UNPKG

otpauth

Version:

One Time Password (HOTP/TOTP) library for Node.js, Deno and browsers

github.com/hectorm/otpauth

hectorm/otpauth

31 lines (27 loc) 890 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import { globalThis } from '../global-this'; import { isNode } from '../is-node'; import { nodeRequire } from '../node-require'; const NodeBuffer = isNode ? globalThis.Buffer : undefined; const NodeCrypto = isNode ? nodeRequire('crypto') : undefined; /** * Returns true if a is equal to b, without leaking timing information that would allow an attacker to guess one of the values. * @param {string} a String a. * @param {string} b String b. * @returns {boolean} Equality result. */ const timingSafeEqual = (a, b) => { if (isNode) { return NodeCrypto.timingSafeEqual(NodeBuffer.from(a), NodeBuffer.from(b)); } else { if (a.length !== b.length) { throw new TypeError('Input strings must have the same length'); } let i = -1; let out = 0; while (++i < a.length) { out |= a.charCodeAt(i) ^ b.charCodeAt(i); } return out === 0; } }; export { timingSafeEqual };