0
0
mirror of https://github.com/rls-moe/nyx synced 2024-12-23 12:17:14 +00:00

remove unused dep in go.mod, addresses #4

This commit is contained in:
Tim Schuster 2020-04-21 06:44:57 +02:00
parent 444571d69e
commit 35b2c4dd02
20 changed files with 1524 additions and 34 deletions

3
go.mod
View File

@ -7,7 +7,6 @@ require (
github.com/daaku/go.zipexe v0.0.0-20150329023125-a5fe2436ffcb // indirect
github.com/dchest/captcha v0.0.0-20150728125059-9e952142169c
github.com/dustin/go-humanize v0.0.0-20170228161531-259d2a102b87
github.com/hlandau/passlib v1.0.9 // indirect
github.com/icza/session v0.0.0-20170217095304-81bce6267720
github.com/justinas/nosurf v0.0.0-20161004085251-8e1568277264
github.com/kardianos/osext v0.0.0-20170309185600-9d302b58e975 // indirect
@ -22,6 +21,6 @@ require (
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect
gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect
gopkg.in/hlandau/passlib.v1 v1.0.9
gopkg.in/hlandau/passlib.v1 v1.0.10
gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840
)

2
go.sum
View File

@ -45,5 +45,7 @@ gopkg.in/hlandau/measurable.v1 v1.0.1 h1:wH5UZKCRUnRr1iD+xIZfwhtxhmr+bprRJttqA1R
gopkg.in/hlandau/measurable.v1 v1.0.1/go.mod h1:6N+SYJGMTmetsx7wskULP+juuO+++tsHJkAgzvzsbuM=
gopkg.in/hlandau/passlib.v1 v1.0.9 h1:VfsIu2uKK6xsr9VHCtJtIgNuZ/RNUrIi67hxl8K/7Gg=
gopkg.in/hlandau/passlib.v1 v1.0.9/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM=
gopkg.in/hlandau/passlib.v1 v1.0.10 h1:q5xh9ZHp907XTjVw8/EqG03//fnlITnIYQmv4Gn7TpE=
gopkg.in/hlandau/passlib.v1 v1.0.10/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM=
gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840 h1:BftvRMCaj0KX6UeD7gnNJv0W8b4HAYTEWes978CoWlY=
gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=

285
vendor/golang.org/x/crypto/argon2/argon2.go generated vendored Normal file
View File

