mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 67 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1283 Commits
20 Branches
Tree: 6260869068
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6260869068'
${ noResults }
oragono/irc/passwd/salted.go

salted.go 2.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. // Copyright (c) 2016 Daniel Oaks <daniel@danieloaks.net>

  2. // released under the MIT license

  3. 

  4. package passwd

  5. 

  6. import (

  7. 	"crypto/rand"

  8. 

  9. 	"golang.org/x/crypto/bcrypt"

  10. )

  11. 

  12. const (

  13. 	// newSaltLen is how many bytes long newly-generated salts are.

  14. 	newSaltLen = 30

  15. 	// defaultPasswordCost is the bcrypt cost we use for passwords.

  16. 	defaultPasswordCost = 14

  17. )

  18. 

  19. // NewSalt returns a salt for crypto uses.

  20. func NewSalt() ([]byte, error) {

  21. 	salt := make([]byte, newSaltLen)

  22. 	_, err := rand.Read(salt)

  23. 

  24. 	if err != nil {

  25. 		var emptySalt []byte

  26. 		return emptySalt, err

  27. 	}

  28. 

  29. 	return salt, nil

  30. }

  31. 

  32. // SaltedManager supports the hashing and comparing of passwords with the given salt.

  33. type SaltedManager struct {

  34. 	salt []byte

  35. }

  36. 

  37. // NewSaltedManager returns a new SaltedManager with the given salt.

  38. func NewSaltedManager(salt []byte) SaltedManager {

  39. 	return SaltedManager{

  40. 		salt: salt,

  41. 	}

  42. }

  43. 

  44. // assemblePassword returns an assembled slice of bytes for the given password details.

  45. func (sm *SaltedManager) assemblePassword(specialSalt []byte, password string) []byte {

  46. 	var assembledPasswordBytes []byte

  47. 	assembledPasswordBytes = append(assembledPasswordBytes, sm.salt...)

  48. 	assembledPasswordBytes = append(assembledPasswordBytes, '-')

  49. 	assembledPasswordBytes = append(assembledPasswordBytes, specialSalt...)

  50. 	assembledPasswordBytes = append(assembledPasswordBytes, '-')

  51. 	assembledPasswordBytes = append(assembledPasswordBytes, []byte(password)...)

  52. 	return assembledPasswordBytes

  53. }

  54. 

  55. // GenerateFromPassword encrypts the given password.

  56. func (sm *SaltedManager) GenerateFromPassword(specialSalt []byte, password string) ([]byte, error) {

  57. 	assembledPasswordBytes := sm.assemblePassword(specialSalt, password)

  58. 	return bcrypt.GenerateFromPassword(assembledPasswordBytes, defaultPasswordCost)

  59. }

  60. 

  61. // CompareHashAndPassword compares a hashed password with its possible plaintext equivalent.

  62. // Returns nil on success, or an error on failure.

  63. func (sm *SaltedManager) CompareHashAndPassword(hashedPassword []byte, specialSalt []byte, password string) error {

  64. 	assembledPasswordBytes := sm.assemblePassword(specialSalt, password)

  65. 	return bcrypt.CompareHashAndPassword(hashedPassword, assembledPasswordBytes)

  66. }