Initial commit

Author: hkatzdev

.replit

@@ -0,0 +1,2 @@
+run = "deno test -c tsconfig.json test.ts"
+language = "deno"

LICENSE

@@ -0,0 +1,29 @@
+Copyright (c) 2014-2020, Sideway Inc, and project contributors
+Copyright (c) 2015-2020, Vadim Demedes
+Copyright (c) 2020, Harrison Katz
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,29 @@
+# secure-compare
+
+Constant-time comparison algorithm to prevent timing attacks for ~~Node.js~~ Deno.
+Copied from [cryptiles](https://github.com/hapijs/cryptiles) by [C J Silverio](https://github.com/ceejbot) and from [secure-compare](https://github.com/vadimdemedes/secure-compare) by [Vadim Demedes](https://github.com/vadimdemedes).
+
+### Usage
+
+```typescript
+import secureCompare from "https://denopkg.com/hkatzdev/secure-compare/mod.ts";
+
+if (!secureCompare('hello world', 'hello world')) throw Error();
+
+if (!secureCompare('你好世界', '你好世界')) throw Error();
+
+if (secureCompare('hello', 'not hello')) throw Error();
+```
+
+[![Run on Repl.it](https://repl.it/badge/github/hkatzdev/secure-compare)](https://repl.it/github/hkatzdev/secure-compare)
+
+### Tests
+
+```
+$ deno test
+```
+
+
+### License
+
+secure-compare is released under the BSD 3 Clause license.

mod.ts

@@ -0,0 +1,13 @@
+export default (a: string, b: string): boolean => {
+  let mismatch = a.length === b.length ? 0 : 1;
+
+  if (mismatch) b = a;
+
+  for (let i = 0, il = a.length; i < il; ++i) {
+    const ac = a.charCodeAt(i);
+    const bc = b.charCodeAt(i);
+    mismatch |= (ac ^ bc);
+  }
+
+  return mismatch === 0;
+};

test.ts

@@ -0,0 +1,61 @@
+import secureCompare from "./mod.ts";
+
+const a = Math.random().toString(36).substring(2, 15);
+const b = Math.random().toString(36).substring(2, 15) +
+  Math.random().toString(36).substring(2, 15);
+
+Deno.test("Should take the same amount of time comparing different string sizes", () => {
+  let now = Date.now();
+  secureCompare(b, a);
+  const t1 = Date.now() - now;
+
+  now = Date.now();
+  secureCompare(b, b);
+  const t2 = Date.now() - now;
+
+  if (Math.abs(t1 - t2) > 1) {
+    throw Error(
+      "Constant time test failed - greater than a 1 millisecond difference.",
+    );
+  }
+});
+
+Deno.test("Should return true for equal strings", () => {
+  if (!secureCompare(a, a)) {
+    throw Error(
+      "Same string test failed - returned false for identical strings.",
+    );
+  }
+});
+
+Deno.test("Should return false for different strings (size, a < b)", () => {
+  if (secureCompare(a, a + "x")) {
+    throw Error(
+      "Different string w/ different sizes (a < b) test failed - returned true for different strings.",
+    );
+  }
+});
+
+Deno.test("Should return false for different strings (size, a > b)", () => {
+  if (secureCompare(a + "x", a)) {
+    throw Error(
+      "Different string w/ different sizes (a > b) test failed - returned true for different strings.",
+    );
+  }
+});
+
+Deno.test("Should return false for different strings (size, a = b)", () => {
+  if (secureCompare(a + "x", a + "y")) {
+    throw Error(
+      "Different string w/ same size test failed - returned true for different strings.",
+    );
+  }
+});
+
+Deno.test("Should return true if the strings are identical in utf8", () => {
+  if (!secureCompare("你好世界", "你好世界")) {
+    throw Error(
+      "UTF8 test failed - returned false for identical strings.",
+    );
+  }
+});

tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "compilerOptions": {
+    "noFallthroughCasesInSwitch": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "removeComments": true,
+  }
+}