto` module nor the Web Crypto
* API is available. Please note: It is highly important that the PRNG used is cryptographically secure and that it
* is seeded properly!
* @param {?function(number):!Array.<number>} random Function taking the number of bytes to generate as its
* sole argument, returning the corresponding array of cryptographically secure random byte values.
* @see http://nodejs.org/api/crypto.html
* @see http://www.w3.org/TR/WebCryptoAPI/
*/
bcrypt.setRandomFallback = function(random) {
randomFallback = random;
};
/**
* Synchronously generates a salt.
* @param {number=} rounds Number of rounds to use, defaults to 10 if omitted
* @param {number=} seed_length Not supported.
* @returns {string} Resulting salt
* @throws {Error} If a random fallback is required but not set
* @expose
*/
bcrypt.genSaltSync = function(rounds, seed_length) {
rounds = rounds || GENSALT_DEFAULT_LOG2_ROUNDS;
if (typeof rounds !== 'number')
throw Error("Illegal arguments: "+(typeof rounds)+", "+(typeof seed_length));
if (rounds < 4)
rounds = 4;
else if (rounds > 31)
rounds = 31;
var salt = [];
salt.push("$2a$");
if (rounds < 10)
salt.push("0");
salt.push(rounds.toString());
salt.push('$');
salt.push(base64_encode(random(BCRYPT_SALT_LEN), BCRYPT_SALT_LEN)); // May throw
return salt.join('');
};
/**
* Asynchronously generates a salt.
* @param {(number|function(Error, string=))=} rounds Number of rounds to use, defaults to 10 if omitted
* @param {(number|function(Error, string=))=} seed_length Not supported.
* @param {function(Error, string=)=} callback Callback receiving the error, if any, and the resulting salt
* @returns {!Promise} If `callback` has been omitted
* @throws {Error} If `callback` is present but not a function
* @expose
*/
bcrypt.genSalt = function(rounds, seed_length, callback) {
if (typeof seed_length === 'function')
callback = seed_length,
seed_length = undefined; // Not supported.
if (typeof rounds === 'function')
callback = rounds,
rounds = undefined;
if (typeof rounds === 'undefined')
rounds = GENSALT_DEFAULT_LOG2_ROUNDS;
else if (typeof rounds !== 'number')
throw Error("illegal arguments: "+(typeof rounds));
function _async(callback) {
nextTick(function() { // Pretty thin, but salting is fast enough
try {
callback(null, bcrypt.genSaltSync(rounds));
} catch (err) {
callback(err);
}
});
}
if (callback) {
if (typeof callback !== 'function')
throw Error("Illegal callback: "+typeof(callback));
_async(callback);
} else
return new Promise(function(resolve, reject) {
_async(function(err, res) {
if (err) {
reject(err);
return;
}
resolve(res);
});
});
};
/**
* Synchronously generates a hash for the given string.
* @param {string} s String to hash
* @param {(number|string)=} salt Salt length to generate or salt to use, default to 10
* @returns {string} Resulting hash
* @expose
*/
bcrypt.hashSync = function(s, salt) {
if (typeof salt === 'undefined')
salt = GENSALT_DEFAULT_LOG2_ROUNDS;
if (typeof salt === 'number')
salt = bcrypt.genSaltSync(salt);
if (typeof s !== 'string' || typeof salt !== 'string')
throw Error("Illegal arguments: "+(typeof s)+', '+(typeof salt));
return _hash(s, salt);
};
/**
* Asynchronously generates a hash for the given string.
* @param {string} s String to hash
* @param {number|string} salt Salt length to generate or salt to use
* @param {function(Error, string=)=} callback Callback receiving the error, if any, and the resulting hash
* @param {function(number)=} progressCallback Callback successively called with the percentage of rounds completed
* (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms.
* @returns {!Promise} If `callback` has been omitted
* @throws {Error} If `callback` is present but not a function
* @expose
*/
bcrypt.hash = function(s, salt, callback, progressCallback) {
function _async(callback) {
if (typeof s === 'string' && typeof salt === 'number')
bcrypt.genSalt(salt, function(err, salt) {
_hash(s, salt, callback, progressCallback);
});
else if (typeof s === 'string' && typeof salt === 'string')
_hash(s, salt, callback, progressCallback);
else
nextTick(callback.bind(this, Error("Illegal arguments: "+(typeof s)+', '+(typeof salt))));
}
if (callback) {
if (typeof callback !== 'function')
throw Error("Illegal callback: "+typeof(callback));
_async(callback);
} else
return new Promise(function(resolve, reject) {
_async(function(err, res) {
if (err) {
reject(err);
return;
}
resolve(res);
});
});
};
/**
* Compares two strings of the same length in constant time.