@ -0,0 +1,285 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package argon2 implements the key derivation function Argon2.
// Argon2 was selected as the winner of the Password Hashing Competition and can
// be used to derive cryptographic keys from passwords.
//
// For a detailed specification of Argon2 see [1].
//
// If you aren't sure which function you need, use Argon2id (IDKey) and
// the parameter recommendations for your scenario.
//
//
// Argon2i
//
// Argon2i (implemented by Key) is the side-channel resistant version of Argon2.
// It uses data-independent memory access, which is preferred for password
// hashing and password-based key derivation. Argon2i requires more passes over
// memory than Argon2id to protect from trade-off attacks. The recommended
// parameters (taken from [2]) for non-interactive operations are time=3 and to
// use the maximum available memory.
//
//
// Argon2id
//
// Argon2id (implemented by IDKey) is a hybrid version of Argon2 combining
// Argon2i and Argon2d. It uses data-independent memory access for the first
// half of the first iteration over the memory and data-dependent memory access
// for the rest. Argon2id is side-channel resistant and provides better brute-
// force cost savings due to time-memory tradeoffs than Argon2i. The recommended
// parameters for non-interactive operations (taken from [2]) are time=1 and to
// use the maximum available memory.
//
// [1] https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
// [2] https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.3
package argon2
import (
"encoding/binary"
"sync"
"golang.org/x/crypto/blake2b"
)
// The Argon2 version implemented by this package.
const Version = 0x13
const (
argon2d = iota
argon2i
argon2id
)
// Key derives a key from the password, salt, and cost parameters using Argon2i
// returning a byte slice of length keyLen that can be used as cryptographic
// key. The CPU cost and parallelism degree must be greater than zero.
//
// For example, you can get a derived key for e.g. AES-256 (which needs a
// 32-byte key) by doing:
//
// key := argon2.Key([]byte("some password"), salt, 3, 32*1024, 4, 32)
//
// The draft RFC recommends[2] time=3, and memory=32*1024 is a sensible number.
// If using that amount of memory (32 MB) is not possible in some contexts then
// the time parameter can be increased to compensate.
//
// The time parameter specifies the number of passes over the memory and the
// memory parameter specifies the size of the memory in KiB. For example
// memory=32*1024 sets the memory cost to ~32 MB. The number of threads can be
// adjusted to the number of available CPUs. The cost parameters should be
// increased as memory latency and CPU parallelism increases. Remember to get a
// good random salt.
func Key(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
return deriveKey(argon2i, password, salt, nil, nil, time, memory, threads, keyLen)
}
// IDKey derives a key from the password, salt, and cost parameters using
// Argon2id returning a byte slice of length keyLen that can be used as
// cryptographic key. The CPU cost and parallelism degree must be greater than
// zero.
//
// For example, you can get a derived key for e.g. AES-256 (which needs a
// 32-byte key) by doing:
//
// key := argon2.IDKey([]byte("some password"), salt, 1, 64*1024, 4, 32)
//
// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number.
// If using that amount of memory (64 MB) is not possible in some contexts then
// the time parameter can be increased to compensate.
//
// The time parameter specifies the number of passes over the memory and the
// memory parameter specifies the size of the memory in KiB. For example
// memory=64*1024 sets the memory cost to ~64 MB. The number of threads can be
// adjusted to the numbers of available CPUs. The cost parameters should be
// increased as memory latency and CPU parallelism increases. Remember to get a
// good random salt.
func IDKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
return deriveKey(argon2id, password, salt, nil, nil, time, memory, threads, keyLen)
}
func deriveKey(mode int, password, salt, secret, data []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
if time < 1 {
panic("argon2: number of rounds too small")
}
if threads < 1 {
panic("argon2: parallelism degree too low")
}
h0 := initHash(password, salt, secret, data, time, memory, uint32(threads), keyLen, mode)
memory = memory / (syncPoints * uint32(threads)) * (syncPoints * uint32(threads))
if memory < 2*syncPoints*uint32(threads) {
memory = 2 * syncPoints * uint32(threads)
}
B := initBlocks(&h0, memory, uint32(threads))
processBlocks(B, time, memory, uint32(threads), mode)
return extractKey(B, memory, uint32(threads), keyLen)
}
const (
blockLength = 128
syncPoints = 4
)
type block [blockLength]uint64
func initHash(password, salt, key, data []byte, time, memory, threads, keyLen uint32, mode int) [blake2b.Size + 8]byte {
var (
h0 [blake2b.Size + 8]byte
params [24]byte
tmp [4]byte
)
b2, _ := blake2b.New512(nil)
binary.LittleEndian.PutUint32(params[0:4], threads)
binary.LittleEndian.PutUint32(params[4:8], keyLen)
binary.LittleEndian.PutUint32(params[8:12], memory)
binary.LittleEndian.PutUint32(params[12:16], time)
binary.LittleEndian.PutUint32(params[16:20], uint32(Version))
binary.LittleEndian.PutUint32(params[20:24], uint32(mode))
b2.Write(params[:])
binary.LittleEndian.PutUint32(tmp[:], uint32(len(password)))
b2.Write(tmp[:])
b2.Write(password)
binary.LittleEndian.PutUint32(tmp[:], uint32(len(salt)))
b2.Write(tmp[:])
b2.Write(salt)
binary.LittleEndian.PutUint32(tmp[:], uint32(len(key)))
b2.Write(tmp[:])
b2.Write(key)
binary.LittleEndian.PutUint32(tmp[:], uint32(len(data)))
b2.Write(tmp[:])
b2.Write(data)
b2.Sum(h0[:0])
return h0
}
func initBlocks(h0 *[blake2b.Size + 8]byte, memory, threads uint32) []block {
var block0 [1024]byte
B := make([]block, memory)
for lane := uint32(0); lane < threads; lane++ {
j := lane * (memory / threads)
binary.LittleEndian.PutUint32(h0[blake2b.Size+4:], lane)
binary.LittleEndian.PutUint32(h0[blake2b.Size:], 0)
blake2bHash(block0[:], h0[:])
for i := range B[j+0] {
B[j+0][i] = binary.LittleEndian.Uint64(block0[i*8:])
}
binary.LittleEndian.PutUint32(h0[blake2b.Size:], 1)
blake2bHash(block0[:], h0[:])
for i := range B[j+1] {
B[j+1][i] = binary.LittleEndian.Uint64(block0[i*8:])
}
}
return B
}
func processBlocks(B []block, time, memory, threads uint32, mode int) {
lanes := memory / threads
segments := lanes / syncPoints
processSegment := func(n, slice, lane uint32, wg *sync.WaitGroup) {
var addresses, in, zero block
if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
in[0] = uint64(n)
in[1] = uint64(lane)
in[2] = uint64(slice)
in[3] = uint64(memory)
in[4] = uint64(time)
in[5] = uint64(mode)
}
index := uint32(0)
if n == 0 && slice == 0 {
index = 2 // we have already generated the first two blocks
if mode == argon2i || mode == argon2id {
in[6]++
processBlock(&addresses, &in, &zero)
processBlock(&addresses, &addresses, &zero)
}
}
offset := lane*lanes + slice*segments + index
var random uint64
for index < segments {
prev := offset - 1
if index == 0 && slice == 0 {
prev += lanes // last block in lane
}
if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
if index%blockLength == 0 {
in[6]++
processBlock(&addresses, &in, &zero)
processBlock(&addresses, &addresses, &zero)
}
random = addresses[index%blockLength]
} else {
random = B[prev][0]
}
newOffset := indexAlpha(random, lanes, segments, threads, n, slice, lane, index)
processBlockXOR(&B[offset], &B[prev], &B[newOffset])
index, offset = index+1, offset+1
}
wg.Done()
}
for n := uint32(0); n < time; n++ {
for slice := uint32(0); slice < syncPoints; slice++ {
var wg sync.WaitGroup
for lane := uint32(0); lane < threads; lane++ {
wg.Add(1)
go processSegment(n, slice, lane, &wg)
}
wg.Wait()
}
}
}
func extractKey(B []block, memory, threads, keyLen uint32) []byte {
lanes := memory / threads
for lane := uint32(0); lane < threads-1; lane++ {
for i, v := range B[(lane*lanes)+lanes-1] {
B[memory-1][i] ^= v
}
}
var block [1024]byte
for i, v := range B[memory-1] {
binary.LittleEndian.PutUint64(block[i*8:], v)
}
key := make([]byte, keyLen)
blake2bHash(key, block[:])
return key
}
func indexAlpha(rand uint64, lanes, segments, threads, n, slice, lane, index uint32) uint32 {
refLane := uint32(rand>>32) % threads
if n == 0 && slice == 0 {
refLane = lane
}
m, s := 3*segments, ((slice+1)%syncPoints)*segments
if lane == refLane {
m += index
}
if n == 0 {
m, s = slice*segments, 0
if slice == 0 || lane == refLane {
m += index
}
}
if index == 0 || lane == refLane {
m--
}
return phi(rand, uint64(m), uint64(s), refLane, lanes)
}
func phi(rand, m, s uint64, lane, lanes uint32) uint32 {
p := rand & 0xFFFFFFFF
p = (p * p) >> 32
p = (p * m) >> 32
return lane*lanes + uint32((s+m-(p+1))%uint64(lanes))
}

53
vendor/golang.org/x/crypto/argon2/blake2b.go generated vendored Normal file
View File

@ -0,0 +1,53 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package argon2
import (
"encoding/binary"
"hash"
"golang.org/x/crypto/blake2b"
)
// blake2bHash computes an arbitrary long hash value of in
// and writes the hash to out.
func blake2bHash(out []byte, in []byte) {
var b2 hash.Hash
if n := len(out); n < blake2b.Size {
b2, _ = blake2b.New(n, nil)
} else {
b2, _ = blake2b.New512(nil)
}
var buffer [blake2b.Size]byte
binary.LittleEndian.PutUint32(buffer[:4], uint32(len(out)))
b2.Write(buffer[:4])
b2.Write(in)
if len(out) <= blake2b.Size {
b2.Sum(out[:0])
return
}
outLen := len(out)
b2.Sum(buffer[:0])
b2.Reset()
copy(out, buffer[:32])
out = out[32:]
for len(out) > blake2b.Size {
b2.Write(buffer[:])
b2.Sum(buffer[:0])
copy(out, buffer[:32])
out = out[32:]
b2.Reset()
}
if outLen%blake2b.Size > 0 { // outLen > 64
r := ((outLen + 31) / 32) - 2 // ⌈τ /32⌉-2
b2, _ = blake2b.New(outLen-32*r, nil)
}
b2.Write(buffer[:])
b2.Sum(out[:0])
}

60
vendor/golang.org/x/crypto/argon2/blamka_amd64.go generated vendored Normal file
View File

