From eb2c19c1282876f998bd78bf7a74be389030a778 Mon Sep 17 00:00:00 2001 From: Saeed Dehqan Date: Sat, 8 Oct 2022 11:33:59 -0400 Subject: [PATCH] x/crypto/scrypt: add compareHashAndPassword --- scrypt/scrypt.go | 13 ++++++++ scrypt/scrypt_test.go | 77 +++++++++++++++++++++++++++++++++---------- 2 files changed, 73 insertions(+), 17 deletions(-) diff --git a/scrypt/scrypt.go b/scrypt/scrypt.go index c971a99fa6..76761b3381 100644 --- a/scrypt/scrypt.go +++ b/scrypt/scrypt.go @@ -210,3 +210,16 @@ func Key(password, salt []byte, N, r, p, keyLen int) ([]byte, error) { return pbkdf2.Key(password, b, 1, keyLen, sha256.New), nil } + +// CompareHashAndPassword compares a scrypt hashed password with its possible +// plaintext equivalent. Returns nil on success, or an error on failure. +func CompareHashAndPassword(hashedPassword, password, salt []byte, N, r, p, keyLen int) error{ + pass, err := scrypt.Key(password, salt, N, r, p, keyLen) + if err != nil { + return err + } + if subtle.ConstantTimeCompare(hashedPassword, pass) == 1 { + return nil + } + return errors.New("crypto/scrypt: hashedPassword is not the hash of the given password") +} diff --git a/scrypt/scrypt_test.go b/scrypt/scrypt_test.go index 766ed8d905..fc453c3a89 100644 --- a/scrypt/scrypt_test.go +++ b/scrypt/scrypt_test.go @@ -109,23 +109,6 @@ var good = []testVector{ 0x87, }, }, - /* - // Disabled: needs 1 GiB RAM and takes too long for a simple test. - { - "pleaseletmein", "SodiumChloride", - 1048576, 8, 1, - []byte{ - 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae, 0xad, - 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81, 0xec, 0x56, - 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d, 0xab, 0xe5, 0xee, - 0x98, 0x20, 0xad, 0xaa, 0x47, 0x8e, 0x56, 0xfd, 0x8f, - 0x4b, 0xa5, 0xd0, 0x9f, 0xfa, 0x1c, 0x6d, 0x92, 0x7c, - 0x40, 0xf4, 0xc3, 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, - 0x52, 0xfb, 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, - 0xa4, - }, - }, - */ } var bad = []testVector{ @@ -135,6 +118,41 @@ var bad = []testVector{ {"p", "s", 16, maxInt / 2, maxInt / 2, nil}, // p * r too large } +var mismatchedCases = []testVector{ + { + "password", + "NaCl", + 1024,8, 16, + []byte{ + 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48, 0x46, + 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb, 0xfd, 0xa8, + 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e, 0xa9, 0xb5, 0x43, + 0xf6, 0x54, 0x5d, 0xa1, 0xf2, 0xd5, 0x43, 0x29, 0x55, + 0x61, 0x3f, 0x0f, 0xcf, 0x62, 0xd4, 0x97, 0x05, 0x24, + 0x2a, 0x9a, 0xf9, 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, + 0x1e, 0x40, 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, + 0x87, + }, + + }, + { + "pleaseletmein", "SodiumChloride", + 16384, 8, 1, + []byte{ + 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, 0x78, + 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, 0x7c, 0x6a, + 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, 0xe7, 0x73, 0x76, + 0x63, 0x4b, 0x37, 0x31, 0x62, 0x2e, 0xaf, 0x30, 0xd9, + 0x2e, 0x22, 0xa3, 0x88, 0x6f, 0xf1, 0x09, 0x27, 0x9d, + 0x98, 0x30, 0xda, 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, + 0xee, 0x6d, 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, + 0x40, + }, + }, + + +} + func TestKey(t *testing.T) { for i, v := range good { k, err := Key([]byte(v.password), []byte(v.salt), v.N, v.r, v.p, len(v.output)) @@ -153,6 +171,21 @@ func TestKey(t *testing.T) { } } +func TestCompareHashAndPassword(t *testing.T) { + for i, v := range good { + err := CompareHashAndPassword(v.output, []byte(v.password), []byte(v.salt), v.N, v.r, v.p, len(v.output)) + if err != nil { + t.Errorf("%d: %v should be matched %s", i, v.output, v.password) + } + } + for i, v := range mismatchedCases { + err := CompareHashAndPassword(v.output, []byte(v.password), []byte(v.salt), v.N, v.r, v.p, len(v.output)) + if err == nil { + t.Errorf("%d: expected error, got nil", i) + } + } +} + var sink []byte func BenchmarkKey(b *testing.B) { @@ -160,3 +193,13 @@ func BenchmarkKey(b *testing.B) { sink, _ = Key([]byte("password"), []byte("salt"), 1<<15, 8, 1, 64) } } + +func BenchmarkEqual(b *testing.B) { + b.StopTimer() + passwd := []byte("somepassword") + hash, _ := Key(passwd, "NaCl", 1024, 10, 16, 32) + b.StartTimer() + for i := 0; i < b.N; i++ { + CompareHashAndPassword(hash, passwd, "NaCl", 1024, 10, 16, 32) + } +} \ No newline at end of file