From 35b2c4dd02a8abde02af2fbcc199aaaf26a741e4 Mon Sep 17 00:00:00 2001 From: Tim Schuster Date: Tue, 21 Apr 2020 06:44:57 +0200 Subject: [PATCH] remove unused dep in go.mod, addresses #4 --- go.mod | 3 +- go.sum | 2 + vendor/golang.org/x/crypto/argon2/argon2.go | 285 ++++++++++++++++++ vendor/golang.org/x/crypto/argon2/blake2b.go | 53 ++++ .../x/crypto/argon2/blamka_amd64.go | 60 ++++ .../golang.org/x/crypto/argon2/blamka_amd64.s | 243 +++++++++++++++ .../x/crypto/argon2/blamka_generic.go | 163 ++++++++++ .../golang.org/x/crypto/argon2/blamka_ref.go | 15 + .../gopkg.in/hlandau/passlib.v1/.travis.yml | 6 +- vendor/gopkg.in/hlandau/passlib.v1/README.md | 21 +- vendor/gopkg.in/hlandau/passlib.v1/default.go | 141 +++++++++ .../hlandau/passlib.v1/hash/argon2/argon2.go | 115 +++++++ .../passlib.v1/hash/argon2/raw/argon2.go | 186 ++++++++++++ .../hlandau/passlib.v1/hash/pbkdf2/pbkdf2.go | 94 ++++++ .../passlib.v1/hash/pbkdf2/raw/base64.go | 20 ++ .../passlib.v1/hash/pbkdf2/raw/parse.go | 62 ++++ .../passlib.v1/hash/pbkdf2/raw/pbkdf2.go | 15 + .../hlandau/passlib.v1/hash/pbkdf2/test.py | 30 ++ vendor/gopkg.in/hlandau/passlib.v1/passlib.go | 35 +-- vendor/modules.txt | 9 +- 20 files changed, 1524 insertions(+), 34 deletions(-) create mode 100644 vendor/golang.org/x/crypto/argon2/argon2.go create mode 100644 vendor/golang.org/x/crypto/argon2/blake2b.go create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_amd64.go create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_amd64.s create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_generic.go create mode 100644 vendor/golang.org/x/crypto/argon2/blamka_ref.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/default.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/argon2.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/raw/argon2.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/pbkdf2.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/base64.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/parse.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/pbkdf2.go create mode 100644 vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/test.py diff --git a/go.mod b/go.mod index b131ec8..61d7f31 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,6 @@ require ( github.com/daaku/go.zipexe v0.0.0-20150329023125-a5fe2436ffcb // indirect github.com/dchest/captcha v0.0.0-20150728125059-9e952142169c github.com/dustin/go-humanize v0.0.0-20170228161531-259d2a102b87 - github.com/hlandau/passlib v1.0.9 // indirect github.com/icza/session v0.0.0-20170217095304-81bce6267720 github.com/justinas/nosurf v0.0.0-20161004085251-8e1568277264 github.com/kardianos/osext v0.0.0-20170309185600-9d302b58e975 // indirect @@ -22,6 +21,6 @@ require ( golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect - gopkg.in/hlandau/passlib.v1 v1.0.9 + gopkg.in/hlandau/passlib.v1 v1.0.10 gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840 ) diff --git a/go.sum b/go.sum index bede2d9..e90d90c 100644 --- a/go.sum +++ b/go.sum @@ -45,5 +45,7 @@ gopkg.in/hlandau/measurable.v1 v1.0.1 h1:wH5UZKCRUnRr1iD+xIZfwhtxhmr+bprRJttqA1R gopkg.in/hlandau/measurable.v1 v1.0.1/go.mod h1:6N+SYJGMTmetsx7wskULP+juuO+++tsHJkAgzvzsbuM= gopkg.in/hlandau/passlib.v1 v1.0.9 h1:VfsIu2uKK6xsr9VHCtJtIgNuZ/RNUrIi67hxl8K/7Gg= gopkg.in/hlandau/passlib.v1 