Compare checks the equality of passwords from a hashed pbkdf2 string. This uses pbkdf2 to ensure FIPS 140-2 compliance. See: https://csrc.nist.gov/csrc/media/templates/cryptographic-module-validation-program/documents/security-policies/140sp2261.pdf
(hashed string, password string)
| 73 | // uses pbkdf2 to ensure FIPS 140-2 compliance. See: |
| 74 | // https://csrc.nist.gov/csrc/media/templates/cryptographic-module-validation-program/documents/security-policies/140sp2261.pdf |
| 75 | func Compare(hashed string, password string) (bool, error) { |
| 76 | // If the hashed password provided is empty, simulate comparing a real hash |
| 77 | // to preserve timing. The simulated hash is derived from a random value, so |
| 78 | // the comparison below can never succeed. |
| 79 | if hashed == "" { |
| 80 | hashed = simulatedHash.Load() |
| 81 | } |
| 82 | |
| 83 | if len(hashed) < hashLength { |
| 84 | return false, xerrors.Errorf("hash too short: %d", len(hashed)) |
| 85 | } |
| 86 | parts := strings.SplitN(hashed, "$", 5) |
| 87 | if len(parts) != 5 { |
| 88 | return false, xerrors.Errorf("hash has too many parts: %d", len(parts)) |
| 89 | } |
| 90 | if len(parts[0]) != 0 { |
| 91 | return false, xerrors.Errorf("hash prefix is invalid") |
| 92 | } |
| 93 | if parts[1] != hashScheme { |
| 94 | return false, xerrors.Errorf("hash isn't %q scheme: %q", hashScheme, parts[1]) |
| 95 | } |
| 96 | iter, err := strconv.Atoi(parts[2]) |
| 97 | if err != nil { |
| 98 | return false, xerrors.Errorf("parse iter from hash: %w", err) |
| 99 | } |
| 100 | salt, err := base64Encoding.DecodeString(parts[3]) |
| 101 | if err != nil { |
| 102 | return false, xerrors.Errorf("decode salt: %w", err) |
| 103 | } |
| 104 | |
| 105 | if subtle.ConstantTimeCompare([]byte(hashWithSaltAndIter(password, salt, iter)), []byte(hashed)) != 1 { |
| 106 | return false, nil |
| 107 | } |
| 108 | |
| 109 | return true, nil |
| 110 | } |
| 111 | |
| 112 | // Hash generates a hash using pbkdf2. |
| 113 | // See the Compare() comment for rationale. |