mirror of
https://github.com/brianc/node-postgres.git
synced 2026-01-18 15:55:05 +00:00
b4022aa5c0
* Added support for SCRAM-SHA-256-PLUS i.e. channel binding * Requested tweaks to channel binding * Additional tweaks to channel binding * Fixed lint complaints * Update packages/pg/lib/crypto/sasl.js Co-authored-by: Charmander <~@charmander.me> * Update packages/pg/lib/crypto/sasl.js Co-authored-by: Charmander <~@charmander.me> * Update packages/pg/lib/client.js Co-authored-by: Charmander <~@charmander.me> * Tweaks to channel binding * Now using homegrown certificate signature algorithm identification * Update ssl.mdx with channel binding changes * Allow for config object being undefined when assigning enableChannelBinding * Fixed a test failing on an updated error message * Removed - from hash names like SHA-256 for legacy crypto (Node 14 and below) * Removed packageManager key from package.json * Added some SASL/channel binding unit tests * Added a unit test for continueSession to check expected SASL session data * Modify tests: don't require channel binding (which cannot then work) if not using SSL --------- Co-authored-by: Charmander <~@charmander.me>
44 lines
1.2 KiB
JavaScript
44 lines
1.2 KiB
JavaScript
'use strict'
|
|
// This file contains crypto utility functions for versions of Node.js < 15.0.0,
|
|
// which does not support the WebCrypto.subtle API.
|
|
|
|
const nodeCrypto = require('crypto')
|
|
|
|
function md5(string) {
|
|
return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
|
|
}
|
|
|
|
// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
|
|
function postgresMd5PasswordHash(user, password, salt) {
|
|
var inner = md5(password + user)
|
|
var outer = md5(Buffer.concat([Buffer.from(inner), salt]))
|
|
return 'md5' + outer
|
|
}
|
|
|
|
function sha256(text) {
|
|
return nodeCrypto.createHash('sha256').update(text).digest()
|
|
}
|
|
|
|
function hashByName(hashName, text) {
|
|
hashName = hashName.replace(/(\D)-/, '$1') // e.g. SHA-256 -> SHA256
|
|
return nodeCrypto.createHash(hashName).update(text).digest()
|
|
}
|
|
|
|
function hmacSha256(key, msg) {
|
|
return nodeCrypto.createHmac('sha256', key).update(msg).digest()
|
|
}
|
|
|
|
async function deriveKey(password, salt, iterations) {
|
|
return nodeCrypto.pbkdf2Sync(password, salt, iterations, 32, 'sha256')
|
|
}
|
|
|
|
module.exports = {
|
|
postgresMd5PasswordHash,
|
|
randomBytes: nodeCrypto.randomBytes,
|
|
deriveKey,
|
|
sha256,
|
|
hashByName,
|
|
hmacSha256,
|
|
md5,
|
|
}
|