Merge pull request #86 from SenseUnit/hmac_benchmarks

Snawoot · web-flow · commit 9e3e749fc751 · 2024-11-29T15:44:32.000+02:00
hmac auth: add benchmarks
diff --git a/auth/hmac.go b/auth/hmac.go
@@ -63,7 +63,7 @@ type HMACToken struct {
 	Signature [HMACSignatureSize]byte
 }
 
-func (auth *HMACAuth) validateToken(login, password string) bool {
+func VerifyHMACLoginAndPassword(secret []byte, login, password string) bool {
 	marshaledToken, err := base64.RawURLEncoding.DecodeString(password)
 	if err != nil {
 		return false
@@ -79,7 +79,7 @@ func (auth *HMACAuth) validateToken(login, password string) bool {
 		return false
 	}
 
-	expectedMAC := CalculateHMACSignature(auth.secret, login, token.Expire)
+	expectedMAC := CalculateHMACSignature(secret, login, token.Expire)
 	return hmac.Equal(token.Signature[:], expectedMAC)
 }
 
@@ -111,7 +111,7 @@ func (auth *HMACAuth) Validate(wr http.ResponseWriter, req *http.Request) (strin
 	login := pair[0]
 	password := pair[1]
 
-	if auth.validateToken(login, password) {
+	if VerifyHMACLoginAndPassword(auth.secret, login, password) {
 		if auth.hiddenDomain != "" &&
 			(req.Host == auth.hiddenDomain || req.URL.Host == auth.hiddenDomain) {
 			wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_TRIGGERED_MSG))))
diff --git a/auth/hmac_test.go b/auth/hmac_test.go
@@ -0,0 +1,59 @@
+package auth
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/binary"
+	"testing"
+	"time"
+)
+
+var (
+	resBytes []byte
+	resBool  bool
+)
+
+func BenchmarkCalculateHMACSignature(b *testing.B) {
+	var r []byte
+	secret := make([]byte, HMACSignatureSize)
+	if _, err := rand.Read(secret); err != nil {
+		b.Fatalf("CSPRNG failure: %v", err)
+	}
+	b.ResetTimer()
+
+	for n := 0; n < b.N; n++ {
+		r = CalculateHMACSignature(secret, "username", 0)
+	}
+	resBytes = r
+}
+
+func BenchmarkVerifyHMACLoginAndPassword(b *testing.B) {
+	var r bool
+	secret := make([]byte, HMACSignatureSize)
+	if _, err := rand.Read(secret); err != nil {
+		b.Fatalf("CSPRNG failure: %v", err)
+	}
+	username := "username"
+	expire := time.Now().Add(time.Hour).Unix()
+	mac := CalculateHMACSignature(secret, username, expire)
+	token := HMACToken{
+		Expire: expire,
+	}
+	copy(token.Signature[:], mac)
+	var resBuf bytes.Buffer
+	enc := base64.NewEncoder(base64.RawURLEncoding, &resBuf)
+	if err := binary.Write(enc, binary.BigEndian, &token); err != nil {
+		b.Fatalf("token encoding failed: %v", err)
+	}
+	enc.Close()
+	b.ResetTimer()
+
+	for n := 0; n < b.N; n++ {
+		r = VerifyHMACLoginAndPassword(secret, username, resBuf.String())
+		if !r {
+			b.Fail()
+		}
+	}
+	resBool = r
+}
