forked from Shiloh/githaven
68 lines
1.8 KiB
Go
68 lines
1.8 KiB
Go
|
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||
|
// SPDX-License-Identifier: MIT
|
||
|
|
||
|
package hash
|
||
|
|
||
|
import (
|
||
|
"encoding/hex"
|
||
|
"strings"
|
||
|
|
||
|
"code.gitea.io/gitea/modules/log"
|
||
|
|
||
|
"golang.org/x/crypto/scrypt"
|
||
|
)
|
||
|
|
||
|
func init() {
|
||
|
Register("scrypt", NewScryptHasher)
|
||
|
}
|
||
|
|
||
|
// ScryptHasher implements PasswordHasher
|
||
|
// and uses the scrypt key derivation function.
|
||
|
type ScryptHasher struct {
|
||
|
n, r, p, keyLen int
|
||
|
}
|
||
|
|
||
|
// HashWithSaltBytes a provided password and salt
|
||
|
func (hasher *ScryptHasher) HashWithSaltBytes(password string, salt []byte) string {
|
||
|
if hasher == nil {
|
||
|
return ""
|
||
|
}
|
||
|
hashedPassword, _ := scrypt.Key([]byte(password), salt, hasher.n, hasher.r, hasher.p, hasher.keyLen)
|
||
|
return hex.EncodeToString(hashedPassword)
|
||
|
}
|
||
|
|
||
|
// NewScryptHasher is a factory method to create an ScryptHasher
|
||
|
// The provided config should be either empty or of the form:
|
||
|
// "<n>$<r>$<p>$<keyLen>", where <x> is the string representation
|
||
|
// of an integer
|
||
|
func NewScryptHasher(config string) *ScryptHasher {
|
||
|
// This matches the original configuration for `scrypt` prior to storing hash parameters
|
||
|
// in the database.
|
||
|
// THESE VALUES MUST NOT BE CHANGED OR BACKWARDS COMPATIBILITY WILL BREAK
|
||
|
hasher := &ScryptHasher{
|
||
|
n: 1 << 16,
|
||
|
r: 16,
|
||
|
p: 2, // 2 passes through memory - this default config will use 128MiB in total.
|
||
|
keyLen: 50,
|
||
|
}
|
||
|
|
||
|
if config == "" {
|
||
|
return hasher
|
||
|
}
|
||
|
|
||
|
vals := strings.SplitN(config, "$", 4)
|
||
|
if len(vals) != 4 {
|
||
|
log.Error("invalid scrypt hash spec %s", config)
|
||
|
return nil
|
||
|
}
|
||
|
var err error
|
||
|
hasher.n, err = parseIntParam(vals[0], "n", "scrypt", config, nil)
|
||
|
hasher.r, err = parseIntParam(vals[1], "r", "scrypt", config, err)
|
||
|
hasher.p, err = parseIntParam(vals[2], "p", "scrypt", config, err)
|
||
|
hasher.keyLen, err = parseIntParam(vals[3], "keyLen", "scrypt", config, err)
|
||
|
if err != nil {
|
||
|
return nil
|
||
|
}
|
||
|
return hasher
|
||
|
}
|