@ -0,0 +1,60 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build amd64,!gccgo,!appengine
package argon2
import "golang.org/x/sys/cpu"
func init() {
useSSE4 = cpu.X86.HasSSE41
}
//go:noescape
func mixBlocksSSE2(out, a, b, c *block)
//go:noescape
func xorBlocksSSE2(out, a, b, c *block)
//go:noescape
func blamkaSSE4(b *block)
func processBlockSSE(out, in1, in2 *block, xor bool) {
var t block
mixBlocksSSE2(&t, in1, in2, &t)
if useSSE4 {
blamkaSSE4(&t)
} else {
for i := 0; i < blockLength; i += 16 {
blamkaGeneric(
&t[i+0], &t[i+1], &t[i+2], &t[i+3],
&t[i+4], &t[i+5], &t[i+6], &t[i+7],
&t[i+8], &t[i+9], &t[i+10], &t[i+11],
&t[i+12], &t[i+13], &t[i+14], &t[i+15],
)
}
for i := 0; i < blockLength/8; i += 2 {
blamkaGeneric(
&t[i], &t[i+1], &t[16+i], &t[16+i+1],
&t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
&t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
&t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
)
}
}
if xor {
xorBlocksSSE2(out, in1, in2, &t)
} else {
mixBlocksSSE2(out, in1, in2, &t)
}
}
func processBlock(out, in1, in2 *block) {
processBlockSSE(out, in1, in2, false)
}
func processBlockXOR(out, in1, in2 *block) {
processBlockSSE(out, in1, in2, true)
}

243
vendor/golang.org/x/crypto/argon2/blamka_amd64.s generated vendored Normal file
View File

@ -0,0 +1,243 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build amd64,!gccgo,!appengine
#include "textflag.h"
DATA ·c40<>+0x00(SB)/8, $0x0201000706050403
DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
GLOBL ·c40<>(SB), (NOPTR+RODATA), $16
DATA ·c48<>+0x00(SB)/8, $0x0100070605040302
DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
GLOBL ·c48<>(SB), (NOPTR+RODATA), $16
#define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \
MOVO v4, t1; \
MOVO v5, v4; \
MOVO t1, v5; \
MOVO v6, t1; \
PUNPCKLQDQ v6, t2; \
PUNPCKHQDQ v7, v6; \
PUNPCKHQDQ t2, v6; \
PUNPCKLQDQ v7, t2; \
MOVO t1, v7; \
MOVO v2, t1; \
PUNPCKHQDQ t2, v7; \
PUNPCKLQDQ v3, t2; \
PUNPCKHQDQ t2, v2; \
PUNPCKLQDQ t1, t2; \
PUNPCKHQDQ t2, v3
#define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \
MOVO v4, t1; \
MOVO v5, v4; \
MOVO t1, v5; \
MOVO v2, t1; \
PUNPCKLQDQ v2, t2; \
PUNPCKHQDQ v3, v2; \
PUNPCKHQDQ t2, v2; \
PUNPCKLQDQ v3, t2; \
MOVO t1, v3; \
MOVO v6, t1; \
PUNPCKHQDQ t2, v3; \
PUNPCKLQDQ v7, t2; \
PUNPCKHQDQ t2, v6; \
PUNPCKLQDQ t1, t2; \
PUNPCKHQDQ t2, v7
#define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, t0, c40, c48) \
MOVO v0, t0; \
PMULULQ v2, t0; \
PADDQ v2, v0; \
PADDQ t0, v0; \
PADDQ t0, v0; \
PXOR v0, v6; \
PSHUFD $0xB1, v6, v6; \
MOVO v4, t0; \
PMULULQ v6, t0; \
PADDQ v6, v4; \
PADDQ t0, v4; \
PADDQ t0, v4; \
PXOR v4, v2; \
PSHUFB c40, v2; \
MOVO v0, t0; \
PMULULQ v2, t0; \
PADDQ v2, v0; \
PADDQ t0, v0; \
PADDQ t0, v0; \
PXOR v0, v6; \
PSHUFB c48, v6; \
MOVO v4, t0; \
PMULULQ v6, t0; \
PADDQ v6, v4; \
PADDQ t0, v4; \
PADDQ t0, v4; \
PXOR v4, v2; \
MOVO v2, t0; \
PADDQ v2, t0; \
PSRLQ $63, v2; \
PXOR t0, v2; \
MOVO v1, t0; \
PMULULQ v3, t0; \
PADDQ v3, v1; \
PADDQ t0, v1; \
PADDQ t0, v1; \
PXOR v1, v7; \
PSHUFD $0xB1, v7, v7; \
MOVO v5, t0; \
PMULULQ v7, t0; \
PADDQ v7, v5; \
PADDQ t0, v5; \
PADDQ t0, v5; \
PXOR v5, v3; \
PSHUFB c40, v3; \
MOVO v1, t0; \
PMULULQ v3, t0; \
PADDQ v3, v1; \
PADDQ t0, v1; \
PADDQ t0, v1; \
PXOR v1, v7; \
PSHUFB c48, v7; \
MOVO v5, t0; \
PMULULQ v7, t0; \
PADDQ v7, v5; \
PADDQ t0, v5; \
PADDQ t0, v5; \
PXOR v5, v3; \
MOVO v3, t0; \
PADDQ v3, t0; \
PSRLQ $63, v3; \
PXOR t0, v3
#define LOAD_MSG_0(block, off) \
MOVOU 8*(off+0)(block), X0; \
MOVOU 8*(off+2)(block), X1; \
MOVOU 8*(off+4)(block), X2; \
MOVOU 8*(off+6)(block), X3; \
MOVOU 8*(off+8)(block), X4; \
MOVOU 8*(off+10)(block), X5; \
MOVOU 8*(off+12)(block), X6; \
MOVOU 8*(off+14)(block), X7
#define STORE_MSG_0(block, off) \
MOVOU X0, 8*(off+0)(block); \
MOVOU X1, 8*(off+2)(block); \
MOVOU X2, 8*(off+4)(block); \
MOVOU X3, 8*(off+6)(block); \
MOVOU X4, 8*(off+8)(block); \
MOVOU X5, 8*(off+10)(block); \
MOVOU X6, 8*(off+12)(block); \
MOVOU X7, 8*(off+14)(block)
#define LOAD_MSG_1(block, off) \
MOVOU 8*off+0*8(block), X0; \
MOVOU 8*off+16*8(block), X1; \
MOVOU 8*off+32*8(block), X2; \
MOVOU 8*off+48*8(block), X3; \
MOVOU 8*off+64*8(block), X4; \
MOVOU 8*off+80*8(block), X5; \
MOVOU 8*off+96*8(block), X6; \
MOVOU 8*off+112*8(block), X7
#define STORE_MSG_1(block, off) \
MOVOU X0, 8*off+0*8(block); \
MOVOU X1, 8*off+16*8(block); \
MOVOU X2, 8*off+32*8(block); \
MOVOU X3, 8*off+48*8(block); \
MOVOU X4, 8*off+64*8(block); \
MOVOU X5, 8*off+80*8(block); \
MOVOU X6, 8*off+96*8(block); \
MOVOU X7, 8*off+112*8(block)
#define BLAMKA_ROUND_0(block, off, t0, t1, c40, c48) \
LOAD_MSG_0(block, off); \
HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1); \
HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1); \
STORE_MSG_0(block, off)
#define BLAMKA_ROUND_1(block, off, t0, t1, c40, c48) \
LOAD_MSG_1(block, off); \
HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1); \
HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1); \
STORE_MSG_1(block, off)
// func blamkaSSE4(b *block)
TEXT ·blamkaSSE4(SB), 4, $0-8
MOVQ b+0(FP), AX
MOVOU ·c40<>(SB), X10
MOVOU ·c48<>(SB), X11
BLAMKA_ROUND_0(AX, 0, X8, X9, X10, X11)
BLAMKA_ROUND_0(AX, 16, X8, X9, X10, X11)
BLAMKA_ROUND_0(AX, 32, X8, X9, X10, X11)
BLAMKA_ROUND_0(AX, 48, X8, X9, X10, X11)
BLAMKA_ROUND_0(AX, 64, X8, X9, X10, X11)
BLAMKA_ROUND_0(AX, 80, X8, X9, X10, X11)
BLAMKA_ROUND_0(AX, 96, X8, X9, X10, X11)
BLAMKA_ROUND_0(AX, 112, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 0, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 2, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 4, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 6, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 8, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 10, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 12, X8, X9, X10, X11)
BLAMKA_ROUND_1(AX, 14, X8, X9, X10, X11)
RET
// func mixBlocksSSE2(out, a, b, c *block)
TEXT ·mixBlocksSSE2(SB), 4, $0-32
MOVQ out+0(FP), DX
MOVQ a+8(FP), AX
MOVQ b+16(FP), BX
MOVQ a+24(FP), CX
MOVQ $128, BP
loop:
MOVOU 0(AX), X0
MOVOU 0(BX), X1
MOVOU 0(CX), X2
PXOR X1, X0
PXOR X2, X0
MOVOU X0, 0(DX)
ADDQ $16, AX
ADDQ $16, BX
ADDQ $16, CX
ADDQ $16, DX
SUBQ $2, BP
JA loop
RET
// func xorBlocksSSE2(out, a, b, c *block)
TEXT ·xorBlocksSSE2(SB), 4, $0-32
MOVQ out+0(FP), DX
MOVQ a+8(FP), AX
MOVQ b+16(FP), BX
MOVQ a+24(FP), CX
MOVQ $128, BP
loop:
MOVOU 0(AX), X0
MOVOU 0(BX), X1
MOVOU 0(CX), X2
MOVOU 0(DX), X3
PXOR X1, X0
PXOR X2, X0
PXOR X3, X0
MOVOU X0, 0(DX)
ADDQ $16, AX
ADDQ $16, BX
ADDQ $16, CX
ADDQ $16, DX
SUBQ $2, BP
JA loop
RET

