Add basic auth middleware

[DimaSalakhov]

Issue #604

[seh]

Why is it important to make the lengths equal? Are you trying to preclude subtle.ConstantTimeCompare from divulging the difference in length by way of it short-circuiting the rest of the comparison?

Though highly unlikely, it looks like you're risking accepting a potential hash collision in trade for defending against a timing attack.

[seh]

Since the required user name and password values are fixed at line 85 below, if you decide to retain this hashing technique, consider computing the hash on these two values once just before line 77, and reusing the hash instead of the raw values here.

[seh]

• s/implemntation of Error/implementation of the Error/
• Punctuate this sentence.

[seh]

• s/represents generic Authorization/represents an authoriation/
• Punctuate this sentence.

[seh]

• s/implemntation of StatusCoder/implementation of the StatusCoder/
• Punctuate this sentence.

[seh]

• s/an implemntation of Headerer/an implementation of the Headerer/
• Punctuate this sentence.

[seh]

• Given that the currency of your implementation is byte vectors, consider demanding byte vectors as parameters.
  You could then return byte vectors from your parseBasicAuth function below, rather than converting the byte vectors resulting from decoding the base64-encoded values to strings at line 67, only to convert them back—with allocation and copying cost—here.

[seh]

• Punctuate this sentence.

[seh]

• s/basic auth/Basic Authorization/
• Punctuate this sentence.

[seh]

• s/up Authentication/up the "Authentication"/
• s/a http request/an HTTP request,/
• Punctuate this sentence, or s/like/like the following:/.

[DimaSalakhov]

@seh Thanks for your review, everything was on point, I very much appreciate it!

In regards to the hash sum calculation sha256.Sum256() according to my very limited knowledge on the topic of timing attack, there are 2 suggestions to prevent them:

• use constant time algorithm to prevent bruteforcing the exact position of the first difference in byte arrays. That's exactly what subtle/ConstantTimeCompare does
• use byte arrays of the same length for the similar reason. In our case subtle/ConstantTimeCompare short circuit if arrays have a different length.
  I might be wrong in that, but this was a premise for me to compare hashes rather than slices. You're right about a potential collision in hashes, but my assumption is that the chances that person would successfully use that for bruteforce are higher than a chance of hash collision. However, I don't have a data to prove it and would be happy to hear a security advice.

[seh]

I agree with the first benefit of using subtle.ConstantTimeCompare. Note, though, that computing the hash requires various length-dependent operations, so while we eliminate length difference detection threat from the final byte comparison, we still face timing differences in computing the hashes.

However, if you compute the hashes for the expected user name and password values ahead of time, as I had suggested earlier, then an attacker wouldn't be able to detect any relationship between computing the hashes of the expected and supplied values. You would then face only the threat of a hash collision yielding a false positive.

If the two hashes differ, we know that the supplied values do not match the expected values. If we wanted to be completely sure that a match in the hashes means the underlying values match, we'd then have to compare those underlying values directly—which brings us back to divulging differences in length via timing attack (even with subtle.ConstantTimeCompare), and wastes the utility of using the hash function.

I too would like to hear from others whether we should worry about the likelihood of a hash collision here.

[seh]

• s/authoriation/authorization/

[seh]

• s/iimplementation/implementation/

[seh]

• Convert this array to a slice here, rather than down at line 77 each time you use it.

[seh]

• Convert this array to a slice here, rather than down at line 78 each time you use it.
• Consider using four extra characters to name the variable "requiredPasswordBytes."

[seh]

• We could go either way, but in American English, it sounds better to my ear to write "an HTTP."

[DimaSalakhov]

@seh I agree with your statement about creating and comparing hashes.
As for the hash collision, I'm leaning more and more towards calling it possible, but unrealistic with the state of the modern hardware. Here is an article from Google about collision they've found in sha128: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
From what I see, it takes 1year, 110GPU and right algorithm to achieve it. SHA256 is twice the size and it would be a very long and expensive attack.

[seh]

These recent changes alleviate my stated concerns.

[seh]

• Since this comment points out what is happening but not why, consider removing this comment.

[peterbourgon]

Please make this sentence make grammatical sense :) For example,

This package provides a Basic Authentication middleware.
Here is a [Mozilla article](...) with details.

[peterbourgon]

There's no reason to use the Chain helper here, I don't think?

[peterbourgon]

Please use a trailing comma and put the closing brace on the next line.

[peterbourgon]

Please check for the presence of the value in the context before type-asserting it to a string. (The type-assert should also be checked.) If there's a failure in either of those steps, the middleware should return an appropriate error.

[DimaSalakhov]

I'm not sure it's necessary to check the presence of the value as type assertion will do it as well. From the authentication process view, a missing header is as invalid as empty.

[peterbourgon]

With those changes, this looks good to me. Thanks for the initiative and sorry for my delays!

[peterbourgon]

Yep! That works 👍