v1.0.9/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM= +gopkg.in/hlandau/passlib.v1 v1.0.10 h1:q5xh9ZHp907XTjVw8/EqG03//fnlITnIYQmv4Gn7TpE= +gopkg.in/hlandau/passlib.v1 v1.0.10/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM= gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840 h1:BftvRMCaj0KX6UeD7gnNJv0W8b4HAYTEWes978CoWlY= gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= diff --git a/vendor/golang.org/x/crypto/argon2/argon2.go b/vendor/golang.org/x/crypto/argon2/argon2.go new file mode 100644 index 0000000..b423fea --- /dev/null +++ b/vendor/golang.org/x/crypto/argon2/argon2.go @@ -0,0 +1,285 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package argon2 implements the key derivation function Argon2. +// Argon2 was selected as the winner of the Password Hashing Competition and can +// be used to derive cryptographic keys from passwords. +// +// For a detailed specification of Argon2 see [1]. +// +// If you aren't sure which function you need, use Argon2id (IDKey) and +// the parameter recommendations for your scenario. +// +// +// Argon2i +// +// Argon2i (implemented by Key) is the side-channel resistant version of Argon2. +// It uses data-independent memory access, which is preferred for password +// hashing and password-based key derivation. Argon2i requires more passes over +// memory than Argon2id to protect from trade-off attacks. The recommended +// parameters (taken from [2]) for non-interactive operations are time=3 and to +// use the maximum available memory. +// +// +// Argon2id +// +// Argon2id (implemented by IDKey) is a hybrid version of Argon2 combining +// Argon2i and Argon2d. It uses data-independent memory access for the first +// half of the first iteration over the memory and data-dependent memory access +// for the rest. Argon2id is side-channel resistant and provides better brute- +// force cost savings due to time-memory tradeoffs than Argon2i. The recommended +// parameters for non-interactive operations (taken from [2]) are time=1 and to +// use the maximum available memory. +// +// [1] https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf +// [2] https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.3 +package argon2 + +import ( + "encoding/binary" + "sync" + + "golang.org/x/crypto/blake2b" +) + +// The Argon2 version implemented by this package. +const Version = 0x13 + +const ( + argon2d = iota + argon2i + argon2id +) + +// Key derives a key from the password, salt, and cost parameters using Argon2i +// returning a byte slice of length keyLen that can be used as cryptographic +// key. The CPU cost and parallelism degree must be greater than zero. +// +// For example, you can get a derived key for e.g. AES-256 (which needs a +// 32-byte key) by doing: +// +// key := argon2.Key([]byte("some password"), salt, 3, 32*1024, 4, 32) +// +// The draft RFC recommends[2] time=3, and memory=32*1024 is a sensible number. +// If using that amount of memory (32 MB) is not possible in some contexts then +// the time parameter can be increased to compensate. +// +// The time parameter specifies the number of passes over the memory and the +// memory parameter specifies the size of the memory in KiB. For example +// memory=32*1024 sets the memory cost to ~32 MB. The number of threads can be +// adjusted to the number of