// IsCurrent returns true if the parameters used to generate the encoded password
// are at least as good as those in params.
// If IsCurrent returns false the encoding is out of date and should be regenerated,
// the application should call mcf.Create() to produce a new encoding to replace the current one.
func (enc *Encoder) IsCurrent(encoded []byte) (isCurrent bool, err error) {
passwd := password.New(enc.name)
err = passwd.Parse(encoded)
if err != nil {
return
}
imp := enc.implementer()
err = imp.SetParams(string(passwd.Params))
if err != nil {
return
}
return imp.AtLeast(enc.implementer()), nil
}
func TestKey(t *testing.T) {
for i, v := range good {
err := setConfig(len(v.output), len(v.salt), v.N, v.r, v.p)
if err != nil {
t.Errorf("%d: unexpected error setting config: %s", i, err)
}
setSalt(v.salt)
encoded, err := mcf.Create(v.password)
if err != nil {
t.Errorf("%d: got unexpected error: %s", i, err)
}
passwd := password.New([]byte("scrypt"))
err = passwd.Parse([]byte(encoded))
if err != nil {
t.Errorf("%d: unexpected error creating password instance: %s", err)
}
if !bytes.Equal(passwd.Salt, []byte(v.salt)) {
t.Errorf("%d: salt: expected %s, got %s", i, v.salt, string(passwd.Salt))
}
if !bytes.Equal(passwd.Key, v.output) {
t.Errorf("%d: expected %x, got %x", i, v.output, passwd.Key)
}
}
for i, v := range bad {
err := setConfig(32, len(v.salt), v.N, v.r, v.p)
if err == nil {
t.Errorf("%d: expected error, got nil", i)
}
setSalt(v.salt)
_, err = mcf.Create(v.password)
if err == nil {
t.Errorf("%d: expected error, got nil", i)
}
}
}
// Create produces an encoded password from a plaintext password using the current configuration.
// The application must store the encoded password for future use.
func (enc *Encoder) Create(plaintext []byte) (encoded []byte, err error) {
imp := enc.implementer()
passwd := password.New(enc.name)
passwd.Params = []byte(imp.Params())
passwd.Salt, err = imp.Salt()
if err != nil {
return
}
passwd.Key, err = imp.Key(plaintext, passwd.Salt)
if err != nil {
return
}
return passwd.Bytes(), nil
}
// Verify returns true if the proffered plaintext password,
// when encoded using the same parameters, matches the encoded password.
func (enc *Encoder) Verify(plaintext, encoded []byte) (isValid bool, err error) {
passwd := password.New(enc.name)
err = passwd.Parse(encoded)
if err != nil {
return
}
imp := enc.implementer()
err = imp.SetParams(string(passwd.Params))
if err != nil {
return
}
testKey, err := imp.Key(plaintext, passwd.Salt)
if err != nil {
return
}
return subtle.ConstantTimeCompare(passwd.Key, testKey) == 1, nil
}