163
vendor/golang.org/x/crypto/argon2/blamka_generic.go generated vendored Normal file
View File

@ -0,0 +1,163 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package argon2
var useSSE4 bool
func processBlockGeneric(out, in1, in2 *block, xor bool) {
var t block
for i := range t {
t[i] = in1[i] ^ in2[i]
}
for i := 0; i < blockLength; i += 16 {
blamkaGeneric(
&t[i+0], &t[i+1], &t[i+2], &t[i+3],
&t[i+4], &t[i+5], &t[i+6], &t[i+7],
&t[i+8], &t[i+9], &t[i+10], &t[i+11],
&t[i+12], &t[i+13], &t[i+14], &t[i+15],
)
}
for i := 0; i < blockLength/8; i += 2 {
blamkaGeneric(
&t[i], &t[i+1], &t[16+i], &t[16+i+1],
&t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
&t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
&t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
)
}
if xor {
for i := range t {
out[i] ^= in1[i] ^ in2[i] ^ t[i]
}
} else {
for i := range t {
out[i] = in1[i] ^ in2[i] ^ t[i]
}
}
}
func blamkaGeneric(t00, t01, t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t12, t13, t14, t15 *uint64) {
v00, v01, v02, v03 := *t00, *t01, *t02, *t03
v04, v05, v06, v07 := *t04, *t05, *t06, *t07
v08, v09, v10, v11 := *t08, *t09, *t10, *t11
v12, v13, v14, v15 := *t12, *t13, *t14, *t15
v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
v12 ^= v00
v12 = v12>>32 | v12<<32
v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
v04 ^= v08
v04 = v04>>24 | v04<<40
v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
v12 ^= v00
v12 = v12>>16 | v12<<48
v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
v04 ^= v08
v04 = v04>>63 | v04<<1
v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
v13 ^= v01
v13 = v13>>32 | v13<<32
v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
v05 ^= v09
v05 = v05>>24 | v05<<40
v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
v13 ^= v01
v13 = v13>>16 | v13<<48
v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
v05 ^= v09
v05 = v05>>63 | v05<<1
v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
v14 ^= v02
v14 = v14>>32 | v14<<32
v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
v06 ^= v10
v06 = v06>>24 | v06<<40
v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
v14 ^= v02
v14 = v14>>16 | v14<<48
v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
v06 ^= v10
v06 = v06>>63 | v06<<1
v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
v15 ^= v03
v15 = v15>>32 | v15<<32
v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
v07 ^= v11
v07 = v07>>24 | v07<<40
v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
v15 ^= v03
v15 = v15>>16 | v15<<48
v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
v07 ^= v11
v07 = v07>>63 | v07<<1
v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
v15 ^= v00
v15 = v15>>32 | v15<<32
v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
v05 ^= v10
v05 = v05>>24 | v05<<40
v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
v15 ^= v00
v15 = v15>>16 | v15<<48
v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
v05 ^= v10
v05 = v05>>63 | v05<<1
v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
v12 ^= v01
v12 = v12>>32 | v12<<32
v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
v06 ^= v11
v06 = v06>>24 | v06<<40
v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
v12 ^= v01
v12 = v12>>16 | v12<<48
v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
v06 ^= v11
v06 = v06>>63 | v06<<1
v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
v13 ^= v02
v13 = v13>>32 | v13<<32
v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
v07 ^= v08
v07 = v07>>24 | v07<<40
v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
v13 ^= v02
v13 = v13>>16 | v13<<48
v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
v07 ^= v08
v07 = v07>>63 | v07<<1
v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
v14 ^= v03
v14 = v14>>32 | v14<<32
v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
v04 ^= v09
v04 = v04>>24 | v04<<40
v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
v14 ^= v03
v14 = v14>>16 | v14<<48
v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
v04 ^= v09
v04 = v04>>63 | v04<<1
*t00, *t01, *t02, *t03 = v00, v01, v02, v03
*t04, *t05, *t06, *t07 = v04, v05, v06, v07
*t08, *t09, *t10, *t11 = v08, v09, v10, v11
*t12, *t13, *t14, *t15 = v12, v13, v14, v15
}