available CPUs. The cost parameters should be +// increased as memory latency and CPU parallelism increases. Remember to get a +// good random salt. +func Key(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte { + return deriveKey(argon2i, password, salt, nil, nil, time, memory, threads, keyLen) +} + +// IDKey derives a key from the password, salt, and cost parameters using +// Argon2id returning a byte slice of length keyLen that can be used as +// cryptographic key. The CPU cost and parallelism degree must be greater than +// zero. +// +// For example, you can get a derived key for e.g. AES-256 (which needs a +// 32-byte key) by doing: +// +// key := argon2.IDKey([]byte("some password"), salt, 1, 64*1024, 4, 32) +// +// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number. +// If using that amount of memory (64 MB) is not possible in some contexts then +// the time parameter can be increased to compensate. +// +// The time parameter specifies the number of passes over the memory and the +// memory parameter specifies the size of the memory in KiB. For example +// memory=64*1024 sets the memory cost to ~64 MB. The number of threads can be +// adjusted to the numbers of available CPUs. The cost parameters should be +// increased as memory latency and CPU parallelism increases. Remember to get a +// good random salt. +func IDKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte { + return deriveKey(argon2id, password, salt, nil, nil, time, memory, threads, keyLen) +} + +func deriveKey(mode int, password, salt, secret, data []byte, time, memory uint32, threads uint8, keyLen uint32) []byte { + if time < 1 { + panic("argon2: number of rounds too small") + } + if threads < 1 { + panic("argon2: parallelism degree too low") + } + h0 := initHash(password, salt, secret, data, time, memory, uint32(threads), keyLen, mode) + + memory = memory / (syncPoints * uint32(threads)) * (syncPoints * uint32(threads)) + if memory < 2*syncPoints*uint32(threads) { + memory = 2 * syncPoints * uint32(threads) + } + B := initBlocks(&h0, memory, uint32(threads)) + processBlocks(B, time, memory, uint32(threads), mode) + return extractKey(B, memory, uint32(threads), keyLen) +} + +const ( + blockLength = 128 + syncPoints = 4 +) + +type block [blockLength]uint64 + +func initHash(password, salt, key, data []byte, time, memory, threads, keyLen uint32, mode int) [blake2b.Size + 8]byte { + var ( + h0 [blake2b.Size + 8]byte + params [24]byte + tmp [4]byte + ) + + b2, _ := blake2b.New512(nil) + binary.LittleEndian.PutUint32(params[0:4], threads) + binary.LittleEndian.PutUint32(params[4:8], keyLen) + binary.LittleEndian.PutUint32(params[8:12], memory) + binary.LittleEndian.PutUint32(params[12:16], time) + binary.LittleEndian.PutUint32(params[16:20], uint32(Version)) + binary.LittleEndian.PutUint32(params[20:24], uint32(mode)) + b2.Write(params[:]) + binary.LittleEndian.PutUint32(tmp[:], uint32(len(password))) + b2.Write(tmp[:]) + b2.Write(password) + binary.LittleEndian.PutUint32(tmp[:], uint32(len(salt))) + b2.Write(tmp[:]) + b2.Write(salt) + binary.LittleEndian.PutUint32(tmp[:], uint32(len(key))) + b2.Write(tmp[:]) + b2.Write(key) + binary.LittleEndian.PutUint32(tmp[:], uint32(len(data))) + b2.Write(tmp[:]) + b2.Write(data) + b2.Sum(h0[:0]) + return h0 +} + +func initBlocks(h0 *[blake2b.Size + 