mirror of
https://gogs.blitter.com/RLabs/xs
synced 2024-08-14 10:26:42 +00:00
f5be3578a8
2/3 Added vendor/ dir to lock down dependent pkg versions. The author of git.schwanenlied.me/yawning/{chacha20,newhope,kyber}.git has copied their repos to gitlab.com/yawning/ but some imports of chacha20 from newhope still inconsistently refer to git.schwanenlied.me/, breaking build. Licenses for chacha20 also changed from CC0 to AGPL, which may or may not be an issue. Until the two aforementioned issues are resolved, locking to last-good versions is probably the best way forward for now. To build with vendored deps, use make VENDOR=1 clean all 3/3 Moved body of CI push script into bacillus/
72 lines
1.8 KiB
Go
72 lines
1.8 KiB
Go
// Package bcrypt implements the bcrypt password hashing mechanism.
|
|
//
|
|
// Please note that bcrypt truncates passwords to 72 characters in length. Consider using
|
|
// a more modern hashing scheme such as scrypt or sha-crypt. If you must use bcrypt,
|
|
// consider using bcrypt-sha256 instead.
|
|
package bcrypt
|
|
|
|
import "golang.org/x/crypto/bcrypt"
|
|
import "gopkg.in/hlandau/passlib.v1/abstract"
|
|
import "fmt"
|
|
|
|
// An implementation of Scheme implementing bcrypt.
|
|
//
|
|
// Uses RecommendedCost.
|
|
var Crypter abstract.Scheme
|
|
|
|
// The recommended cost for bcrypt. This may change with subsequent releases.
|
|
const RecommendedCost = 12
|
|
|
|
// bcrypt.DefaultCost is a bit low (10), so use 12 instead.
|
|
|
|
func init() {
|
|
Crypter = New(RecommendedCost)
|
|
}
|
|
|
|
// Create a new scheme implementing bcrypt. The recommended cost is RecommendedCost.
|
|
func New(cost int) abstract.Scheme {
|
|
return &scheme{
|
|
Cost: cost,
|
|
}
|
|
}
|
|
|
|
type scheme struct {
|
|
Cost int
|
|
}
|
|
|
|
func (s *scheme) SupportsStub(stub string) bool {
|
|
return len(stub) >= 3 && stub[0] == '$' && stub[1] == '2' &&
|
|
(stub[2] == '$' || (len(stub) >= 4 && stub[3] == '$' &&
|
|
(stub[2] == 'a' || stub[2] == 'b' || stub[2] == 'y')))
|
|
}
|
|
|
|
func (s *scheme) Hash(password string) (string, error) {
|
|
h, err := bcrypt.GenerateFromPassword([]byte(password), s.Cost)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return string(h), nil
|
|
}
|
|
|
|
func (s *scheme) Verify(password, hash string) error {
|
|
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
|
|
if err == bcrypt.ErrMismatchedHashAndPassword {
|
|
err = abstract.ErrInvalidPassword
|
|
}
|
|
|
|
return err
|
|
}
|
|
|
|
func (s *scheme) NeedsUpdate(stub string) bool {
|
|
cost, err := bcrypt.Cost([]byte(stub))
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return cost < s.Cost
|
|
}
|
|
|
|
func (s *scheme) String() string {
|
|
return fmt.Sprintf("bcrypt(%d)", s.Cost)
|
|
}
|