15
vendor/golang.org/x/crypto/argon2/blamka_ref.go generated vendored Normal file
View File

@ -0,0 +1,15 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build !amd64 appengine gccgo
package argon2
func processBlock(out, in1, in2 *block) {
processBlockGeneric(out, in1, in2, false)
}
func processBlockXOR(out, in1, in2 *block) {
processBlockGeneric(out, in1, in2, true)
}

View File

@ -2,9 +2,11 @@ language: go
os:
- linux
go:
- 1.4
- 1.10
- tip
sudo: false
install:
- go get gopkg.in/hlandau/passlib.v1
- mkdir -p $HOME/gopath/src/gopkg.in/hlandau/
- ln -s $TRAVIS_BUILD_DIR $HOME/gopath/src/gopkg.in/hlandau/passlib.v1
- cd $HOME/gopath/src/gopkg.in/hlandau/passlib.v1
- go get

View File

@ -10,9 +10,19 @@ put into it, or with more support for obscure password formats.
This is a skeleton of a port of passlib to Go. It dogmatically adopts the
modular crypt format, which [passlib has excellent documentation for](https://pythonhosted.org/passlib/modular_crypt_format.html#modular-crypt-format).
Currently, it supports sha256-crypt, sha512-crypt, scrypt-sha256, bcrypt and
passlib's bcrypt-sha256 variant. By default, it will hash using scrypt-sha256
and verify existing hashes using any of these schemes.
Currently, it supports:
- sha256-crypt
- sha512-crypt
- scrypt-sha256
- bcrypt
- passlib's bcrypt-sha256 variant
- pbkdf2-sha1 (in passlib format)
- pbkdf2-sha256 (in passlib format)
- pbkdf2-sha512 (in passlib format)
By default, it will hash using scrypt-sha256 and verify existing hashes using
any of these schemes.
Example Usage
-------------
@ -81,11 +91,6 @@ Since scrypt does not have a pre-existing modular crypt format standard, I made
...where `N`, `r` and `p` are the respective difficulty parameters to scrypt as positive decimal integers without leading zeroes, and `salt` and `hash` are base64-encoded binary strings. Note that the RFC 4648 base64 encoding is used (not the one used by sha256-crypt and sha512-crypt).
TODO
----
- PBKDF2
Licence
-------
passlib is partially derived from Python's passlib and so maintains its BSD license.

141
vendor/gopkg.in/hlandau/passlib.v1/default.go generated vendored Normal file
View File

@ -0,0 +1,141 @@
package passlib
import (
"fmt"
"gopkg.in/hlandau/passlib.v1/abstract"
"gopkg.in/hlandau/passlib.v1/hash/argon2"
"gopkg.in/hlandau/passlib.v1/hash/bcrypt"
"gopkg.in/hlandau/passlib.v1/hash/bcryptsha256"
"gopkg.in/hlandau/passlib.v1/hash/pbkdf2"
"gopkg.in/hlandau/passlib.v1/hash/scrypt"
"gopkg.in/hlandau/passlib.v1/hash/sha2crypt"
"time"
)
// This is the first and default set of defaults used by passlib. It prefers
// scrypt-sha256. It is now obsolete.
const Defaults20160922 = "20160922"
// This is the most up-to-date set of defaults preferred by passlib. It prefers
// Argon2i. You must opt into it by calling UseDefaults at startup.
const Defaults20180601 = "20180601"
// This value, when passed to UseDefaults, causes passlib to always use the
// very latest set of defaults. DO NOT use this unless you are sure that
// opportunistic hash upgrades will not cause breakage for your application
// when future versions of passlib are released. See func UseDefaults.
const DefaultsLatest = "latest"
// Default schemes as of 2016-09-22.
var defaultSchemes20160922 = []abstract.Scheme{
scrypt.SHA256Crypter,
argon2.Crypter,
sha2crypt.Crypter512,
sha2crypt.Crypter256,
bcryptsha256.Crypter,
pbkdf2.SHA512Crypter,
pbkdf2.SHA256Crypter,
bcrypt.Crypter,
pbkdf2.SHA1Crypter,
}
// Default schemes as of 2018-06-01.
var defaultSchemes20180601 = []abstract.Scheme{
argon2.Crypter,
scrypt.SHA256Crypter,
sha2crypt.Crypter512,
sha2crypt.Crypter256,
bcryptsha256.Crypter,
pbkdf2.SHA512Crypter,
pbkdf2.SHA256Crypter,
bcrypt.Crypter,
pbkdf2.SHA1Crypter,
}
// The default schemes, most preferred first. The first scheme will be used to
// hash passwords, and any of the schemes may be used to verify existing
// passwords. The contents of this value may change with subsequent releases.
//
// If you want to change this, set DefaultSchemes to a slice to an
// abstract.Scheme array of your own construction, rather than mutating the
// array the slice points to.
//
// To see the default schemes used in the current release of passlib, see
// default.go. See also the UseDefaults function for more information on how
// the list of default schemes is determined. The default value of
// DefaultSchemes (the default defaults) won't change; you need to call
// UseDefaults to allow your application to upgrade to newer hashing schemes
// (or set DefaultSchemes manually, or create a custom context with its own
// schemes set).
var DefaultSchemes []abstract.Scheme
func init() {
DefaultSchemes = defaultSchemes20160922
}
// It is strongly recommended that you call this function like this before using passlib:
//
// passlib.UseDefaults("YYYYMMDD")
//
// where YYYYMMDD is a date. This will be used to select the preferred scheme
// to use. If you do not call UseDefaults, the preferred scheme (the first item
// in the default schemes list) current as of 2016-09-22 will always be used,
// meaning that upgrade will not occur even though better schemes are now
// available.
//
// Note that even if you don't call this function, new schemes will still be
// added to DefaultSchemes over time as non-initial values (items not at index
// 0), so servers will always, by default, be able to validate all schemes
// which passlib supports at any given time.
//
// The reason you must call this function is as follows: If passlib is deployed
// as part of a web application in a multi-server deployment, and passlib is
// updated, and the new version of that application with the updated passlib is
// deployed, that upgrade process is unlikely to be instantaneous. Old versions
// of the web application may continue to run on some servers. If merely
// upgrading passlib caused password hashes to be upgraded to the newer scheme
// on login, the older daemons may not be able to validate these passwords and
// users may have issues logging in. Although this can be ameliorated to some
// extent by introducing a new scheme to passlib, waiting some months, and only
// then making this the default, this could still cause issued if passlib is
// only updated very occasionally.
//
// Thus, you should update your call to UseDefaults only when all servers have
// been upgraded, and it is thus guaranteed that they will all be able to
// verify the new scheme. Making this value loadable from a configuration file
// is recommended.
//
// If you are using a single-server configuration, you can use the special
// value "latest" here (or, equivalently, a date far into the future), which
// will always use the most preferred scheme. This is hazardous in a
// multi-server environment.
//
// The constants beginning 'Defaults' in this package document dates
// which are meaningful to this function. The constant values they are equal to
// will never change, so there is no need to use them instead of string
// literals, although you may if you wish; they are intended mainly as
// documentation as to the significance of various dates.
//
// Example for opting in to the latest set of defaults:
//
// passlib.UseDefaults(passlib.Defaults20180601)
//
func UseDefaults(date string) error {
if date == "latest" {
DefaultSchemes = defaultSchemes20180601
return nil
}
t, err := time.ParseInLocation("20060102", date, time.UTC)
if err != nil {
return fmt.Errorf("invalid time string passed to passlib.UseDefaults: %q", date)
}
if !t.Before(time.Date(2016, 9, 22, 0, 0, 0, 0, time.UTC)) {
DefaultSchemes = defaultSchemes20180601
return nil
}
DefaultSchemes = defaultSchemes20160922
return nil
}

