argon2/decoder/decoder.go

package decoder

import (
	"crypto/subtle"
	"encoding/base64"
	"fmt"
	"strings"

	"euphoria-laxis.fr/go-packages/argon2/encoder"
	"golang.org/x/crypto/argon2"
)

type Decoder struct{}

func NewDecoder() *Decoder {
	return new(Decoder)
}

func (decoder *Decoder) decodeHash(encodedHash string) (o *encoder.Options, salt, hash []byte, err error) {
	values := strings.Split(encodedHash, "$")
	if len(values) != 6 {
		return nil, nil, nil, encoder.ErrInvalidHash
	}
	var version int
	_, err = fmt.Sscanf(values[2], "v=%d", &version)
	if err != nil {
		return nil, nil, nil, err
	}
	if version != argon2.Version {
		return nil, nil, nil, encoder.ErrIncompatibleVersion
	}
	o = new(encoder.Options)
	_, err = fmt.Sscanf(values[3], "m=%d,t=%d,p=%d", &o.Memory, &o.Iterations, &o.Parallelism)
	if err != nil {
		return nil, nil, nil, err
	}
	salt, err = base64.RawStdEncoding.DecodeString(values[4])
	if err != nil {
		return nil, nil, nil, err
	}
	o.SaltLength = uint32(len(salt))

	hash, err = base64.RawStdEncoding.DecodeString(values[5])
	if err != nil {
		return nil, nil, nil, err
	}
	o.KeyLength = uint32(len(hash))

	return o, salt, hash, nil
}

func (decoder *Decoder) CompareStringToHash(password string, hashedPassword string) (match bool, err error) {
	p, salt, hash, err := decoder.decodeHash(hashedPassword)
	if err != nil {
		return false, err
	}
	otherHash := argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)
	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
		return true, nil
	}
	return false, nil
}
Initial commit 2024-07-24 19:42:25 +02:00			`package decoder`

			`import (`
			`"crypto/subtle"`
			`"encoding/base64"`
			`"fmt"`
			`"strings"`

			`"euphoria-laxis.fr/go-packages/argon2/encoder"`
			`"golang.org/x/crypto/argon2"`
			`)`

			`type Decoder struct{}`

			`func NewDecoder() *Decoder {`
			`return new(Decoder)`
			`}`

			`func (decoder Decoder) decodeHash(encodedHash string) (o encoder.Options, salt, hash []byte, err error) {`
			`values := strings.Split(encodedHash, "$")`
			`if len(values) != 6 {`
			`return nil, nil, nil, encoder.ErrInvalidHash`
			`}`
			`var version int`
			`_, err = fmt.Sscanf(values[2], "v=%d", &version)`
			`if err != nil {`
			`return nil, nil, nil, err`
			`}`
			`if version != argon2.Version {`
			`return nil, nil, nil, encoder.ErrIncompatibleVersion`
			`}`
			`o = new(encoder.Options)`
			`_, err = fmt.Sscanf(values[3], "m=%d,t=%d,p=%d", &o.Memory, &o.Iterations, &o.Parallelism)`
			`if err != nil {`
			`return nil, nil, nil, err`
			`}`
			`salt, err = base64.RawStdEncoding.DecodeString(values[4])`
			`if err != nil {`
			`return nil, nil, nil, err`
			`}`
			`o.SaltLength = uint32(len(salt))`

			`hash, err = base64.RawStdEncoding.DecodeString(values[5])`
			`if err != nil {`
			`return nil, nil, nil, err`
			`}`
			`o.KeyLength = uint32(len(hash))`

			`return o, salt, hash, nil`
			`}`

			`func (decoder *Decoder) CompareStringToHash(password string, hashedPassword string) (match bool, err error) {`
			`p, salt, hash, err := decoder.decodeHash(hashedPassword)`
			`if err != nil {`
			`return false, err`
			`}`
			`otherHash := argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)`
			`if subtle.ConstantTimeCompare(hash, otherHash) == 1 {`
			`return true, nil`
			`}`
			`return false, nil`
			`}`