コード例 #1
0
ファイル: http_util.go プロジェクト: vgorin/cryptogo
// PBVerifyRequest checks earlier signed http request signature using password specified to ensure request was not altered
func (p *pbe) PBVerifyRequest(req *http.Request, password string, pattern *util.SignaturePattern) bool {
	keylen := p.hmac_key_length

	salt_hex := req.Header.Get(REQ_HEADER_SALT)
	if salt_hex == "" {
		return false
	}
	salt, err := hex.DecodeString(salt_hex)
	if err != nil {
		return false
	}

	signature_hex := req.Header.Get(REQ_HEADER_HMAC)
	if signature_hex == "" {
		return false
	}

	// temporary remove signature header
	req.Header.Del(REQ_HEADER_HMAC)
	defer req.Header.Set(REQ_HEADER_HMAC, signature_hex)

	signature, err := hex.DecodeString(signature_hex)
	if err != nil {
		return false
	}

	key := PBKDF2Key(password, salt, keylen)
	message := util.MarshalRequest(req, pattern)
	hmac_sha := hmac_sha(message, key)

	return bytes.Compare(signature, hmac_sha) == 0
}
コード例 #2
0
ファイル: http_util.go プロジェクト: vgorin/cryptogo
// PBSignRequest signs a http request using the password specified
// Signature changes if:
// 	remote address changes
// 	request URI changes
// 	request header is deleted
// 	request header is added
// 	request header is modified
//
// Signature doesn't change if:
// 	request header ordering is changed
func (p *pbe) PBSignRequest(req *http.Request, password string, pattern *util.SignaturePattern) error {
	saltlen := p.pbkdf2_salt_length
	keylen := p.hmac_key_length

	salt, err := rnd.Salt(saltlen)
	if err != nil {
		return err
	}

	salt_hex := hex.EncodeToString(salt)
	req.Header.Set(REQ_HEADER_SALT, salt_hex)

	key := PBKDF2Key(password, salt, keylen)
	message := util.MarshalRequest(req, pattern)
	hmac_sha := hmac_sha(message, key)

	signature_hex := hex.EncodeToString(hmac_sha)
	req.Header.Set(REQ_HEADER_HMAC, signature_hex)

	return nil
}