View File

@ -0,0 +1,115 @@
// Package argon2 implements the argon2 password hashing mechanism, wrapped in
// the argon2 encoded format.
package argon2
import (
"crypto/rand"
"encoding/base64"
"fmt"
"strings"
"golang.org/x/crypto/argon2"
"gopkg.in/hlandau/passlib.v1/abstract"
"gopkg.in/hlandau/passlib.v1/hash/argon2/raw"
)
// An implementation of Scheme performing argon2 hashing.
//
// Uses the recommended values for time, memory and threads defined in raw.
var Crypter abstract.Scheme
const saltLength = 16
func init() {
Crypter = New(
raw.RecommendedTime,
raw.RecommendedMemory,
raw.RecommendedThreads,
)
}
// Returns an implementation of Scheme implementing argon2
// with the specified parameters.
func New(time, memory uint32, threads uint8) abstract.Scheme {
return &scheme{
time: time,
memory: memory,
threads: threads,
}
}
type scheme struct {
time, memory uint32
threads uint8
}
func (c *scheme) SetParams(time, memory uint32, threads uint8) error {
c.time = time
c.memory = memory
c.threads = threads
return nil
}
func (c *scheme) SupportsStub(stub string) bool {
return strings.HasPrefix(stub, "$argon2i$")
}
func (c *scheme) Hash(password string) (string, error) {
stub, err := c.makeStub()
if err != nil {
return "", err
}
_, newHash, _, _, _, _, _, err := c.hash(password, stub)
return newHash, err
}
func (c *scheme) Verify(password, hash string) (err error) {
_, newHash, _, _, _, _, _, err := c.hash(password, hash)
if err == nil && !abstract.SecureCompare(hash, newHash) {
err = abstract.ErrInvalidPassword
}
return
}
func (c *scheme) NeedsUpdate(stub string) bool {
salt, _, version, time, memory, threads, err := raw.Parse(stub)
if err != nil {
return false // ...
}
return c.needsUpdate(salt, version, time, memory, threads)
}
func (c *scheme) needsUpdate(salt []byte, version int, time, memory uint32, threads uint8) bool {
return len(salt) < saltLength || version < argon2.Version || time < c.time || memory < c.memory || threads < c.threads
}
func (c *scheme) hash(password, stub string) (oldHashRaw []byte, newHash string, salt []byte, version int, memory, time uint32, threads uint8, err error) {
salt, oldHashRaw, version, time, memory, threads, err = raw.Parse(stub)
if err != nil {
return
}
return oldHashRaw, raw.Argon2(password, salt, time, memory, threads), salt, version, memory, time, threads, nil
}
func (c *scheme) makeStub() (string, error) {
buf := make([]byte, saltLength)
_, err := rand.Read(buf)
if err != nil {
return "", err
}
salt := base64.RawStdEncoding.EncodeToString(buf)
return fmt.Sprintf("$argon2i$v=%d$m=%d,t=%d,p=%d$%s$", argon2.Version, c.memory, c.time, c.threads, salt), nil
}
func (c *scheme) String() string {
return fmt.Sprintf("argon2(%d,%d,%d,%d)", argon2.Version, c.memory, c.time, c.threads)
}

