mirror
/
oragono
огледало от https://github.com/oragono/oragono
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Версии 67 Уики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3877 Ревизии
20 Клонове
ИН на ревизия: 7a6413ea2c
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '7a6413ea2c'
${ noResults }
oragono/irc/migrations/passwords.go

passwords.go 4.7KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 
  1. package migrations

  2. 

  3. import (

  4. 	"bytes"

  5. 	"crypto/hmac"

  6. 	"crypto/md5"

  7. 	"crypto/sha1"

  8. 	"crypto/sha256"

  9. 	"crypto/sha512"

  10. 	"crypto/subtle"

  11. 	"encoding/base64"

  12. 	"encoding/hex"

  13. 	"errors"

  14. 	"hash"

  15. 	"strconv"

  16. 

  17. 	"github.com/GehirnInc/crypt/md5_crypt"

  18. 	"golang.org/x/crypto/pbkdf2"

  19. )

  20. 

  21. var (

  22. 	ErrHashInvalid     = errors.New("password hash invalid for algorithm")

  23. 	ErrHashCheckFailed = errors.New("passphrase did not match stored hash")

  24. 

  25. 	hmacServerKeyText    = []byte("Server Key")

  26. 	athemePBKDF2V2Prefix = []byte("$z")

  27. )

  28. 

  29. type PassphraseCheck func(hash, passphrase []byte) (err error)

  30. 

  31. func CheckAthemePassphrase(hash, passphrase []byte) (err error) {

  32. 	if len(hash) < 60 {

  33. 		return checkAthemePosixCrypt(hash, passphrase)

  34. 	} else if bytes.HasPrefix(hash, athemePBKDF2V2Prefix) {

  35. 		return checkAthemePBKDF2V2(hash, passphrase)

  36. 	} else {

  37. 		return checkAthemePBKDF2(hash, passphrase)

  38. 	}

  39. }

  40. 

  41. func checkAthemePosixCrypt(hash, passphrase []byte) (err error) {

  42. 	// crypto/posix: the platform's crypt(3) function

  43. 	// MD5 on linux, DES on MacOS: forget MacOS

  44. 	md5crypt := md5_crypt.New()

  45. 	return md5crypt.Verify(string(hash), []byte(passphrase))

  46. }

  47. 

  48. type pbkdf2v2Algo struct {

  49. 	Hash       func() hash.Hash

  50. 	OutputSize int

  51. 	SCRAM      bool

  52. 	SaltB64    bool

  53. }

  54. 

  55. func athemePBKDF2V2ParseAlgo(algo string) (result pbkdf2v2Algo, err error) {

  56. 	// https://github.com/atheme/atheme/blob/a11e85efc67d86fc4738e3e2a4f220bfa69153f0/include/atheme/pbkdf2.h#L34-L52

  57. 	algoInt, err := strconv.Atoi(algo)

  58. 	if err != nil {

  59. 		return result, ErrHashInvalid

  60. 	}

  61. 	hashCode := algoInt % 10

  62. 	algoCode := algoInt - hashCode

  63. 

  64. 	switch algoCode {

  65. 	case 0:

  66. 		// e.g., #define PBKDF2_PRF_HMAC_MD5             3U

  67. 		// no SCRAM, no SHA256

  68. 	case 20:

  69. 		// e.g., #define PBKDF2_PRF_HMAC_MD5_S64         23U

  70. 		// no SCRAM, base64

  71. 		result.SaltB64 = true

  72. 	case 40:

  73. 		// e.g., #define PBKDF2_PRF_SCRAM_MD5            43U

  74. 		// SCRAM, no base64

  75. 		result.SCRAM = true

  76. 	case 60:

  77. 		// e.g., #define PBKDF2_PRF_SCRAM_MD5_S64        63U

  78. 		result.SaltB64 = true

  79. 		result.SCRAM = true

  80. 	default:

  81. 		return result, ErrHashInvalid

  82. 	}

  83. 

