Exemple #1
0
// IsCurrent returns true if the parameters used to generate the encoded password
// are at least as good as those in params.
// If IsCurrent returns false the encoding is out of date and should be regenerated,
// the application should call mcf.Create() to produce a new encoding to replace the current one.
func (enc *Encoder) IsCurrent(encoded []byte) (isCurrent bool, err error) {

	passwd := password.New(enc.name)

	err = passwd.Parse(encoded)
	if err != nil {
		return
	}

	imp := enc.implementer()
	err = imp.SetParams(string(passwd.Params))
	if err != nil {
		return
	}

	return imp.AtLeast(enc.implementer()), nil
}
Exemple #2
0
func TestKey(t *testing.T) {
	for i, v := range good {

		err := setConfig(len(v.output), len(v.salt), v.N, v.r, v.p)
		if err != nil {
			t.Errorf("%d: unexpected error setting config: %s", i, err)
		}

		setSalt(v.salt)

		encoded, err := mcf.Create(v.password)
		if err != nil {
			t.Errorf("%d: got unexpected error: %s", i, err)
		}

		passwd := password.New([]byte("scrypt"))
		err = passwd.Parse([]byte(encoded))
		if err != nil {
			t.Errorf("%d: unexpected error creating password instance: %s", err)
		}

		if !bytes.Equal(passwd.Salt, []byte(v.salt)) {
			t.Errorf("%d: salt: expected %s, got %s", i, v.salt, string(passwd.Salt))
		}

		if !bytes.Equal(passwd.Key, v.output) {
			t.Errorf("%d: expected %x, got %x", i, v.output, passwd.Key)
		}
	}

	for i, v := range bad {
		err := setConfig(32, len(v.salt), v.N, v.r, v.p)
		if err == nil {
			t.Errorf("%d: expected error, got nil", i)
		}

		setSalt(v.salt)

		_, err = mcf.Create(v.password)
		if err == nil {
			t.Errorf("%d: expected error, got nil", i)
		}
	}
}
Exemple #3
0
// Create produces an encoded password from a plaintext password using the current configuration.
// The application must store the encoded password for future use.
func (enc *Encoder) Create(plaintext []byte) (encoded []byte, err error) {

	imp := enc.implementer()

	passwd := password.New(enc.name)
	passwd.Params = []byte(imp.Params())

	passwd.Salt, err = imp.Salt()
	if err != nil {
		return
	}

	passwd.Key, err = imp.Key(plaintext, passwd.Salt)
	if err != nil {
		return
	}

	return passwd.Bytes(), nil
}
Exemple #4
0
// Verify returns true if the proffered plaintext password,
// when encoded using the same parameters, matches the encoded password.
func (enc *Encoder) Verify(plaintext, encoded []byte) (isValid bool, err error) {

	passwd := password.New(enc.name)

	err = passwd.Parse(encoded)
	if err != nil {
		return
	}

	imp := enc.implementer()
	err = imp.SetParams(string(passwd.Params))
	if err != nil {
		return
	}

	testKey, err := imp.Key(plaintext, passwd.Salt)
	if err != nil {
		return
	}

	return subtle.ConstantTimeCompare(passwd.Key, testKey) == 1, nil
}