View File

@ -0,0 +1,186 @@
// Package raw provides a raw implementation of the modular-crypt-wrapped Argon2i primitive.
package raw
import (
"encoding/base64"
"fmt"
"golang.org/x/crypto/argon2"
"strconv"
"strings"
)
// The current recommended time value for interactive logins.
const RecommendedTime uint32 = 4
// The current recommended memory for interactive logins.
const RecommendedMemory uint32 = 32 * 1024
// The current recommended number of threads for interactive logins.
const RecommendedThreads uint8 = 4
// Wrapper for golang.org/x/crypto/argon2 implementing a sensible
// hashing interface.
//
// password should be a UTF-8 plaintext password.
// salt should be a random salt value in binary form.
//
// Time, memory, and threads are parameters to argon2.
//
// Returns an argon2 encoded hash.
func Argon2(password string, salt []byte, time, memory uint32, threads uint8) string {
passwordb := []byte(password)
hash := argon2.Key(passwordb, salt, time, memory, threads, 32)
hstr := base64.RawStdEncoding.EncodeToString(hash)
sstr := base64.RawStdEncoding.EncodeToString(salt)
return fmt.Sprintf("$argon2i$v=%d$m=%d,t=%d,p=%d$%s$%s", argon2.Version, memory, time, threads, sstr, hstr)
}
// Indicates that a password hash or stub is invalid.
var ErrInvalidStub = fmt.Errorf("invalid argon2 password stub")
// Indicates that a key-value pair in the configuration part is malformed.
var ErrInvalidKeyValuePair = fmt.Errorf("invalid argon2 key-value pair")
// Indicates that the version part had the wrong number of parameters.
var ErrParseVersion = fmt.Errorf("version section has wrong number of parameters")
// Indicates that the hash config part had the wrong number of parameters.
var ErrParseConfig = fmt.Errorf("hash config section has wrong number of parameters")
// Indicates that the version parameter ("v") was missing in the version part,
// even though it is required.
var ErrMissingVersion = fmt.Errorf("version parameter (v) is missing")
// Indicates that the memory parameter ("m") was mossing in the hash config
// part, even though it is required.
var ErrMissingMemory = fmt.Errorf("memory parameter (m) is missing")
// Indicates that the time parameter ("t") was mossing in the hash config part,
// even though it is required.
var ErrMissingTime = fmt.Errorf("time parameter (t) is missing")
// Indicates that the parallelism parameter ("p") was mossing in the hash config
// part, even though it is required.
var ErrMissingParallelism = fmt.Errorf("parallelism parameter (p) is missing")
// Parses an argon2 encoded hash.
//
// The format is as follows:
//
// $argon2i$v=version$m=memory,t=time,p=threads$salt$hash // hash
// $argon2i$v=version$m=memory,t=time,p=threads$salt // stub
//
func Parse(stub string) (salt, hash []byte, version int, time, memory uint32, parallelism uint8, err error) {
if len(stub) < 26 || !strings.HasPrefix(stub, "$argon2i$") {
err = ErrInvalidStub
return
}
// $argon2i$ v=version$m=memory,t=time,p=threads$salt-base64$hash-base64
parts := strings.Split(stub[9:], "$")
// version-params$hash-config-params$salt[$hash]
if len(parts) < 3 || len(parts) > 4 {
err = ErrInvalidStub
return
}
// Parse the first configuration part, the version parameters.
versionParams, err := parseKeyValuePair(parts[0])
if err != nil {
return
}
// Must be exactly one parameter in the version part.
if len(versionParams) != 1 {
err = ErrParseVersion
return
}
// It must be "v".
val, ok := versionParams["v"]
if !ok {
err = ErrMissingVersion
return
}
version = int(val)
// Parse the second configuration part, the hash config parameters.
hashParams, err := parseKeyValuePair(parts[1])
if err != nil {
return
}
// It must have exactly three parameters.
if len(hashParams) != 3 {
err = ErrParseConfig
return
}
// Memory parameter.
val, ok = hashParams["m"]
if !ok {
err = ErrMissingMemory
return
}
memory = uint32(val)
// Time parameter.
val, ok = hashParams["t"]
if !ok {
err = ErrMissingTime
return
}
time = uint32(val)
// Parallelism parameter.
val, ok = hashParams["p"]
if !ok {
err = ErrMissingParallelism
return
}
parallelism = uint8(val)
// Decode salt.
salt, err = base64.RawStdEncoding.DecodeString(parts[2])
if err != nil {
return
}
// Decode hash if present.
if len(parts) >= 4 {
hash, err = base64.RawStdEncoding.DecodeString(parts[3])
}
return
}
func parseKeyValuePair(pairs string) (result map[string]uint64, err error) {
result = map[string]uint64{}
parameterParts := strings.Split(pairs, ",")
for _, parameter := range parameterParts {
parts := strings.SplitN(parameter, "=", 2)
if len(parts) != 2 {
err = ErrInvalidKeyValuePair
return
}
parsedi, err := strconv.ParseUint(parts[1], 10, 32)
if err != nil {
return result, err
}
result[parts[0]] = parsedi
}
return result, nil
}

View File

@ -0,0 +1,94 @@
// Package pbkdf2 implements a modular crypt format for PBKDF2-SHA1,
// PBKDF2-SHA256 and PBKDF-SHA512.
//
// The format is the same as that used by Python's passlib and is compatible.
package pbkdf2
import (
"crypto/rand"
"crypto/sha1"
"crypto/sha256"
"crypto/sha512"
"fmt"
"gopkg.in/hlandau/passlib.v1/abstract"
"gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw"
"hash"
"strings"
)
// An implementation of Scheme implementing a number of PBKDF2 modular crypt
// formats used by Python's passlib ($pbkdf2$, $pbkdf2-sha256$,
// $pbkdf2-sha512$).
//
// Uses RecommendedRounds.
//
// WARNING: SHA1 should not be used for new applications under any
// circumstances. It should be used for legacy compatibility only.
var SHA1Crypter abstract.Scheme
var SHA256Crypter abstract.Scheme
var SHA512Crypter abstract.Scheme
const (
RecommendedRoundsSHA1 = 131000
RecommendedRoundsSHA256 = 29000
RecommendedRoundsSHA512 = 25000
)
const SaltLength = 16
func init() {
SHA1Crypter = New("$pbkdf2$", sha1.New, RecommendedRoundsSHA1)
SHA256Crypter = New("$pbkdf2-sha256$", sha256.New, RecommendedRoundsSHA256)
SHA512Crypter = New("$pbkdf2-sha512$", sha512.New, RecommendedRoundsSHA512)
}
type scheme struct {
Ident string
HashFunc func() hash.Hash
Rounds int
}
func New(ident string, hf func() hash.Hash, rounds int) abstract.Scheme {
return &scheme{
Ident: ident,
HashFunc: hf,
Rounds: rounds,
}
}
func (s *scheme) Hash(password string) (string, error) {
salt := make([]byte, SaltLength)
_, err := rand.Read(salt)
if err != nil {
return "", err
}
hash := raw.Hash([]byte(password), salt, s.Rounds, s.HashFunc)
newHash := fmt.Sprintf("%s%d$%s$%s", s.Ident, s.Rounds, raw.Base64Encode(salt), hash)
return newHash, nil
}
func (s *scheme) Verify(password, stub string) (err error) {
_, rounds, salt, oldHash, err := raw.Parse(stub)
if err != nil {
return
}
newHash := raw.Hash([]byte(password), salt, rounds, s.HashFunc)
if len(newHash) == 0 || !abstract.SecureCompare(oldHash, newHash) {
err = abstract.ErrInvalidPassword
}
return
}
func (s *scheme) SupportsStub(stub string) bool {
return strings.HasPrefix(stub, s.Ident)
}
func (s *scheme) NeedsUpdate(stub string) bool {
_, rounds, salt, _, err := raw.Parse(stub)
return err == raw.ErrInvalidRounds || rounds < s.Rounds || len(salt) < SaltLength
}

View File

@ -0,0 +1,20 @@
package raw
import (
"encoding/base64"
"strings"
)
var b64 = base64.RawStdEncoding
func Base64Encode(src []byte) (dst string) {
dst = b64.EncodeToString(src)
dst = strings.Replace(dst, "+", ".", -1)
return
}
func Base64Decode(src string) (dst []byte, err error) {
src = strings.Replace(src, ".", "+", -1)
dst, err = b64.DecodeString(src)
return
}

