Example #1
0
func TestHMAC(t *testing.T) {
	firstMac := kdf.NewHMAC([]byte("aardvark"), kdf.DefaultReps)
	secondMac := kdf.NewHMAC([]byte("aardvark"), kdf.DefaultReps)
	if hmac.Equal(firstMac, secondMac) {
		t.Error("Macs should not be equal")
	}
	if !kdf.VerifyHMAC([]byte("aardvark"), firstMac, kdf.DefaultReps) {
		t.Error("Mac should have verified")
	}
	if !kdf.VerifyHMAC([]byte("aardvark"), secondMac, kdf.DefaultReps) {
		t.Error("Second Mac should have verified")
	}
	if kdf.VerifyHMAC([]byte("be"), firstMac, kdf.DefaultReps) {
		t.Error("Mac should not have verified")
	}
	if kdf.VerifyHMAC([]byte("be"), secondMac, kdf.DefaultReps) {
		t.Error("Second Mac should not have verified")
	}
}
Example #2
0
func (u *User) verifyPassword(password string) ([]byte, error) {
	var key []byte
	var err error
	key, err = aes.DecryptB(u.Key, kdf.KDF([]byte(password), kdf.DefaultSalt, kdf.DefaultReps))
	if err != nil {
		return nil, err
	}
	var checksum []byte
	checksum, err = base64.StdEncoding.DecodeString(u.Checksum)
	if err != nil {
		return nil, err
	}
	if !kdf.VerifyHMAC(key, checksum, kdf.DefaultReps) {
		return nil, ErrWrongPassword
	}
	return key, nil
}