Пример #1
0
func TestKDF(t *testing.T) {
	kdf1 := kdf.KDF([]byte("aardvark"), kdf.DefaultSalt, kdf.DefaultReps)
	kdf2 := kdf.KDF([]byte("aardvark"), kdf.DefaultSalt, kdf.DefaultReps)
	if !hmac.Equal(kdf1, kdf2) {
		t.Error("Expected kdf's to be equal")
	}
	if hmac.Equal(kdf1, kdf.KDF([]byte("sailboat"), kdf.DefaultSalt, kdf.DefaultReps)) {
		t.Error("Expected kdf's not to be equal")
	}
	if len(kdf1) != 32 {
		t.Error("Expected key to be 32 bytes")
	}
}
Пример #2
0
// ChangePassword changes the password of this user.
func (u *User) ChangePassword(oldPass, newPass string) error {
	var key []byte
	var err error
	if key, err = u.verifyPassword(oldPass); err != nil {
		return err
	}
	u.Key, err = aes.EncryptB(key, kdf.KDF([]byte(newPass), kdf.DefaultSalt, kdf.DefaultReps))
	return err
}
Пример #3
0
// InitWithKey initializes this user instance with a user name and password
// so that the user uses key as its key.
func (u *User) InitWithKey(name, password string, key *Key) (err error) {
	u.Owner = key.Id
	u.Name = name
	if u.Key, err = aes.EncryptB(
		key.Value,
		kdf.KDF(
			[]byte(password),
			kdf.DefaultSalt,
			kdf.DefaultReps)); err != nil {
		return
	}
	u.Checksum = base64.StdEncoding.EncodeToString(
		kdf.NewHMAC(key.Value, kdf.DefaultReps))
	return
}
Пример #4
0
func (u *User) verifyPassword(password string) ([]byte, error) {
	var key []byte
	var err error
	key, err = aes.DecryptB(u.Key, kdf.KDF([]byte(password), kdf.DefaultSalt, kdf.DefaultReps))
	if err != nil {
		return nil, err
	}
	var checksum []byte
	checksum, err = base64.StdEncoding.DecodeString(u.Checksum)
	if err != nil {
		return nil, err
	}
	if !kdf.VerifyHMAC(key, checksum, kdf.DefaultReps) {
		return nil, ErrWrongPassword
	}
	return key, nil
}