MCPcopy
hub / github.com/smallstep/cli / Compare

Function Compare

internal/kdf/kdf.go:88–130  ·  view source on GitHub ↗

Compare compares the password with the given PHC encoded hash, returns true if they match. The time taken is a function of the length of the slices and is independent of the contents.

(password, phc []byte)

Source from the content-addressed store, hash-verified

86// if they match. The time taken is a function of the length of the slices and
87// is independent of the contents.
88func Compare(password, phc []byte) (bool, error) {
89 id, version, params, salt, hash, err := phcDecode(string(phc))
90 if err != nil {
91 return false, errors.Wrap(err, "error decoding hash")
92 }
93
94 var hashedPass []byte
95 switch id {
96 case bcryptHash:
97 return (bcrypt.CompareHashAndPassword(hash, password) == nil), nil
98 case scryptHash:
99 p, err := newScryptParams(params)
100 if err != nil {
101 return false, err
102 }
103 hashedPass, err = scrypt.Key(password, salt, p.N, p.r, p.p, len(hash))
104 if err != nil {
105 return false, errors.Wrap(err, "error deriving input")
106 }
107 case argon2iHash:
108 p, err := newArgon2Params(params)
109 if err != nil {
110 return false, err
111 }
112 if version != 0 && version != argon2.Version {
113 return false, errors.Errorf("unsupported argon2 version '%d'", version)
114 }
115 hashedPass = argon2.Key(password, salt, p.t, p.m, p.p, cast.Uint32(len(hash)))
116 case argon2idHash:
117 p, err := newArgon2Params(params)
118 if err != nil {
119 return false, err
120 }
121 if version != 0 && version != argon2.Version {
122 return false, errors.Errorf("unsupported argon2 version '%d'", version)
123 }
124 hashedPass = argon2.IDKey(password, salt, p.t, p.m, p.p, cast.Uint32(len(hash)))
125 default:
126 return false, errors.Errorf("invalid or unsupported hash method with id '%s'", id)
127 }
128
129 return (subtle.ConstantTimeCompare(hash, hashedPass) == 1), nil
130}
131
132// CompareString compares the given password with the given PHC encoded hash,
133// returns true if they match. The time taken is a function of the length of

Callers 3

compareActionFunction · 0.92
TestKDFFunction · 0.85
CompareStringFunction · 0.85

Calls 4

Uint32Function · 0.92
phcDecodeFunction · 0.85
newScryptParamsFunction · 0.85
newArgon2ParamsFunction · 0.85

Tested by 1

TestKDFFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…