  84. 	switch hashCode {

  85. 	case 3:

  86. 		result.Hash, result.OutputSize = md5.New, (128 / 8)

  87. 	case 4:

  88. 		result.Hash, result.OutputSize = sha1.New, (160 / 8)

  89. 	case 5:

  90. 		result.Hash, result.OutputSize = sha256.New, (256 / 8)

  91. 	case 6:

  92. 		result.Hash, result.OutputSize = sha512.New, (512 / 8)

  93. 	default:

  94. 		return result, ErrHashInvalid

  95. 	}

  96. 

  97. 	return result, nil

  98. }

  99. 

  100. func checkAthemePBKDF2V2(hash, passphrase []byte) (err error) {

  101. 	// crypto/pbkdf2v2, the default as of september 2020:

  102. 	// "the format for pbkdf2v2 is $z$alg$iter$salt$digest

  103. 	// where the z is literal,

  104. 	// the alg is one from  https://github.com/atheme/atheme/blob/master/include/atheme/pbkdf2.h#L34-L52

  105. 	// iter is the iteration count.

  106. 	// if the alg ends in _S64 then the salt is base64-encoded, otherwise taken literally

  107. 	// (an ASCII salt, inherited from the pbkdf2 module).

  108. 	// if alg is a SCRAM one, then digest is actually serverkey$storedkey (see RFC 5802).

  109. 	// digest, serverkey and storedkey are base64-encoded."

  110. 	parts := bytes.Split(hash, []byte{'$'})

  111. 	if len(parts) < 6 {

  112. 		return ErrHashInvalid

  113. 	}

  114. 	algo, err := athemePBKDF2V2ParseAlgo(string(parts[2]))

  115. 	if err != nil {

  116. 		return err

  117. 	}

  118. 

  119. 	iter, err := strconv.Atoi(string(parts[3]))

  120. 	if err != nil {

  121. 		return ErrHashInvalid

  122. 	}

  123. 

  124. 	salt := parts[4]

  125. 	if algo.SaltB64 {

  126. 		salt, err = base64.StdEncoding.DecodeString(string(salt))

  127. 		if err != nil {

  128. 			return err

  129. 		}

  130. 	}

  131. 

  132. 	// if SCRAM, parts[5] is ServerKey; otherwise it's the actual PBKDF2 output

  133. 	// either way, it's what we'll test against

  134. 	expected, err := base64.StdEncoding.DecodeString(string(parts[5]))

  135. 	if err != nil {

  136. 		return err

  137. 	}

  138. 

  139. 	var key []byte

  140. 	if algo.SCRAM {

  141. 		if len(parts) != 7 {

  142. 			return ErrHashInvalid

  143. 		}

  144. 		stretch := pbkdf2.Key(passphrase, salt, iter, algo.OutputSize, algo.Hash)

  145. 		mac := hmac.New(algo.Hash, stretch)

  146. 		mac.Write(hmacServerKeyText)

  147. 		key = mac.Sum(nil)

  148. 	} else {

  149. 		if len(parts) != 6 {

  150. 			return ErrHashInvalid

  151. 		}

  152. 		key = pbkdf2.Key(passphrase, salt, iter, len(expected), algo.Hash)

  153. 	}

  154. 

  155. 	if subtle.ConstantTimeCompare(key, expected) == 1 {

  156. 		return nil

  157. 	} else {

  158. 		return ErrHashCheckFailed

  159. 	}

  160. }

  161. 

  162. func checkAthemePBKDF2(hash, passphrase []byte) (err error) {

  163. 	// crypto/pbkdf2:

  164. 	// "SHA2-512, 128000 iterations, 16-ASCII-character salt, hexadecimal encoding of digest,

  165. 	// digest appended directly to salt, for a single string consisting of only 144 characters"

  166. 	if len(hash) != 144 {

  167. 		return ErrHashInvalid

  168. 	}

  169. 

  170. 	salt := hash[:16]

  171. 	digest := make([]byte, 64)

  172. 	cnt, err := hex.Decode(digest, hash[16:])

  173. 	if err != nil || cnt != 64 {

  174. 		return ErrHashCheckFailed

  175. 	}

  176. 

  177. 	key := pbkdf2.Key(passphrase, salt, 128000, 64, sha512.New)

  178. 	if subtle.ConstantTimeCompare(key, digest) == 1 {

  179. 		return nil

  180. 	} else {

  181. 		return ErrHashCheckFailed

  182. 	}

  183. }