fix: correct naming

supabase · Sep 25, 2024 · d524770 · d524770
1 parent 42bd64c
commit d524770
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/internal/crypto/password.go b/internal/crypto/password.go
@@ -35,6 +35,7 @@ const (
 
 	Argon2Prefix         = "$argon2"
 	FirebaseScryptPrefix = "$fbscrypt"
+	FirebaseScryptKeyLen = 32 // Firebase uses AES-256 which requires 32 byte keys: https://pkg.go.dev/golang.org/x/crypto/scrypt#Key
 )
 
 // PasswordHashCost is the current pasword hashing cost
@@ -53,7 +54,7 @@ var (
 )
 
 var ErrArgon2MismatchedHashAndPassword = errors.New("crypto: argon2 hash and password mismatch")
-var ErrScryptMismatchedHashAndPassword = errors.New("crypto: scrypt hash and password mismatch")
+var ErrScryptMismatchedHashAndPassword = errors.New("crypto: fbscrypt hash and password mismatch")
 
 // argon2HashRegexp https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md#argon2-encoding
 var argon2HashRegexp = regexp.MustCompile("^[$](?P<alg>argon2(d|i|id))[$]v=(?P<v>(16|19))[$]m=(?P<m>[0-9]+),t=(?P<t>[0-9]+),p=(?P<p>[0-9]+)(,keyid=(?P<keyid>[^,]+))?(,data=(?P<data>[^$]+))?[$](?P<salt>[^$]+)[$](?P<hash>.+)$")
@@ -112,6 +113,7 @@ func ParseFirebaseScryptHash(hash string) (*FirebaseScryptHashInput, error) {
 	if memoryPower == 0 {
 		return nil, fmt.Errorf("crypto: Firebase scrypt hash has invalid n parameter %q: must be greater than 0", n)
 	}
+	// Exponent is passed in
 	memory := uint64(1) << memoryPower
 	rounds, err := strconv.ParseUint(r, 10, 64)
 	if err != nil {
@@ -123,9 +125,6 @@ func ParseFirebaseScryptHash(hash string) (*FirebaseScryptHashInput, error) {
 		return nil, fmt.Errorf("crypto: Firebase scrypt hash has invalid p parameter %q %w", p, err)
 	}
 
-	if rounds*threads >= 1<<30 {
-		return nil, fmt.Errorf("crypto: Firebase scrypt hash has invalid r and p parameters: r * p must be < 2^30")
-	}
 	rawHash, err := base64.StdEncoding.DecodeString(hashB64)
 	if err != nil {
 		return nil, fmt.Errorf("crypto: Firebase scrypt hash has invalid base64 in the hash section %w", err)
@@ -290,8 +289,7 @@ func compareHashAndPasswordFirebaseScrypt(ctx context.Context, hash, password st
 
 	switch input.alg {
 	case "fbscrypt":
-		const keyLen = 32 // Default length
-		derivedKey, err = firebaseScrypt([]byte(password), input.salt, input.signerKey, input.saltSeparator, input.memory, input.rounds, input.threads, keyLen)
+		derivedKey, err = firebaseScrypt([]byte(password), input.salt, input.signerKey, input.saltSeparator, input.memory, input.rounds, input.threads, FirebaseScryptKeyLen)
 		if err != nil {
 			return err
 		}