fix: Create DataView with correct byteLength in timingSafeEqual

[kamilogorek]

The example presented in #3207 uses argontwo, which under the hood returns Uint8Array which memory buffer is taken directly from a WASM instance, making original b.getUint8(i) access out of bounds for 2nd argument to timingSafeEqual.

ref: https://deno.land/x/[email protected]/wasm/mod.ts?source#L14
ref: https://deno.land/x/[email protected]/mod.ts?source#L126

Fixes #3207

Note#1: I use SharedArrayBuffer for cleaner assertions.
Note#2: changed names of 2 tests, because VS Code integration deduplicates tests with the same name.

[kt3k]

This looks fine when a is an ArrayBuffer, but the second argument seems to need to be a.byteOffset when a is a TypedArray.

Especially the example given in #3207 doesn't return true with this change

[kamilogorek]

Great catch. Added the test to cover it as well.

[kamilogorek]

Tested original case as well to double-check:

import { hash } from "https://deno.land/x/argontwo/mod.ts";
import { encode, decode } from "https://deno.land/std/encoding/base64url.ts";
import { timingSafeEqual } from "../../deno/deno_std/node/crypto.ts";

let x = hash("bong", decode("4ereginClY4QuqtT2j-8_g"));
let dec = decode("QAEyt51JgnxV8sc0wVKv63OcLO5BAzqFooCxXAnuBUo");

console.log(timingSafeEqual(dec, x)); // true

[kt3k]

minor point, but do we need to use SharedArrayBuffer here? How about ArrayBuffer?

[kamilogorek]

ArrayBuffer is a transferable object, so we won't be able to create Uint8Array after manipulating it with the DataView. And we do want to do that, to make Uint8Array a specific slice of the buffer for the purpose of these specific tests.

[kt3k]

@kamilogorek Thanks for looking into this! I left a few comments

[kt3k]

LGTM. Thanks!

[kt3k]

👍

[bartlomieju]

@kt3k I believe this API might have been copied into ext/node in the Deno repo and if so should be updated as well