verify.js 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. var SEA = require('./root');
  2. var shim = require('./shim');
  3. var S = require('./settings');
  4. var sha = require('./sha256');
  5. var u;
  6. SEA.verify = SEA.verify || (async (data, pair, cb, opt) => { try {
  7. var json = S.parse(data);
  8. if(false === pair){ // don't verify!
  9. var raw = S.parse(json.m);
  10. if(cb){ try{ cb(raw) }catch(e){console.log(e)} }
  11. return raw;
  12. }
  13. opt = opt || {};
  14. // SEA.I // verify is free! Requires no user permission.
  15. var pub = pair.pub || pair;
  16. var key = SEA.opt.slow_leak? await SEA.opt.slow_leak(pub) : await (shim.ossl || shim.subtle).importKey('jwk', jwk, {name: 'ECDSA', namedCurve: 'P-256'}, false, ['verify']);
  17. var hash = await sha(json.m);
  18. var buf, sig, check, tmp; try{
  19. buf = shim.Buffer.from(json.s, opt.encode || 'base64'); // NEW DEFAULT!
  20. sig = new Uint8Array(buf);
  21. check = await (shim.ossl || shim.subtle).verify({name: 'ECDSA', hash: {name: 'SHA-256'}}, key, sig, new Uint8Array(hash));
  22. if(!check){ throw "Signature did not match." }
  23. }catch(e){
  24. if(SEA.opt.fallback){
  25. return await SEA.opt.fall_verify(data, pair, cb, opt);
  26. }
  27. }
  28. var r = check? S.parse(json.m) : u;
  29. if(cb){ try{ cb(r) }catch(e){console.log(e)} }
  30. return r;
  31. } catch(e) {
  32. console.log(e); // mismatched owner FOR MARTTI
  33. SEA.err = e;
  34. if(SEA.throw){ throw e }
  35. if(cb){ cb() }
  36. return;
  37. }});
  38. module.exports = SEA.verify;
  39. // legacy & ossl leak mitigation:
  40. var knownKeys = {};
  41. var keyForPair = SEA.opt.slow_leak = pair => {
  42. if (knownKeys[pair]) return knownKeys[pair];
  43. var jwk = S.jwk(pair);
  44. knownKeys[pair] = (shim.ossl || shim.subtle).importKey("jwk", jwk, {name: 'ECDSA', namedCurve: 'P-256'}, false, ["verify"]);
  45. return knownKeys[pair];
  46. };
  47. SEA.opt.fall_verify = async function(data, pair, cb, opt, f){
  48. if(f === SEA.opt.fallback){ throw "Signature did not match" } f = f || 1;
  49. var json = S.parse(data), pub = pair.pub || pair, key = await SEA.opt.slow_leak(pub);
  50. var hash = (f <= SEA.opt.fallback)? shim.Buffer.from(await shim.subtle.digest({name: 'SHA-256'}, new shim.TextEncoder().encode(S.parse(json.m)))) : await sha(json.m); // this line is old bad buggy code but necessary for old compatibility.
  51. var buf; var sig; var check; try{
  52. buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
  53. sig = new Uint8Array(buf)
  54. check = await (shim.ossl || shim.subtle).verify({name: 'ECDSA', hash: {name: 'SHA-256'}}, key, sig, new Uint8Array(hash))
  55. if(!check){ throw "Signature did not match." }
  56. }catch(e){
  57. buf = shim.Buffer.from(json.s, 'utf8') // AUTO BACKWARD OLD UTF8 DATA!
  58. sig = new Uint8Array(buf)
  59. check = await (shim.ossl || shim.subtle).verify({name: 'ECDSA', hash: {name: 'SHA-256'}}, key, sig, new Uint8Array(hash))
  60. if(!check){ throw "Signature did not match." }
  61. }
  62. var r = check? S.parse(json.m) : u;
  63. if(cb){ try{ cb(r) }catch(e){console.log(e)} }
  64. return r;
  65. }
  66. SEA.opt.fallback = 2;