mirror
/
oragono
дзеркало https://github.com/oragono/oragono
Слідкувати 1
В обрані 0
Форк 0
Код Проблеми 0 Релізи 67 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
5281 Коміти
19 Гілки
Гілка: master
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'master'
${ noResults }
oragono/irc/migrations/passwords.go

passwords.go 7.2KB
Постійне посилання Історія Неформатований

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281 
  1. package migrations

  2. 

  3. import (

  4. 	"bytes"

  5. 	"crypto/hmac"

  6. 	"crypto/md5"

  7. 	"crypto/sha1"

  8. 	"crypto/sha256"

  9. 	"crypto/sha512"

  10. 	"crypto/subtle"

  11. 	"encoding/base64"

  12. 	"encoding/binary"

  13. 	"encoding/hex"

  14. 	"errors"

  15. 	"hash"

  16. 	"strconv"

  17. 

  18. 	"github.com/GehirnInc/crypt/md5_crypt"

  19. 	"golang.org/x/crypto/bcrypt"

  20. 	"golang.org/x/crypto/pbkdf2"

  21. )

  22. 

  23. var (

  24. 	ErrHashInvalid     = errors.New("password hash invalid for algorithm")

  25. 	ErrHashCheckFailed = errors.New("passphrase did not match stored hash")

  26. 

  27. 	hmacServerKeyText    = []byte("Server Key")

  28. 	athemePBKDF2V2Prefix = []byte("$z")

  29. 	athemeRawSHA1Prefix  = []byte("$rawsha1$")

  30. )

  31. 

  32. type PassphraseCheck func(hash, passphrase []byte) (err error)

  33. 

  34. func CheckAthemePassphrase(hash, passphrase []byte) (err error) {

  35. 	if bytes.HasPrefix(hash, athemeRawSHA1Prefix) {

  36. 		return checkAthemeRawSha1(hash, passphrase)

  37. 	} else if bytes.HasPrefix(hash, athemePBKDF2V2Prefix) {

  38. 		return checkAthemePBKDF2V2(hash, passphrase)

  39. 	} else if len(hash) < 60 {

  40. 		return checkAthemePosixCrypt(hash, passphrase)

  41. 	} else {

  42. 		return checkAthemePBKDF2(hash, passphrase)

  43. 	}

  44. }

  45. 

  46. func checkAthemePosixCrypt(hash, passphrase []byte) (err error) {

  47. 	// crypto/posix: the platform's crypt(3) function

  48. 	// MD5 on linux, DES on MacOS: forget MacOS

  49. 	md5crypt := md5_crypt.New()

  50. 	return md5crypt.Verify(string(hash), []byte(passphrase))

  51. }

  52. 

  53. type pbkdf2v2Algo struct {

  54. 	Hash       func() hash.Hash

  55. 	OutputSize int

  56. 	SCRAM      bool

  57. 	SaltB64    bool

  58. }

  59. 

  60. func athemePBKDF2V2ParseAlgo(algo string) (result pbkdf2v2Algo, err error) {

  61. 	// https://github.com/atheme/atheme/blob/a11e85efc67d86fc4738e3e2a4f220bfa69153f0/include/atheme/pbkdf2.h#L34-L52

  62. 	algoInt, err := strconv.Atoi(algo)

  63. 	if err != nil {

  64. 		return result, ErrHashInvalid

  65. 	}

  66. 	hashCode := algoInt % 10

  67. 	algoCode := algoInt - hashCode

  68. 

  69. 	switch algoCode {

  70. 	case 0:

  71. 		// e.g., #define PBKDF2_PRF_HMAC_MD5             3U

  72. 		// no SCRAM, no SHA256

  73. 	case 20:

  74. 		// e.g., #define PBKDF2_PRF_HMAC_MD5_S64         23U

  75. 		// no SCRAM, base64

  76. 		result.SaltB64 = true

  77. 	case 40:

  78. 		// e.g., #define PBKDF2_PRF_SCRAM_MD5            43U

  79. 		// SCRAM, no base64

  80. 		result.SCRAM = true

  81. 	case 60:

  82. 		// e.g., #define PBKDF2_PRF_SCRAM_MD5_S64        63U

  83. 		result.SaltB64 = true

  84. 		result.SCRAM = true

  85. 	default:

  86. 		return result, ErrHashInvalid

  87. 	}

  88. 

