mirror of
https://gogs.blitter.com/RLabs/xs
synced 2024-08-14 10:26:42 +00:00
caac02a77b
2/2 Added vendor/ dir to lock down dependent pkg versions.
The author of git.schwanenlied.me/yawning/{chacha20,newhope,kyber}.git has copied
their repos to gitlab.com/yawning/ but some imports of chacha20 from newhope still
inconsistently refer to git.schwanenlied.me/, breaking build.
Licenses for chacha20 also changed from CC0 to AGPL, which may or may not be an
issue. Until the two aforementioned issues are resolved, locking to last-good
versions is probably the best way forward for now.
To build with vendored deps, use make VENDOR=1 clean all
72 lines
1.8 KiB
Go
72 lines
1.8 KiB
Go
// Package bcrypt implements the bcrypt password hashing mechanism.
|
|
//
|
|
// Please note that bcrypt truncates passwords to 72 characters in length. Consider using
|
|
// a more modern hashing scheme such as scrypt or sha-crypt. If you must use bcrypt,
|
|
// consider using bcrypt-sha256 instead.
|
|
package bcrypt
|
|
|
|
import "golang.org/x/crypto/bcrypt"
|
|
import "gopkg.in/hlandau/passlib.v1/abstract"
|
|
import "fmt"
|
|
|
|
// An implementation of Scheme implementing bcrypt.
|
|
//
|
|
// Uses RecommendedCost.
|
|
var Crypter abstract.Scheme
|
|
|
|
// The recommended cost for bcrypt. This may change with subsequent releases.
|
|
const RecommendedCost = 12
|
|
|
|
// bcrypt.DefaultCost is a bit low (10), so use 12 instead.
|
|
|
|
func init() {
|
|
Crypter = New(RecommendedCost)
|
|
}
|
|
|
|
// Create a new scheme implementing bcrypt. The recommended cost is RecommendedCost.
|
|
func New(cost int) abstract.Scheme {
|
|
return &scheme{
|
|
Cost: cost,
|
|
}
|
|
}
|
|
|
|
type scheme struct {
|
|
Cost int
|
|
}
|
|
|
|
func (s *scheme) SupportsStub(stub string) bool {
|
|
return len(stub) >= 3 && stub[0] == '$' && stub[1] == '2' &&
|
|
(stub[2] == '$' || (len(stub) >= 4 && stub[3] == '$' &&
|
|
(stub[2] == 'a' || stub[2] == 'b' || stub[2] == 'y')))
|
|
}
|
|
|
|
func (s *scheme) Hash(password string) (string, error) {
|
|
h, err := bcrypt.GenerateFromPassword([]byte(password), s.Cost)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return string(h), nil
|
|
}
|
|
|
|
func (s *scheme) Verify(password, hash string) error {
|
|
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
|
|
if err == bcrypt.ErrMismatchedHashAndPassword {
|
|
err = abstract.ErrInvalidPassword
|
|
}
|
|
|
|
return err
|
|
}
|
|
|
|
func (s *scheme) NeedsUpdate(stub string) bool {
|
|
cost, err := bcrypt.Cost([]byte(stub))
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return cost < s.Cost
|
|
}
|
|
|
|
func (s *scheme) String() string {
|
|
return fmt.Sprintf("bcrypt(%d)", s.Cost)
|
|
}
|