auth

Paddy 2014-12-14 Parent:09c47387e455 Child:c03b5eb3179e

103:0b45e6b9cb94 Go to Latest

auth/session.go

Store salts and passphrases as hex-encoded strings. Update our passphraseScheme.create function signature to return strings. Hex encode our passphrases and salts when encrypthing them so they're easier to store safely. Decode our salt before using it to check candidate passphrases.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/session.go	Sun Dec 14 16:49:34 2014 -0500
     1.2 +++ b/session.go	Sun Dec 14 16:56:12 2014 -0500
     1.3 @@ -40,7 +40,7 @@
     1.4  
     1.5  type passphraseScheme struct {
     1.6  	check               func(profile Profile, passphrase string) (bool, error)
     1.7 -	create              func(passphrase string, iterations int) (result, salt []byte, err error)
     1.8 +	create              func(passphrase string, iterations int) (result, salt string, err error)
     1.9  	calculateIterations func() (int, error)
    1.10  }
    1.11  
    1.12 @@ -169,15 +169,25 @@
    1.13  	if err != nil {
    1.14  		return false, err
    1.15  	}
    1.16 -	candidate := pass.Check(sha256.New, profile.Iterations, []byte(passphrase), []byte(profile.Salt))
    1.17 +	realSalt, err := hex.DecodeString(profile.Salt)
    1.18 +	if err != nil {
    1.19 +		return false, err
    1.20 +	}
    1.21 +	candidate := pass.Check(sha256.New, profile.Iterations, []byte(passphrase), []byte(realSalt))
    1.22  	if !pass.Compare(candidate, realPass) {
    1.23  		return false, ErrIncorrectAuth
    1.24  	}
    1.25  	return true, nil
    1.26  }
    1.27  
    1.28 -func pbkdf2sha256create(passphrase string, iters int) (result, salt []byte, err error) {
    1.29 -	return pass.Create(sha256.New, iters, []byte(passphrase))
    1.30 +func pbkdf2sha256create(passphrase string, iters int) (result, salt string, err error) {
    1.31 +	passBytes, saltBytes, err := pass.Create(sha256.New, iters, []byte(passphrase))
    1.32 +	if err != nil {
    1.33 +		return "", "", err
    1.34 +	}
    1.35 +	result = hex.EncodeToString(passBytes)
    1.36 +	salt = hex.EncodeToString(saltBytes)
    1.37 +	return result, salt, err
    1.38  }
    1.39  
    1.40  func pbkdf2sha256calc() (int, error) {