8]byte, memory, threads uint32) []block { + var block0 [1024]byte + B := make([]block, memory) + for lane := uint32(0); lane < threads; lane++ { + j := lane * (memory / threads) + binary.LittleEndian.PutUint32(h0[blake2b.Size+4:], lane) + + binary.LittleEndian.PutUint32(h0[blake2b.Size:], 0) + blake2bHash(block0[:], h0[:]) + for i := range B[j+0] { + B[j+0][i] = binary.LittleEndian.Uint64(block0[i*8:]) + } + + binary.LittleEndian.PutUint32(h0[blake2b.Size:], 1) + blake2bHash(block0[:], h0[:]) + for i := range B[j+1] { + B[j+1][i] = binary.LittleEndian.Uint64(block0[i*8:]) + } + } + return B +} + +func processBlocks(B []block, time, memory, threads uint32, mode int) { + lanes := memory / threads + segments := lanes / syncPoints + + processSegment := func(n, slice, lane uint32, wg *sync.WaitGroup) { + var addresses, in, zero block + if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) { + in[0] = uint64(n) + in[1] = uint64(lane) + in[2] = uint64(slice) + in[3] = uint64(memory) + in[4] = uint64(time) + in[5] = uint64(mode) + } + + index := uint32(0) + if n == 0 && slice == 0 { + index = 2 // we have already generated the first two blocks + if mode == argon2i || mode == argon2id { + in[6]++ + processBlock(&addresses, &in, &zero) + processBlock(&addresses, &addresses, &zero) + } + } + + offset := lane*lanes + slice*segments + index + var random uint64 + for index < segments { + prev := offset - 1 + if index == 0 && slice == 0 { + prev += lanes // last block in lane + } + if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) { + if index%blockLength == 0 { + in[6]++ + processBlock(&addresses, &in, &zero) + processBlock(&addresses, &addresses, &zero) + } + random = addresses[index%blockLength] + } else { + random = B[prev][0] + } + newOffset := indexAlpha(random, lanes, segments, threads, n, slice, lane, index) + processBlockXOR(&B[offset], &B[prev], &B[newOffset]) + index, offset = index+1, offset+1 + } + wg.Done() + } + + for n := uint32(0); n < time; n++ { + for slice := uint32(0); slice < syncPoints; slice++ { + var wg sync.WaitGroup + for lane := uint32(0); lane < threads; lane++ { + wg.Add(1) + go processSegment(n, slice, lane, &wg) + } + wg.Wait() + } + } + +} + +func extractKey(B []block, memory, threads, keyLen uint32) []byte { + lanes := memory / threads + for lane := uint32(0); lane < threads-1; lane++ { + for i, v := range B[(lane*lanes)+lanes-1] { + B[memory-1][i] ^= v + } + } + + var block [1024]byte + for i, v := range B[memory-1] { + binary.LittleEndian.PutUint64(block[i*8:], v) + } + key := make([]byte, keyLen) + blake2bHash(key, block[:]) + return key +} + +func indexAlpha(rand uint64, lanes, segments, threads, n, slice, lane, index uint32) uint32 { + refLane := uint32(rand>>32) % threads + if n == 0 && slice == 0 { + refLane = lane + } + m, s := 3*segments, ((slice+1)%syncPoints)*segments + if lane == refLane { + m += index + } + if n == 0 { + m, s = slice*segments, 0 + if slice == 0 || lane == refLane { + m += index + } + } + if index == 0 || lane == refLane { + m-- + } + return phi(rand, uint64(m), uint64(s), refLane, lanes) +} + +func phi(rand, m, s uint64, lane, lanes uint32) uint32 { + p := rand & 0xFFFFFFFF + p = (p * p) >> 32 + p = (p * m) >> 32 + return lane*lanes + uint32((s+m-(p+1))%uint64(lanes)) +} diff --git a/vendor/golang.org/x/crypto/argon2/blake2b.go