3
0
mirror of https://github.com/ergochat/ergo.git synced 2025-01-25 19:54:25 +01:00
ergo/irc/utils/crypto.go

48 lines
1.3 KiB
Go
Raw Normal View History

// Copyright (c) 2018 Shivaram Lingamneni <slingamn@cs.stanford.edu>
// released under the MIT license
package utils
import (
"crypto/rand"
"crypto/subtle"
2018-12-28 19:45:55 +01:00
"encoding/base32"
2019-05-12 22:26:23 +02:00
"encoding/base64"
2018-12-28 19:45:55 +01:00
)
var (
// slingamn's own private b32 alphabet, removing 1, l, o, and 0
2019-05-12 08:17:57 +02:00
B32Encoder = base32.NewEncoding("abcdefghijkmnpqrstuvwxyz23456789").WithPadding(base32.NoPadding)
)
const (
SecretTokenLength = 26
)
// generate a secret token that cannot be brute-forced via online attacks
func GenerateSecretToken() string {
// 128 bits of entropy are enough to resist any online attack:
var buf [16]byte
rand.Read(buf[:])
2018-12-28 19:45:55 +01:00
// 26 ASCII characters, should be fine for most purposes
2019-05-12 08:17:57 +02:00
return B32Encoder.EncodeToString(buf[:])
}
// securely check if a supplied token matches a stored token
func SecretTokensMatch(storedToken string, suppliedToken string) bool {
// XXX fix a potential gotcha: if the stored token is uninitialized,
// then nothing should match it, not even supplying an empty token.
if len(storedToken) == 0 {
return false
}
return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1
}
2019-05-12 22:26:23 +02:00
// generate a 256-bit secret key that can be written into a config file
func GenerateSecretKey() string {
var buf [32]byte
rand.Read(buf[:])
return base64.RawURLEncoding.EncodeToString(buf[:])
}