  89. 	switch hashCode {

  90. 	case 3:

  91. 		result.Hash, result.OutputSize = md5.New, (128 / 8)

  92. 	case 4:

  93. 		result.Hash, result.OutputSize = sha1.New, (160 / 8)

  94. 	case 5:

  95. 		result.Hash, result.OutputSize = sha256.New, (256 / 8)

  96. 	case 6:

  97. 		result.Hash, result.OutputSize = sha512.New, (512 / 8)

  98. 	default:

  99. 		return result, ErrHashInvalid

  100. 	}

  101. 

  102. 	return result, nil

  103. }

  104. 

  105. func checkAthemePBKDF2V2(hash, passphrase []byte) (err error) {

  106. 	// crypto/pbkdf2v2, the default as of september 2020:

  107. 	// "the format for pbkdf2v2 is $z$alg$iter$salt$digest

  108. 	// where the z is literal,

  109. 	// the alg is one from  https://github.com/atheme/atheme/blob/master/include/atheme/pbkdf2.h#L34-L52

  110. 	// iter is the iteration count.

  111. 	// if the alg ends in _S64 then the salt is base64-encoded, otherwise taken literally

  112. 	// (an ASCII salt, inherited from the pbkdf2 module).

  113. 	// if alg is a SCRAM one, then digest is actually serverkey$storedkey (see RFC 5802).

  114. 	// digest, serverkey and storedkey are base64-encoded."

  115. 	parts := bytes.Split(hash, []byte{'$'})

  116. 	if len(parts) < 6 {

  117. 		return ErrHashInvalid

  118. 	}

  119. 	algo, err := athemePBKDF2V2ParseAlgo(string(parts[2]))

  120. 	if err != nil {

  121. 		return err

  122. 	}

  123. 

  124. 	iter, err := strconv.Atoi(string(parts[3]))

  125. 	if err != nil {

  126. 		return ErrHashInvalid

  127. 	}

  128. 

  129. 	salt := parts[4]

  130. 	if algo.SaltB64 {

  131. 		salt, err = base64.StdEncoding.DecodeString(string(salt))

  132. 		if err != nil {

  133. 			return err

  134. 		}

  135. 	}

  136. 

  137. 	// if SCRAM, parts[5] is ServerKey; otherwise it's the actual PBKDF2 output

  138. 	// either way, it's what we'll test against

  139. 	expected, err := base64.StdEncoding.DecodeString(string(parts[5]))

  140. 	if err != nil {

  141. 		return err

  142. 	}

  143. 

  144. 	var key []byte

  145. 	if algo.SCRAM {

  146. 		if len(parts) != 7 {

  147. 			return ErrHashInvalid

  148. 		}

  149. 		stretch := pbkdf2.Key(passphrase, salt, iter, algo.OutputSize, algo.Hash)

  150. 		mac := hmac.New(algo.Hash, stretch)

  151. 		mac.Write(hmacServerKeyText)

  152. 		key = mac.Sum(nil)

  153. 	} else {

  154. 		if len(parts) != 6 {

  155. 			return ErrHashInvalid

  156. 		}

  157. 		key = pbkdf2.Key(passphrase, salt, iter, len(expected), algo.Hash)

  158. 	}

  159. 

  160. 	if subtle.ConstantTimeCompare(key, expected) == 1 {

  161. 		return nil

  162. 	} else {

  163. 		return ErrHashCheckFailed

  164. 	}

  165. }

  166. 

  167. func checkAthemePBKDF2(hash, passphrase []byte) (err error) {

  168. 	// crypto/pbkdf2:

  169. 	// "SHA2-512, 128000 iterations, 16-ASCII-character salt, hexadecimal encoding of digest,

  170. 	// digest appended directly to salt, for a single string consisting of only 144 characters"

  171. 	if len(hash) != 144 {

  172. 		return ErrHashInvalid

  173. 	}

  174. 

  175. 	salt := hash[:16]

  176. 	digest := make([]byte, 64)

  177. 	cnt, err := hex.Decode(digest, hash[16:])

  178. 	if err != nil || cnt != 64 {

  179. 		return ErrHashCheckFailed

  180. 	}

  181. 

