func TestHMAC(t *testing.T) { firstMac := kdf.NewHMAC([]byte("aardvark"), kdf.DefaultReps) secondMac := kdf.NewHMAC([]byte("aardvark"), kdf.DefaultReps) if hmac.Equal(firstMac, secondMac) { t.Error("Macs should not be equal") } if !kdf.VerifyHMAC([]byte("aardvark"), firstMac, kdf.DefaultReps) { t.Error("Mac should have verified") } if !kdf.VerifyHMAC([]byte("aardvark"), secondMac, kdf.DefaultReps) { t.Error("Second Mac should have verified") } if kdf.VerifyHMAC([]byte("be"), firstMac, kdf.DefaultReps) { t.Error("Mac should not have verified") } if kdf.VerifyHMAC([]byte("be"), secondMac, kdf.DefaultReps) { t.Error("Second Mac should not have verified") } }
func (u *User) verifyPassword(password string) ([]byte, error) { var key []byte var err error key, err = aes.DecryptB(u.Key, kdf.KDF([]byte(password), kdf.DefaultSalt, kdf.DefaultReps)) if err != nil { return nil, err } var checksum []byte checksum, err = base64.StdEncoding.DecodeString(u.Checksum) if err != nil { return nil, err } if !kdf.VerifyHMAC(key, checksum, kdf.DefaultReps) { return nil, ErrWrongPassword } return key, nil }