daanselen/orbits
SHA256
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: fix some validation issues

Browse Source
This commit is contained in:
Daan Selen
2026-04-29 15:23:13 +02:00
parent 6669fda371
commit da3dee9ae7
5 changed files with 47 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/shared/security/hash.go
+4 -3
View File
@@ -30,6 +30,7 @@ func HashFileReader(r io.Reader) (string, error) {
return base64.StdEncoding.EncodeToString(h.Sum(nil)), nil
}
// we use argon2 for key hashing - since it won the key encryption "war"
func HashKey(key string) (string, error) {
salt := make([]byte, argonSaltLen)
rand.Read(salt)
@@ -46,8 +47,8 @@ func HashKey(key string) (string, error) {
return encoded, nil
}
func CompareKey(key, candidate string) bool {
parts := strings.Split(candidate, ":")
func CompareKey(storedKey, candidate string) bool {
parts := strings.Split(storedKey, ":")
if len(parts) != 3 {
return false
}
@@ -65,7 +66,7 @@ func CompareKey(key, candidate string) bool {
return false
}
actual := argon2.IDKey([]byte(key), salt, argonTime, argonMemory, argonThreads, argonKeyLen)
actual := argon2.IDKey([]byte(candidate), salt, argonTime, argonMemory, argonThreads, argonKeyLen)
return subtle.ConstantTimeCompare(actual, expected) == 1
}