def test_compare_secure_strings(): """ Tests that compare_secure_strings() returns True when the strings are equal and False otherwise. Does not test if the function actually mitigates timing side channel attacks. """ LENGTH = 128 string1 = misc_utils.generate_random_string(LENGTH) string2 = misc_utils.generate_random_string(LENGTH) assert string1 != string2 # Make sure compare_secure_strings returns True and False when expected. assert misc_utils.compare_secure_strings(string1, string1) == True assert misc_utils.compare_secure_strings(string1, string2) == False
def verify_password(self, password): """ Verifies a password by applying each algorithm in turn to the password. Returns True if successful, else False. """ # Check that we're in a state to check a password. if not self.check_self(): return False test_hash = password true_hash = self.password_hash for i in range(len(self.algorithms)): algorithm = self.algorithms[i] rounds = self.rounds[i] salt = self.salts[i] test_hash = hash_password(test_hash, salt, rounds, algorithm) # In case an error occurs. if test_hash is None: return False return misc_utils.compare_secure_strings(test_hash, true_hash)