heimoshuiyu/postmoogle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

securely compare passwords, add notice about message removal

Browse Source
This commit is contained in:
Aine
2022-09-23 10:19:25 +03:00
parent 1dc552686d
commit 5a19ffad08
4 changed files with 37 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
utils/utils.go
View File

@@ -1,6 +1,7 @@
package utils
import (
"crypto/subtle"
"strconv"
"strings"
)
@@ -33,3 +34,24 @@ func Bool(str string) bool {
func SanitizeBoolString(str string) string {
return strconv.FormatBool(Bool(str))
}
// Compare strings with constant time to prevent timing attacks
func Compare(actual, expected string) bool {
actualb := []byte(actual)
expectedb := []byte(expected)
if expected == "" {
// Just to keep constant time
_ = subtle.ConstantTimeCompare(expectedb, expectedb) == 1
return false
}
// actual comparison
if subtle.ConstantTimeEq(int32(len(actual)), int32(len(expected))) == 1 {
return subtle.ConstantTimeCompare(actualb, expectedb) == 1
}
// Just to keep constant time
_ = subtle.ConstantTimeCompare(expectedb, expectedb) == 1
return false
}