mirror of
https://github.com/Luzifer/cloudkeys-go.git
synced 2024-11-14 17:02:43 +00:00
Knut Ahlers
a1df72edc5
commitf0db1ff1f8
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 12:19:56 2017 +0100 Mark option as deprecated Signed-off-by: Knut Ahlers <knut@ahlers.me> commit9891df2a16
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 12:11:56 2017 +0100 Fix: Typo Signed-off-by: Knut Ahlers <knut@ahlers.me> commit836006de64
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 12:04:20 2017 +0100 Add new dependencies Signed-off-by: Knut Ahlers <knut@ahlers.me> commitd64fee60c8
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 11:55:52 2017 +0100 Replace insecure password hashing Prior this commit passwords were hashed with a static salt and using the SHA1 hashing function. This could lead to passwords being attackable in case someone gets access to the raw data stored inside the database. This commit introduces password hashing using bcrypt hashing function which addresses this issue. Old passwords are not automatically re-hashed as they are unknown. Replacing the old password scheme is not that easy and needs #10 to be solved. Therefore the old hashing scheme is kept for compatibility reason. Signed-off-by: Knut Ahlers <knut@ahlers.me> Signed-off-by: Knut Ahlers <knut@ahlers.me> closes #14 closes #15
58 lines
2 KiB
Go
58 lines
2 KiB
Go
// Copyright 2017 The Go Authors. All rights reserved.
|
||
// Use of this source code is governed by a BSD-style
|
||
// license that can be found in the LICENSE file.
|
||
|
||
/*
|
||
Package auth authenticates a message using a secret key.
|
||
|
||
The Sum function, viewed as a function of the message for a uniform random
|
||
key, is designed to meet the standard notion of unforgeability. This means
|
||
that an attacker cannot find authenticators for any messages not authenticated
|
||
by the sender, even if the attacker has adaptively influenced the messages
|
||
authenticated by the sender. For a formal definition see, e.g., Section 2.4
|
||
of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining
|
||
message authentication code," Journal of Computer and System Sciences 61 (2000),
|
||
362–399; http://www-cse.ucsd.edu/~mihir/papers/cbc.html.
|
||
|
||
auth does not make any promises regarding "strong" unforgeability; perhaps
|
||
one valid authenticator can be converted into another valid authenticator for
|
||
the same message. NaCl also does not make any promises regarding "truncated
|
||
unforgeability."
|
||
|
||
This package is interoperable with NaCl: https://nacl.cr.yp.to/auth.html.
|
||
*/
|
||
package auth
|
||
|
||
import (
|
||
"crypto/hmac"
|
||
"crypto/sha512"
|
||
)
|
||
|
||
const (
|
||
// Size is the size, in bytes, of an authenticated digest.
|
||
Size = 32
|
||
// KeySize is the size, in bytes, of an authentication key.
|
||
KeySize = 32
|
||
)
|
||
|
||
// Sum generates an authenticator for m using a secret key and returns the
|
||
// 32-byte digest.
|
||
func Sum(m []byte, key *[KeySize]byte) *[Size]byte {
|
||
mac := hmac.New(sha512.New, key[:])
|
||
mac.Write(m)
|
||
out := new([KeySize]byte)
|
||
copy(out[:], mac.Sum(nil)[:Size])
|
||
return out
|
||
}
|
||
|
||
// Verify checks that digest is a valid authenticator of message m under the
|
||
// given secret key. Verify does not leak timing information.
|
||
func Verify(digest []byte, m []byte, key *[KeySize]byte) bool {
|
||
if len(digest) != Size {
|
||
return false
|
||
}
|
||
mac := hmac.New(sha512.New, key[:])
|
||
mac.Write(m)
|
||
expectedMAC := mac.Sum(nil) // first 256 bits of 512-bit sum
|
||
return hmac.Equal(digest, expectedMAC[:Size])
|
||
}
|