// GetEntityAccountHandler : call GetEntityAccount with the given throttling parameters for testing
func (el *EntityManager) GetEntityAccountHandler(name string, pwd []byte, throttleMiliSec int64, randomThrottleMiliSec int64) (*accounts.AmUserInfo, error) {
errStr := "entity name and password does not match"
if el.IsEntityInList(name) == false {
defs.TimingAttackSleep(throttleMiliSec, randomThrottleMiliSec)
return nil, fmt.Errorf(errStr)
}
data, err := el.GetPropertyAttachedToEntity(name, defs.AmPropertyName)
if err != nil {
defs.TimingAttackSleep(throttleMiliSec, randomThrottleMiliSec)
return nil, fmt.Errorf(errStr)
}
account := data.(*accounts.AmUserInfo)
err = account.IsPasswordMatchHandler(pwd, throttleMiliSec, randomThrottleMiliSec)
if err != nil {
return nil, fmt.Errorf(errStr)
}
return account, nil
}
// PasswordErrorThrotling : throttle the session in case of wrong password,
// the delay is the sum of a constant value: throttleMiliSec plus a random between 1 and randomThrottleMiliSec
// the random is to be counterpart to timing attacks
func PasswordErrorThrotling(throttleMiliSec int64, randomThrottleMiliSec int64) {
defs.TimingAttackSleep(throttleMiliSec, randomThrottleMiliSec)
}
func compareHashedPwd(pwd1 []byte, pwd2 []byte) bool {
defs.TimingAttackSleep(0, noiseRandomMiliSec)
return subtle.ConstantTimeCompare(pwd1, pwd2) == 1
}