/
verify.ts
46 lines (40 loc) · 1.21 KB
/
verify.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import * as crypto from 'crypto'
import { promisify } from 'util'
import type { VerifyFunction } from '../interfaces.d'
import nodeDigest from './dsa_digest.js'
import nodeKey from './node_key.js'
import sign from './sign.js'
import getVerifyKey from './get_sign_verify_key.js'
import { oneShotCallback } from './flags.js'
let oneShotVerify: (
alg: string | undefined,
data: Uint8Array,
key: ReturnType<typeof nodeKey>,
signature: Uint8Array,
) => Promise<boolean> | boolean
if (crypto.verify.length > 4 && oneShotCallback) {
oneShotVerify = promisify(crypto.verify)
} else {
oneShotVerify = crypto.verify
}
const verify: VerifyFunction = async (alg, key: unknown, signature, data) => {
const keyObject = getVerifyKey(alg, key, 'verify')
if (alg.startsWith('HS')) {
const expected = await sign(alg, keyObject, data)
const actual = signature
try {
return crypto.timingSafeEqual(actual, expected)
} catch {
// handle incorrect signature lengths
return false
}
}
const algorithm = nodeDigest(alg)
const keyInput = nodeKey(alg, keyObject)
try {
return await oneShotVerify(algorithm, data, keyInput, signature)
} catch {
return false
}
}
export default verify