* @param {string} known Must be of the correct length
* @param {string} unknown Must be the same length as `known`
* @returns {boolean}
* @inner
*/
function safeStringCompare(known, unknown) {
var right = 0,
wrong = 0;
for (var i=0, k=known.length; i<k; ++i) {
if (known.charCodeAt(i) === unknown.charCodeAt(i))
++right;
else
++wrong;
}
// Prevent removal of unused variables (never true, actually)
if (right < 0)
return false;
return wrong === 0;
}
/**
* Synchronously tests a string against a hash.
* @param {string} s String to compare
* @param {string} hash Hash to test against
* @returns {boolean} true if matching, otherwise false
* @throws {Error} If an argument is illegal
* @expose
*/
bcrypt.compareSync = function(s, hash) {
if (typeof s !== "string" || typeof hash !== "string")
throw Error("Illegal arguments: "+(typeof s)+', '+(typeof hash));
if (hash.length !== 60)
return false;
return safeStringCompare(bcrypt.hashSync(s, hash.substr(0, hash.length-31)), hash);
};
/**
* Asynchronously compares the given data against the given hash.
* @param {string} s Data to compare
* @param {string} hash Data to be compared to
* @param {function(Error, boolean)=} callback Callback receiving the error, if any, otherwise the result
* @param {function(number)=} progressCallback Callback successively called with the percentage of rounds completed
* (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms.
* @returns {!Promise} If `callback` has been omitted
* @throws {Error} If `callback` is present but not a function
* @expose
*/
bcrypt.compare = function(s, hash, callback, progressCallback) {
function _async(callback) {
if (typeof s !== "string" || typeof hash !== "string") {
nextTick(callback.bind(this, Error("Illegal arguments: "+(typeof s)+', '+(typeof hash))));
return;
}
if (hash.length !== 60) {
nextTick(callback.bind(this, null, false));
return;
}
bcrypt.hash(s, hash.substr(0, 29), function(err, comp) {
if (err)
callback(err);
else
callback(null, safeStringCompare(comp, hash));
}, progressCallback);
}
if (callback) {
if (typeof callback !== 'function')
throw Error("Illegal callback: "+typeof(callback));
_async(callback);
} else
return new Promise(function(resolve, reject) {
_async(function(err, res) {
if (err) {
reject(err);
return;
}
resolve(res);
});
});
};
/**
* Gets the number of rounds used to encrypt the specified hash.
* @param {string} hash Hash to extract the used number of rounds from
* @returns {number} Number of rounds used
* @throws {Error} If `hash` is not a string
* @expose
*/
bcrypt.getRounds = function(hash) {
if (typeof hash !== "string")
throw Error("Illegal arguments: "+(typeof hash));
return parseInt(hash.split("$")[2], 10);
};
/**
* Gets the salt portion from a hash. Does not validate the hash.
* @param {string} hash Hash to extract the salt from
* @returns {string} Extracted salt part
* @throws {Error} If `hash` is not a string or otherwise invalid
* @expose
*/
bcrypt.getSalt = function(hash) {
if (typeof hash !== 'string')
throw Error("Illegal arguments: "+(typeof hash));
if (hash.length !== 60)
throw Error("Illegal hash length: "+hash.length+" != 60");
return hash.substring(0, 29);
};
//? include("bcrypt/util.js");
//? include("bcrypt/impl.js");
/**
* Encodes a byte array to base64 with up to len bytes of input, using the custom bcrypt alphabet.
* @function
* @param {!Array.<number>} b Byte array
* @param {number} len Maximum input length
* @returns {string}
* @expose
*/
bcrypt.encodeBase64 = base64_encode;
/**
* Decodes a base64 encoded string to up to len bytes of output, using the custom bcrypt alphabet.
* @function
* @param {string} s String to decode
* @param {number} len Maximum output length
* @returns {!Array.<number>}
* @expose
*/
bcrypt.decodeBase64 = base64_decode;
|
