// GetEntityAccountHandler : call GetEntityAccount with the given throttling parameters for testing func (el *EntityManager) GetEntityAccountHandler(name string, pwd []byte, throttleMiliSec int64, randomThrottleMiliSec int64) (*accounts.AmUserInfo, error) { errStr := "entity name and password does not match" if el.IsEntityInList(name) == false { defs.TimingAttackSleep(throttleMiliSec, randomThrottleMiliSec) return nil, fmt.Errorf(errStr) } data, err := el.GetPropertyAttachedToEntity(name, defs.AmPropertyName) if err != nil { defs.TimingAttackSleep(throttleMiliSec, randomThrottleMiliSec) return nil, fmt.Errorf(errStr) } account := data.(*accounts.AmUserInfo) err = account.IsPasswordMatchHandler(pwd, throttleMiliSec, randomThrottleMiliSec) if err != nil { return nil, fmt.Errorf(errStr) } return account, nil }
// PasswordErrorThrotling : throttle the session in case of wrong password, // the delay is the sum of a constant value: throttleMiliSec plus a random between 1 and randomThrottleMiliSec // the random is to be counterpart to timing attacks func PasswordErrorThrotling(throttleMiliSec int64, randomThrottleMiliSec int64) { defs.TimingAttackSleep(throttleMiliSec, randomThrottleMiliSec) }
func compareHashedPwd(pwd1 []byte, pwd2 []byte) bool { defs.TimingAttackSleep(0, noiseRandomMiliSec) return subtle.ConstantTimeCompare(pwd1, pwd2) == 1 }