|
@@ -1,7 +1,7 @@
|
1
|
1
|
// Copyright (c) 2016 Daniel Oaks <daniel@danieloaks.net>
|
2
|
2
|
// released under the MIT license
|
3
|
3
|
|
4
|
|
-package irc
|
|
4
|
+package passwd
|
5
|
5
|
|
6
|
6
|
import (
|
7
|
7
|
"crypto/rand"
|
|
@@ -9,8 +9,12 @@ import (
|
9
|
9
|
"golang.org/x/crypto/bcrypt"
|
10
|
10
|
)
|
11
|
11
|
|
12
|
|
-const newSaltLen = 30
|
13
|
|
-const defaultPasswordCost = 14
|
|
12
|
+const (
|
|
13
|
+ // newSaltLen is how many bytes long newly-generated salts are.
|
|
14
|
+ newSaltLen = 30
|
|
15
|
+ // defaultPasswordCost is the bcrypt cost we use for passwords.
|
|
16
|
+ defaultPasswordCost = 14
|
|
17
|
+)
|
14
|
18
|
|
15
|
19
|
// NewSalt returns a salt for crypto uses.
|
16
|
20
|
func NewSalt() ([]byte, error) {
|
|
@@ -25,22 +29,22 @@ func NewSalt() ([]byte, error) {
|
25
|
29
|
return salt, nil
|
26
|
30
|
}
|
27
|
31
|
|
28
|
|
-// PasswordManager supports the hashing and comparing of passwords with the given salt.
|
29
|
|
-type PasswordManager struct {
|
|
32
|
+// SaltedManager supports the hashing and comparing of passwords with the given salt.
|
|
33
|
+type SaltedManager struct {
|
30
|
34
|
salt []byte
|
31
|
35
|
}
|
32
|
36
|
|
33
|
|
-// NewPasswordManager returns a new PasswordManager with the given salt.
|
34
|
|
-func NewPasswordManager(salt []byte) PasswordManager {
|
35
|
|
- var pwm PasswordManager
|
36
|
|
- pwm.salt = salt
|
37
|
|
- return pwm
|
|
37
|
+// NewSaltedManager returns a new SaltedManager with the given salt.
|
|
38
|
+func NewSaltedManager(salt []byte) SaltedManager {
|
|
39
|
+ var sm SaltedManager
|
|
40
|
+ sm.salt = salt
|
|
41
|
+ return sm
|
38
|
42
|
}
|
39
|
43
|
|
40
|
44
|
// assemblePassword returns an assembled slice of bytes for the given password details.
|
41
|
|
-func (pwm *PasswordManager) assemblePassword(specialSalt []byte, password string) []byte {
|
|
45
|
+func (sm *SaltedManager) assemblePassword(specialSalt []byte, password string) []byte {
|
42
|
46
|
var assembledPasswordBytes []byte
|
43
|
|
- assembledPasswordBytes = append(assembledPasswordBytes, pwm.salt...)
|
|
47
|
+ assembledPasswordBytes = append(assembledPasswordBytes, sm.salt...)
|
44
|
48
|
assembledPasswordBytes = append(assembledPasswordBytes, '-')
|
45
|
49
|
assembledPasswordBytes = append(assembledPasswordBytes, specialSalt...)
|
46
|
50
|
assembledPasswordBytes = append(assembledPasswordBytes, '-')
|
|
@@ -49,14 +53,14 @@ func (pwm *PasswordManager) assemblePassword(specialSalt []byte, password string
|
49
|
53
|
}
|
50
|
54
|
|
51
|
55
|
// GenerateFromPassword encrypts the given password.
|
52
|
|
-func (pwm *PasswordManager) GenerateFromPassword(specialSalt []byte, password string) ([]byte, error) {
|
53
|
|
- assembledPasswordBytes := pwm.assemblePassword(specialSalt, password)
|
|
56
|
+func (sm *SaltedManager) GenerateFromPassword(specialSalt []byte, password string) ([]byte, error) {
|
|
57
|
+ assembledPasswordBytes := sm.assemblePassword(specialSalt, password)
|
54
|
58
|
return bcrypt.GenerateFromPassword(assembledPasswordBytes, defaultPasswordCost)
|
55
|
59
|
}
|
56
|
60
|
|
57
|
61
|
// CompareHashAndPassword compares a hashed password with its possible plaintext equivalent.
|
58
|
62
|
// Returns nil on success, or an error on failure.
|
59
|
|
-func (pwm *PasswordManager) CompareHashAndPassword(hashedPassword []byte, specialSalt []byte, password string) error {
|
60
|
|
- assembledPasswordBytes := pwm.assemblePassword(specialSalt, password)
|
|
63
|
+func (sm *SaltedManager) CompareHashAndPassword(hashedPassword []byte, specialSalt []byte, password string) error {
|
|
64
|
+ assembledPasswordBytes := sm.assemblePassword(specialSalt, password)
|
61
|
65
|
return bcrypt.CompareHashAndPassword(hashedPassword, assembledPasswordBytes)
|
62
|
66
|
}
|