fix(auth): VerifyPassword валидирует параметры/версию, не паникует на битом хэше
This commit is contained in:
@@ -5,6 +5,8 @@ import (
|
|||||||
"crypto/subtle"
|
"crypto/subtle"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"regexp"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"golang.org/x/crypto/argon2"
|
"golang.org/x/crypto/argon2"
|
||||||
@@ -16,8 +18,18 @@ const (
|
|||||||
argonThreads = 4
|
argonThreads = 4
|
||||||
argonKeyLen = 32
|
argonKeyLen = 32
|
||||||
argonSaltLen = 16
|
argonSaltLen = 16
|
||||||
|
|
||||||
|
// Upper bounds guard against a corrupted/attacker-controlled
|
||||||
|
// password_hash forcing an oversized argon2 computation (DoS).
|
||||||
|
argonMaxMemoryKiB = 1 << 21 // 2 GiB in KiB
|
||||||
|
argonMaxTime = 10
|
||||||
|
argonMaxThreads = 16
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// paramsRe strictly matches the "m=<n>,t=<n>,p=<n>" parameter segment,
|
||||||
|
// requiring the whole segment to be consumed (no trailing garbage).
|
||||||
|
var paramsRe = regexp.MustCompile(`^m=([0-9]+),t=([0-9]+),p=([0-9]+)$`)
|
||||||
|
|
||||||
func HashPassword(password string) (string, error) {
|
func HashPassword(password string) (string, error) {
|
||||||
salt := make([]byte, argonSaltLen)
|
salt := make([]byte, argonSaltLen)
|
||||||
if _, err := rand.Read(salt); err != nil {
|
if _, err := rand.Read(salt); err != nil {
|
||||||
@@ -34,11 +46,40 @@ func VerifyPassword(encoded, password string) (bool, error) {
|
|||||||
if len(parts) != 6 || parts[1] != "argon2id" {
|
if len(parts) != 6 || parts[1] != "argon2id" {
|
||||||
return false, fmt.Errorf("auth: bad hash format")
|
return false, fmt.Errorf("auth: bad hash format")
|
||||||
}
|
}
|
||||||
var m, t uint32
|
if parts[2] != "v=19" {
|
||||||
var p uint8
|
return false, fmt.Errorf("auth: unsupported version")
|
||||||
if _, err := fmt.Sscanf(parts[3], "m=%d,t=%d,p=%d", &m, &t, &p); err != nil {
|
|
||||||
return false, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
matches := paramsRe.FindStringSubmatch(parts[3])
|
||||||
|
if matches == nil {
|
||||||
|
return false, fmt.Errorf("auth: bad hash format")
|
||||||
|
}
|
||||||
|
m64, err := strconv.ParseUint(matches[1], 10, 32)
|
||||||
|
if err != nil {
|
||||||
|
return false, fmt.Errorf("auth: bad hash format")
|
||||||
|
}
|
||||||
|
t64, err := strconv.ParseUint(matches[2], 10, 32)
|
||||||
|
if err != nil {
|
||||||
|
return false, fmt.Errorf("auth: bad hash format")
|
||||||
|
}
|
||||||
|
p64, err := strconv.ParseUint(matches[3], 10, 8)
|
||||||
|
if err != nil {
|
||||||
|
return false, fmt.Errorf("auth: bad hash format")
|
||||||
|
}
|
||||||
|
m, t, p := uint32(m64), uint32(t64), uint8(p64)
|
||||||
|
|
||||||
|
// argon2.IDKey panics if time<1 ("number of rounds too small") or
|
||||||
|
// threads<1 ("parallelism degree too low"). Reject before calling it.
|
||||||
|
// Minimum memory per argon2 spec is 8*parallelism (in KiB).
|
||||||
|
if t < 1 || p < 1 || m < 8*uint32(p) {
|
||||||
|
return false, fmt.Errorf("auth: bad hash params")
|
||||||
|
}
|
||||||
|
// Upper bounds guard against DoS via inflated parameters in a
|
||||||
|
// corrupted or attacker-controlled stored hash.
|
||||||
|
if m > argonMaxMemoryKiB || t > argonMaxTime || p > argonMaxThreads {
|
||||||
|
return false, fmt.Errorf("auth: bad hash params")
|
||||||
|
}
|
||||||
|
|
||||||
salt, err := base64.RawStdEncoding.DecodeString(parts[4])
|
salt, err := base64.RawStdEncoding.DecodeString(parts[4])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
|
|||||||
@@ -27,3 +27,61 @@ func TestHashNonDeterministic(t *testing.T) {
|
|||||||
t.Fatal("salt must randomize hash")
|
t.Fatal("salt must randomize hash")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestVerifyPasswordBadTimeDoesNotPanic(t *testing.T) {
|
||||||
|
defer func() {
|
||||||
|
if r := recover(); r != nil {
|
||||||
|
t.Fatalf("VerifyPassword panicked: %v", r)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
encoded := "$argon2id$v=19$m=65536,t=0,p=4$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA"
|
||||||
|
ok, err := VerifyPassword(encoded, "anything")
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("expected error for t=0, got nil")
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
t.Fatal("expected ok=false for t=0")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestVerifyPasswordBadThreadsDoesNotPanic(t *testing.T) {
|
||||||
|
defer func() {
|
||||||
|
if r := recover(); r != nil {
|
||||||
|
t.Fatalf("VerifyPassword panicked: %v", r)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
encoded := "$argon2id$v=19$m=65536,t=1,p=0$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA"
|
||||||
|
ok, err := VerifyPassword(encoded, "anything")
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("expected error for p=0, got nil")
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
t.Fatal("expected ok=false for p=0")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestVerifyPasswordUnsupportedVersion(t *testing.T) {
|
||||||
|
encoded := "$argon2id$v=18$m=65536,t=1,p=4$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA"
|
||||||
|
ok, err := VerifyPassword(encoded, "anything")
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("expected error for unsupported version, got nil")
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
t.Fatal("expected ok=false for unsupported version")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestVerifyPasswordGarbageFormatDoesNotPanic(t *testing.T) {
|
||||||
|
defer func() {
|
||||||
|
if r := recover(); r != nil {
|
||||||
|
t.Fatalf("VerifyPassword panicked: %v", r)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
ok, err := VerifyPassword("notahash", "anything")
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("expected error for garbage format, got nil")
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
t.Fatal("expected ok=false for garbage format")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user