Documentation
¶
Overview ¶
Package security provides security utilities and cryptographic primitives.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConstantTimeHashCompare ¶
ConstantTimeHashCompare performs a constant-time comparison of two hash strings to prevent timing side-channel attacks.
This function is designed for comparing cryptographic hashes (e.g., SHA256 hex strings) in security-sensitive contexts where timing attacks could reveal information about the hash values being compared.
Implementation details:
- Uses subtle.ConstantTimeEq for constant-time length checks
- Uses subtle.ConstantTimeCompare for constant-time content comparison
- Enforces exact length matching: both inputs must be exactly normalizedLen bytes
- Special case: empty strings are allowed only when both are empty (for anonymous sessions)
- No normalization/padding: inputs longer or shorter than normalizedLen are rejected
Parameters:
- hashA: First hash string to compare (typically hex-encoded SHA256, 64 bytes)
- hashB: Second hash string to compare
- normalizedLen: Expected length of normalized hashes (use 64 for SHA256 hex)
Returns:
- true if the hashes match (both content and length), false otherwise
Example usage:
storedHash := "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3"
currentHash := "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3"
if security.ConstantTimeHashCompare(storedHash, currentHash, 64) {
// Hashes match
}
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.