-
Notifications
You must be signed in to change notification settings - Fork 0
/
bcrypt.go
98 lines (82 loc) · 1.91 KB
/
bcrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package password
import (
"crypto/sha256"
"strings"
"golang.org/x/crypto/bcrypt"
)
type bcryptHasher struct {
algo string
cost int
}
func (hasher *bcryptHasher) Encode(password string) (string, error) {
return hasher.encode(password, hasher.algo, hasher.cost)
}
func (hasher *bcryptHasher) encode(password, algo string, cost int) (string, error) {
var data []byte
if algo == bcryptSha256Algo {
d := sha256.Sum256([]byte(password))
data = d[:]
} else {
data = []byte(password)
}
hash, err := bcrypt.GenerateFromPassword(data, cost)
if err != nil {
return "", err
}
ss := []string{
algo,
string(hash),
}
return strings.Join(ss, sep), nil
}
func (hasher *bcryptHasher) Decode(decoded string) (*PasswordInfo, error) {
parts := strings.SplitN(decoded, sep, 2)
if parts[0] != bcryptSha256Algo && parts[0] != bcryptAlgo {
return nil, errUnknownAlgorithm
}
cost, err := bcrypt.Cost([]byte(parts[1]))
if err != nil {
return nil, err
}
return &PasswordInfo{
Algorithm: parts[0],
Hash: parts[1],
Iterations: cost,
}, nil
}
func (hasher *bcryptHasher) Verify(password, encoded string) bool {
pi, err := hasher.Decode(encoded)
if err != nil {
return false
}
var data []byte
if pi.Algorithm == bcryptSha256Algo {
d := sha256.Sum256([]byte(password))
data = d[:]
} else {
data = []byte(password)
}
err = bcrypt.CompareHashAndPassword([]byte(pi.Hash), data)
return err == nil
}
func (hasher *bcryptHasher) MustUpdate(encoded string) bool {
pi, err := hasher.Decode(encoded)
if err != nil {
return false
}
return pi.Iterations < hasher.cost
}
func (hasher *bcryptHasher) Harden(password, encoded string) (string, error) {
// TODO(zhaowentao)
return encoded, nil
}
func newBcryptHasher(opt *HasherOption) (Hasher, error) {
cost := bcrypt.DefaultCost
if opt.Iterations > cost {
cost = opt.Iterations
}
return &bcryptHasher{
algo: opt.Algorithm,
cost: cost,
}, nil
}