View File

@ -0,0 +1,62 @@
package raw
import (
"crypto/sha1"
"crypto/sha256"
"crypto/sha512"
"fmt"
"hash"
"strconv"
"strings"
)
// Indicates that a password hash or stub is invalid.
var ErrInvalidStub = fmt.Errorf("invalid stub")
// Indicates that the number of rounds specified is not in the valid range.
var ErrInvalidRounds = fmt.Errorf("invalid number of rounds")
var hashMap = map[string]func() hash.Hash{
"pbkdf2": sha1.New,
"pbkdf2-sha256": sha256.New,
"pbkdf2-sha512": sha512.New,
}
func Parse(stub string) (hashFunc func() hash.Hash, rounds int, salt []byte, hash string, err error) {
// does not start with $pbkdf2
if !strings.HasPrefix(stub, "$pbkdf2") {
err = ErrInvalidStub
return
}
parts := strings.Split(stub, "$")
if f, ok := hashMap[parts[1]]; ok {
hashFunc = f
} else {
err = ErrInvalidStub
return
}
roundsStr := parts[2]
var n uint64
n, err = strconv.ParseUint(roundsStr, 10, 31)
if err != nil {
err = ErrInvalidStub
return
}
rounds = int(n)
if rounds < MinRounds || rounds > MaxRounds {
err = ErrInvalidRounds
return
}
salt, err = Base64Decode(parts[3])
if err != nil {
err = fmt.Errorf("could not decode base64 salt")
return
}
hash = parts[4]
return
}

View File

@ -0,0 +1,15 @@
package raw
import (
"golang.org/x/crypto/pbkdf2"
"hash"
)
const (
MinRounds = 1
MaxRounds = 0xffffffff // setting at 32-bit limit for now
)
func Hash(password, salt []byte, rounds int, hf func() hash.Hash) (hash string) {
return Base64Encode(pbkdf2.Key(password, salt, rounds, hf().Size(), hf))
}

30
vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/test.py generated vendored Normal file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env python3
import passlib.hash
import base64
def f(p):
h = passlib.hash.pbkdf2_sha256.hash(p)
print(' {"%s", "%s"},' % (p,h))
f('')
f('a')
f('ab')
f('abc')
f('abcd')
f('abcde')
f('abcdef')
f('abcdefg')
f('abcdefgh')
f('abcdefghi')
f('abcdefghij')
f('abcdefghijk')
f('abcdefghijkl')
f('abcdefghijklm')
f('abcdefghijklmn')
f('abcdefghijklmno')
f('abcdefghijklmnop')
f('qrstuvwxyz012345')
f('67890./')
f('ABCDEFGHIJKLMNOP')
f('QRSTUVWXYZ012345')
for i in range(70):
f(('password'*10)[0:i])

View File

@ -1,16 +1,24 @@
// Package passlib provides a simple password hashing and verification
// interface abstracting multiple password hashing schemes.
//
// Most people need concern themselves only with the functions Hash
// and Verify, which uses the default context and sensible defaults.
// After initialisation, most people need concern themselves only with the
// functions Hash and Verify, which uses the default context and sensible
// defaults.
//
// Library Initialization
//
// You should initialise the library before using it with the following line.
//
// // Call this at application startup.
// passlib.UseDefaults(passlib.Defaults20180601)
//
// See func UseDefaults for details.
package passlib // import "gopkg.in/hlandau/passlib.v1"
import "gopkg.in/hlandau/passlib.v1/abstract"
import "gopkg.in/hlandau/passlib.v1/hash/scrypt"
import "gopkg.in/hlandau/passlib.v1/hash/sha2crypt"
import "gopkg.in/hlandau/passlib.v1/hash/bcryptsha256"
import "gopkg.in/hlandau/passlib.v1/hash/bcrypt"
import "gopkg.in/hlandau/easymetric.v1/cexp"
import (
"gopkg.in/hlandau/easymetric.v1/cexp"
"gopkg.in/hlandau/passlib.v1/abstract"
)
var cHashCalls = cexp.NewCounter("passlib.ctx.hashCalls")
var cVerifyCalls = cexp.NewCounter("passlib.ctx.verifyCalls")
@ -19,17 +27,6 @@ var cFailedVerifyCalls = cexp.NewCounter("passlib.ctx.failedVerifyCalls")
var cSuccessfulVerifyCallsWithUpgrade = cexp.NewCounter("passlib.ctx.successfulVerifyCallsWithUpgrade")
var cSuccessfulVerifyCallsDeferringUpgrade = cexp.NewCounter("passlib.ctx.successfulVerifyCallsDeferringUpgrade")
// The default schemes, most preferred first. The first scheme will be used to
// hash passwords, and any of the schemes may be used to verify existing
// passwords. The contents of this value may change with subsequent releases.
var DefaultSchemes = []abstract.Scheme{
scrypt.SHA256Crypter,
sha2crypt.Crypter256,
sha2crypt.Crypter512,
bcryptsha256.Crypter,
bcrypt.Crypter,
}
// A password hashing context, that uses a given set of schemes to hash and
// verify passwords.
type Context struct {

9
vendor/modules.txt vendored
View File

@ -11,8 +11,6 @@ github.com/dchest/captcha
# github.com/dustin/go-humanize v0.0.0-20170228161531-259d2a102b87
## explicit
github.com/dustin/go-humanize
# github.com/hlandau/passlib v1.0.9
## explicit
# github.com/icza/session v0.0.0-20170217095304-81bce6267720
## explicit
github.com/icza/session
@ -49,6 +47,7 @@ github.com/tidwall/match
github.com/tidwall/rtree
# golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
## explicit
golang.org/x/crypto/argon2
golang.org/x/crypto/bcrypt
golang.org/x/crypto/blake2b
golang.org/x/crypto/blowfish
@ -63,12 +62,16 @@ gopkg.in/hlandau/easymetric.v1/cexp
# gopkg.in/hlandau/measurable.v1 v1.0.1
## explicit
gopkg.in/hlandau/measurable.v1
# gopkg.in/hlandau/passlib.v1 v1.0.9
# gopkg.in/hlandau/passlib.v1 v1.0.10
## explicit
gopkg.in/hlandau/passlib.v1
gopkg.in/hlandau/passlib.v1/abstract
gopkg.in/hlandau/passlib.v1/hash/argon2
gopkg.in/hlandau/passlib.v1/hash/argon2/raw
gopkg.in/hlandau/passlib.v1/hash/bcrypt
gopkg.in/hlandau/passlib.v1/hash/bcryptsha256
gopkg.in/hlandau/passlib.v1/hash/pbkdf2
gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw
gopkg.in/hlandau/passlib.v1/hash/scrypt
gopkg.in/hlandau/passlib.v1/hash/scrypt/raw
gopkg.in/hlandau/passlib.v1/hash/sha2crypt