diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2023-02-14 17:38:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-14 17:38:45 +0100 |
| commit | d47147fb6ad229b1c039aff9d0959b6e281f4df5 (patch) | |
| tree | 6e9e790f2b9bc71b5f0c9c7e64b95cae31579d58 /ext/node/polyfills/internal_binding/_timingSafeEqual.ts | |
| parent | 1d00bbe47e2ca14e2d2151518e02b2324461a065 (diff) | |
feat(ext/node): embed std/node into the snapshot (#17724)
This commit moves "deno_std/node" in "ext/node" crate. The code is
transpiled and snapshotted during the build process.
During the first pass a minimal amount of work was done to create the
snapshot, a lot of code in "ext/node" depends on presence of "Deno"
global. This code will be gradually fixed in the follow up PRs to migrate
it to import relevant APIs from "internal:" modules.
Currently the code from snapshot is not used in any way, and all
Node/npm compatibility still uses code from
"https://deno.land/std/node" (or from the location specified by
"DENO_NODE_COMPAT_URL"). This will also be handled in a follow
up PRs.
---------
Co-authored-by: crowlkats <crowlkats@toaxl.com>
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Diffstat (limited to 'ext/node/polyfills/internal_binding/_timingSafeEqual.ts')
| -rw-r--r-- | ext/node/polyfills/internal_binding/_timingSafeEqual.ts | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/ext/node/polyfills/internal_binding/_timingSafeEqual.ts b/ext/node/polyfills/internal_binding/_timingSafeEqual.ts new file mode 100644 index 000000000..9002300d1 --- /dev/null +++ b/ext/node/polyfills/internal_binding/_timingSafeEqual.ts @@ -0,0 +1,43 @@ +// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. +import { Buffer } from "internal:deno_node/polyfills/buffer.ts"; + +function assert(cond) { + if (!cond) { + throw new Error("assertion failed"); + } +} + +/** Compare to array buffers or data views in a way that timing based attacks + * cannot gain information about the platform. */ +function stdTimingSafeEqual( + a: ArrayBufferView | ArrayBufferLike | DataView, + b: ArrayBufferView | ArrayBufferLike | DataView, +): boolean { + if (a.byteLength !== b.byteLength) { + return false; + } + if (!(a instanceof DataView)) { + a = new DataView(ArrayBuffer.isView(a) ? a.buffer : a); + } + if (!(b instanceof DataView)) { + b = new DataView(ArrayBuffer.isView(b) ? b.buffer : b); + } + assert(a instanceof DataView); + assert(b instanceof DataView); + const length = a.byteLength; + let out = 0; + let i = -1; + while (++i < length) { + out |= a.getUint8(i) ^ b.getUint8(i); + } + return out === 0; +} + +export const timingSafeEqual = ( + a: Buffer | DataView | ArrayBuffer, + b: Buffer | DataView | ArrayBuffer, +): boolean => { + if (a instanceof Buffer) a = new DataView(a.buffer); + if (a instanceof Buffer) b = new DataView(a.buffer); + return stdTimingSafeEqual(a, b); +}; |