  182. 	key := pbkdf2.Key(passphrase, salt, 128000, 64, sha512.New)

  183. 	if subtle.ConstantTimeCompare(key, digest) == 1 {

  184. 		return nil

  185. 	} else {

  186. 		return ErrHashCheckFailed

  187. 	}

  188. }

  189. 

  190. func checkAthemeRawSha1(hash, passphrase []byte) (err error) {

  191. 	return checkRawHash(hash[len(athemeRawSHA1Prefix):], passphrase, sha1.New())

  192. }

  193. 

  194. func checkRawHash(expected, passphrase []byte, h hash.Hash) (err error) {

  195. 	var rawExpected []byte

  196. 	size := h.Size()

  197. 	if len(expected) == 2*size {

  198. 		rawExpected = make([]byte, h.Size())

  199. 		_, err = hex.Decode(rawExpected, expected)

  200. 		if err != nil {

  201. 			return ErrHashInvalid

  202. 		}

  203. 	} else if len(expected) == size {

  204. 		rawExpected = expected

  205. 	} else {

  206. 		return ErrHashInvalid

  207. 	}

  208. 

  209. 	h.Write(passphrase)

  210. 	hashedPassphrase := h.Sum(nil)

  211. 	if subtle.ConstantTimeCompare(rawExpected, hashedPassphrase) == 1 {

  212. 		return nil

  213. 	} else {

  214. 		return ErrHashCheckFailed

  215. 	}

  216. }

  217. 

  218. func checkAnopeEncSha256(hashBytes, ivBytes, passphrase []byte) (err error) {

  219. 	if len(ivBytes) != 32 {

  220. 		return ErrHashInvalid

  221. 	}

  222. 	// https://github.com/anope/anope/blob/2cf507ed662620d0b97c8484fbfbfa09265e86e1/modules/encryption/enc_sha256.cpp#L67

  223. 	var iv [8]uint32

  224. 	for i := 0; i < 8; i++ {

  225. 		iv[i] = binary.BigEndian.Uint32(ivBytes[i*4 : (i+1)*4])

  226. 	}

  227. 	result := anopeSum256(passphrase, iv)

  228. 	if subtle.ConstantTimeCompare(result[:], hashBytes) == 1 {

  229. 		return nil

  230. 	} else {

  231. 		return ErrHashCheckFailed

  232. 	}

  233. }

  234. 

  235. func CheckAnopePassphrase(hash, passphrase []byte) (err error) {

  236. 	pieces := bytes.Split(hash, []byte{':'})

  237. 	if len(pieces) < 2 {

  238. 		return ErrHashInvalid

  239. 	}

  240. 	switch string(pieces[0]) {

  241. 	case "plain":

  242. 		// base64, standard encoding

  243. 		expectedPassphrase, err := base64.StdEncoding.DecodeString(string(pieces[1]))

  244. 		if err != nil {

  245. 			return ErrHashInvalid

  246. 		}

  247. 		if subtle.ConstantTimeCompare(passphrase, expectedPassphrase) == 1 {

  248. 			return nil

  249. 		} else {

  250. 			return ErrHashCheckFailed

  251. 		}

  252. 	case "md5":

  253. 		// raw MD5

  254. 		return checkRawHash(pieces[1], passphrase, md5.New())

  255. 	case "sha1":

  256. 		// raw SHA-1

  257. 		return checkRawHash(pieces[1], passphrase, sha1.New())

  258. 	case "bcrypt":

  259. 		if bcrypt.CompareHashAndPassword(pieces[1], passphrase) == nil {

  260. 			return nil

  261. 		} else {

  262. 			return ErrHashCheckFailed

  263. 		}

  264. 	case "sha256":

  265. 		// SHA-256 with an overridden IV

  266. 		if len(pieces) != 3 {

  267. 			return ErrHashInvalid

  268. 		}

  269. 		hashBytes, err := hex.DecodeString(string(pieces[1]))

  270. 		if err != nil {

  271. 			return ErrHashInvalid

  272. 		}

  273. 		ivBytes, err := hex.DecodeString(string(pieces[2]))

  274. 		if err != nil {

  275. 			return ErrHashInvalid

  276. 		}

  277. 		return checkAnopeEncSha256(hashBytes, ivBytes, passphrase)

  278. 	default:

  279. 		return ErrHashInvalid

  280. 	}

  281. }