b/vendor/golang.org/x/crypto/argon2/blake2b.go new file mode 100644 index 0000000..10f4694 --- /dev/null +++ b/vendor/golang.org/x/crypto/argon2/blake2b.go @@ -0,0 +1,53 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package argon2 + +import ( + "encoding/binary" + "hash" + + "golang.org/x/crypto/blake2b" +) + +// blake2bHash computes an arbitrary long hash value of in +// and writes the hash to out. +func blake2bHash(out []byte, in []byte) { + var b2 hash.Hash + if n := len(out); n < blake2b.Size { + b2, _ = blake2b.New(n, nil) + } else { + b2, _ = blake2b.New512(nil) + } + + var buffer [blake2b.Size]byte + binary.LittleEndian.PutUint32(buffer[:4], uint32(len(out))) + b2.Write(buffer[:4]) + b2.Write(in) + + if len(out) <= blake2b.Size { + b2.Sum(out[:0]) + return + } + + outLen := len(out) + b2.Sum(buffer[:0]) + b2.Reset() + copy(out, buffer[:32]) + out = out[32:] + for len(out) > blake2b.Size { + b2.Write(buffer[:]) + b2.Sum(buffer[:0]) + copy(out, buffer[:32]) + out = out[32:] + b2.Reset() + } + + if outLen%blake2b.Size > 0 { // outLen > 64 + r := ((outLen + 31) / 32) - 2 // ⌈τ /32⌉-2 + b2, _ = blake2b.New(outLen-32*r, nil) + } + b2.Write(buffer[:]) + b2.Sum(out[:0]) +} diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go new file mode 100644 index 0000000..2fc1ec0 --- /dev/null +++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go @@ -0,0 +1,60 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build amd64,!gccgo,!appengine + +package argon2 + +import "golang.org/x/sys/cpu" + +func init() { + useSSE4 = cpu.X86.HasSSE41 +} + +//go:noescape +func mixBlocksSSE2(out, a, b, c *block) + +//go:noescape +func xorBlocksSSE2(out, a, b, c *block) + +//go:noescape +func blamkaSSE4(b *block) + +func processBlockSSE(out, in1, in2 *block, xor bool) { + var t block + mixBlocksSSE2(&t, in1, in2, &t) + if useSSE4 { + blamkaSSE4(&t) + } else { + for i := 0; i < blockLength; i += 16 { + blamkaGeneric( + &t[i+0], &t[i+1], &t[i+2], &t[i+3], + &t[i+4], &t[i+5], &t[i+6], &t[i+7], + &t[i+8], &t[i+9], &t[i+10], &t[i+11], + &t[i+12], &t[i+13], &t[i+14], &t[i+15], + ) + } + for i := 0; i < blockLength/8; i += 2 { + blamkaGeneric( + &t[i], &t[i+1], &t[16+i], &t[16+i+1], + &t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1], + &t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1], + &t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1], + ) + } + } + if xor { + xorBlocksSSE2(out, in1, in2, &t) + } else { + mixBlocksSSE2(out, in1, in2, &t) + } +} + +func processBlock(out, in1, in2 *block) { + processBlockSSE(out, in1, in2, false) +} + +func processBlockXOR(out, in1, in2 *block) { + processBlockSSE(out, in1, in2, true) +} diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s new file mode 100644 index 0000000..74a6e73 --- /dev/null +++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s @@ -0,0 +1,243 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build amd64,!gccgo,!appengine + +#include "textflag.h" + +DATA ·c40<>+0x00(SB)/8, $0x0201000706050403 +DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b +GLOBL ·c40<>(SB), (NOPTR+RODATA), $16 + +DATA ·c48<>+0x00(SB)/8, $0x0100070605040302 +DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a +GLOBL ·c48<>(SB), (NOPTR+RODATA), $16 + +#define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \ + MOVO v4, t1; \ + MOVO v5, v4; \ + MOVO t1, v5; \ + MOVO v6, t1; \ + PUNPCKLQDQ v6, t2; \ + PUNPCKHQDQ v7, v6; \ + PUNPCKHQDQ t2, v6; \ + PUNPCKLQDQ v7, t2; \ + MOVO t1, v7; \ + MOVO v2, t1; \ + PUNPCKHQDQ t2, v7; \ + PUNPCKLQDQ v3, t2; \ + PUNPCKHQDQ t2, v2; \ + PUNPCKLQDQ t1, t2; \ + PUNPCKHQDQ t2, v3 + +#define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \ + MOVO v4, t1; \ + MOVO v5, v4; \ + MOVO t1, v5; \ + MOVO v2, t1; \ + PUNPCKLQDQ v2, t2; \ + PUNPCKHQDQ v3, v2; \ + PUNPCKHQDQ t2, v2; \ + PUNPCKLQDQ v3, t2; \ + MOVO t1, v3; \ + MOVO v6, t1; \ + PUNPCKHQDQ t2, v3; \ + PUNPCKLQDQ v7, t2; \ + PUNPCKHQDQ t2, v6; \ + PUNPCKLQDQ t1, t2; \ + PUNPCKHQDQ t2, v7 + +#define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, t0, c40, c48) \ + MOVO v0, t0; \ + PMULULQ v2, t0; \ + PADDQ v2, v0; \ + PADDQ t0, v0; \ + PADDQ t0, v0; \ + PXOR v0, v6; \ + PSHUFD $0xB1, v6, v6; \ + MOVO v4, t0; \ + PMULULQ v6, t0; \ + PADDQ v6, v4; \ + PADDQ t0, v4; \ + PADDQ t0, v4; \ + PXOR v4, v2; \ + PSHUFB c40, v2; \ + MOVO v0, t0; \ + PMULULQ v2, t0; \ + PADDQ v2, v0; \ + PADDQ t0, v0; \ + PADDQ t0, v0; \ + PXOR v0, v6; \ + PSHUFB c48, v6; \ + MOVO v4, t0; \ + PMULULQ v6, t0; \ + PADDQ v6, v4; \ + PADDQ t0, v4; \ + PADDQ t0, v4; \ + PXOR v4, v2; \ + MOVO v2, t0; \ + PADDQ v2, t0; \ + PSRLQ $63, v2; \ + PXOR t0, v2; \ + MOVO v1, t0; \ + PMULULQ v3, t0; \ + PADDQ v3, v1; \ + PADDQ t0, v1; \ + PADDQ t0, v1; \ + PXOR v1, v7; \ + PSHUFD $0xB1, v7, v7; \ + MOVO v5, t0; \ + PMULULQ v7, t0; \ + PADDQ v7, v5; \ + PADDQ t0, v5; \ + PADDQ t0, v5; \ + PXOR v5, v3; \ + PSHUFB c40, v3; \ + MOVO v1, t0; \ + PMULULQ v3, t0; \ + PADDQ v3, v1; \ + PADDQ t0, v1; \ + PADDQ t0, v1; \ + PXOR v1, v7; \ + PSHUFB c48, v7; \ + MOVO v5, t0; \ + PMULULQ v7, t0; \ + PADDQ v7, v5; \ + PADDQ t0, v5; \ + PADDQ t0, v5; \ + PXOR v5, v3; \ + MOVO v3, t0; \ + PADDQ v3, t0; \ + PSRLQ $63, v3; \ + PXOR t0, v3 + +#define LOAD_MSG_0(block, off) \ + MOVOU 8*(off+0)(block), X0; \ + MOVOU 8*(off+2)(block), X1; \ + MOVOU 8*(off+4)(block), X2; \ + MOVOU 8*(off+6)(block), X3; \ + MOVOU 8*(off+8)(block), X4; \ + MOVOU 8*(off+10)(block), X5; \ + MOVOU 8*(off+12)(block), X6; \ + MOVOU 8*(off+14)(block), X7 + +#define STORE_MSG_0(block, off) \ + MOVOU X0, 8*(off+0)(block); \ + MOVOU X1, 8*(off+2)(block); \ + MOVOU X2, 8*(off+4)(block); \ + MOVOU X3, 8*(off+6)(block); \ + MOVOU X4, 8*(off+8)(block); \ + MOVOU X5, 8*(off+10)(block); \ + MOVOU X6, 8*(off+12)(block); \ + MOVOU X7, 8*(off+14)(block) + +#define LOAD_MSG_1(block, off) \ + MOVOU 8*off+0*8(block), X0; \ + MOVOU 8*off+16*8(block), X1; \ + MOVOU 8*off+32*8(block), X2; \ + MOVOU 8*off+48*8(block), X3; \ + MOVOU 8*off+64*8(block), X4; \ + MOVOU 8*off+80*8(block), X5; \ + MOVOU 8*off+96*8(block), X6; \ + MOVOU 8*off+112*8(block), X7 + +#define STORE_MSG_1(block, off) \ + MOVOU X0, 8*off+0*8(block); \ + MOVOU X1, 8*off+16*8(block); \ + MOVOU X2, 8*off+32*8(block); \ + MOVOU X3, 8*off+48*8(block); \ + MOVOU X4, 8*off+64*8(block); \ + MOVOU X5, 8*off+80*8(block); \ + MOVOU X6, 8*off+96*8(block); \ + MOVOU X7, 8*off+112*8(block) + +#define BLAMKA_ROUND_0(block, off, t0, t1, c40, c48) \ + LOAD_MSG_0(block, off); \ + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \ + SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1); \ + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \ + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1); \ + STORE_MSG_0(block, off) + +#define BLAMKA_ROUND_1(block, off, t0, t1, c40, c48) \ + LOAD_MSG_1(block, off); \ + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \ + SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1); \ + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \ + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1); \ + STORE_MSG_1(block, off) + +// func blamkaSSE4(b *block) +TEXT ·blamkaSSE4(SB), 4, $0-8 + MOVQ b+0(FP), AX + + MOVOU ·c40<>(SB), X10 + MOVOU ·c48<>(SB), X11 + + BLAMKA_ROUND_0(AX, 0, X8, X9, X10, X11) + BLAMKA_ROUND_0(AX, 16, X8, X9, X10, X11) + BLAMKA_ROUND_0(AX, 32, X8, X9, X10, X11) + BLAMKA_ROUND_0(AX, 48, X8, X9, X10, X11) + BLAMKA_ROUND_0(AX, 64, X8, X9, X10, X11) + BLAMKA_ROUND_0(AX, 80, X8, X9, X10, X11) + BLAMKA_ROUND_0(AX, 96, X8, X9, X10, X11) + BLAMKA_ROUND_0(AX, 112, X8, X9, X10, X11) + + BLAMKA_ROUND_1(AX, 0, X8, X9, X10, X11) + BLAMKA_ROUND_1(AX, 2, X8, X9, X10, X11) + BLAMKA_ROUND_1(AX, 4, X8, X9, X10, X11) + BLAMKA_ROUND_1(AX, 6, X8, X9, X10, X11) + BLAMKA_ROUND_1(AX, 8, X8, X9, X10, X11) + BLAMKA_ROUND_1(AX, 10, X8, X9, X10, X11) + BLAMKA_ROUND_1(AX, 12, X8, X9, X10, X11) + BLAMKA_ROUND_1(AX, 14, X8, X9, X10, X11) + RET + +// func mixBlocksSSE2(out, a, b, c *block) +TEXT ·mixBlocksSSE2(SB), 4, $0-32 + MOVQ out+0(FP), DX + MOVQ a+8(FP), AX + MOVQ b+16(FP), BX + MOVQ a+24(FP), CX + MOVQ $128, BP + +loop: + MOVOU 0(AX), X0 + MOVOU 0(BX), X1 + MOVOU 0(CX), X2 + PXOR X1, X0 + PXOR X2, X0 + MOVOU X0, 0(DX) + ADDQ $16, AX + ADDQ $16, BX + ADDQ $16, CX + ADDQ $16, DX + SUBQ $2, BP + JA loop + RET + +// func xorBlocksSSE2(out, a, b, c *block) +TEXT ·xorBlocksSSE2(SB), 4, $0-32 + MOVQ out+0(FP), DX + MOVQ a+8(FP), AX + MOVQ b+16(FP), BX + MOVQ a+24(FP), CX + MOVQ $128, BP + +loop: + MOVOU 0(AX), X0 + MOVOU 0(BX), X1 + MOVOU 0(CX), X2 + MOVOU 0(DX), X3 + PXOR X1, X0 + PXOR X2, X0 + PXOR X3, X0 + MOVOU X0, 0(DX) + ADDQ $16, AX + ADDQ $16, BX + ADDQ $16, CX + ADDQ $16, DX + SUBQ $2, BP + JA loop + RET diff --git a/vendor/golang.org/x/crypto/argon2/blamka_generic.go b/vendor/golang.org/x/crypto/argon2/blamka_generic.go new file mode 100644 index 0000000..a481b22 --- /dev/null +++ b/vendor/golang.org/x/crypto/argon2/blamka_generic.go @@ -0,0 +1,163 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package argon2 + +var useSSE4 bool + +func processBlockGeneric(out, in1, in2 *block, xor bool) { + var t block + for i := range t { + t[i] = in1[i] ^ in2[i] + } + for i := 0; i < blockLength; i += 16 { + blamkaGeneric( + &t[i+0], &t[i+1], &t[i+2], &t[i+3], + &t[i+4], &t[i+5], &t[i+6], &t[i+7], + &t[i+8], &t[i+9], &t[i+10], &t[i+11], + &t[i+12], &t[i+13], &t[i+14], &t[i+15], + ) + } + for i := 0; i < blockLength/8; i += 2 { + blamkaGeneric( + &t[i], &t[i+1], &t[16+i], &t[16+i+1], + &t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1], + &t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1], + &t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1], + ) + } + if xor { + for i := range t { + out[i] ^= in1[i] ^ in2[i] ^ t[i] + } + } else { + for i := range t { + out[i] = in1[i] ^ in2[i] ^ t[i] + } + } +} + +func blamkaGeneric(t00, t01, t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t12, t13, t14, t15 *uint64) { + v00, v01, v02, v03 := *t00, *t01, *t02, *t03 + v04, v05, v06, v07 := *t04, *t05, *t06, *t07 + v08, v09, v10, v11 := *t08, *t09, *t10, *t11 + v12, v13, v14, v15 := *t12, *t13, *t14, *t15 + + v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04)) + v12 ^= v00 + v12 = v12>>32 | v12<<32 + v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12)) + v04 ^= v08 + v04 = v04>>24 | v04<<40 + + v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04)) + v12 ^= v00 + v12 = v12>>16 | v12<<48 + v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12)) + v04 ^= v08 + v04 = v04>>63 | v04<<1 + + v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05)) + v13 ^= v01 + v13 = v13>>32 | v13<<32 + v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13)) + v05 ^= v09 + v05 = v05>>24 | v05<<40 + + v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05)) + v13 ^= v01 + v13 = v13>>16 | v13<<48 + v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13)) + v05 ^= v09 + v05 = v05>>63 | v05<<1 + + v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06)) + v14 ^= v02 + v14 = v14>>32 | v14<<32 + v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14)) + v06 ^= v10 + v06 = v06>>24 | v06<<40 + + v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06)) + v14 ^= v02 + v14 = v14>>16 | v14<<48 + v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14)) + v06 ^= v10 + v06 = v06>>63 | v06<<1 + + v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07)) + v15 ^= v03 + v15 = v15>>32 | v15<<32 + v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15)) + v07 ^= v11 + v07 = v07>>24 | v07<<40 + + v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07)) + v15 ^= v03 + v15 = v15>>16 | v15<<48 + v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15)) + v07 ^= v11 + v07 = v07>>63 | v07<<1 + + v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05)) + v15 ^= v00 + v15 = v15>>32 | v15<<32 + v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15)) + v05 ^= v10 + v05 = v05>>24 | v05<<40 + + v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05)) + v15 ^= v00 + v15 = v15>>16 | v15<<48 + v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15)) + v05 ^= v10 + v05 = v05>>63 | v05<<1 + + v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06)) + v12 ^= v01 + v12 = v12>>32 | v12<<32 + v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12)) + v06 ^= v11 + v06 = v06>>24 | v06<<40 + + v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06)) + v12 ^= v01 + v12 = v12>>16 | v12<<48 + v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12)) + v06 ^= v11 + v06 = v06>>63 | v06<<1 + + v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07)) + v13 ^= v02 + v13 = v13>>32 | v13<<32 + v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13)) + v07 ^= v08 + v07 = v07>>24 | v07<<40 + + v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07)) + v13 ^= v02 + v13 = v13>>16 | v13<<48 + v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13)) + v07 ^= v08 + v07 = v07>>63 | v07<<1 + + v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04)) + v14 ^= v03 + v14 = v14>>32 | v14<<32 + v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14)) + v04 ^= v09 + v04 = v04>>24 | v04<<40 + + v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04)) + v14 ^= v03 + v14 = v14>>16 | v14<<48 + v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14)) + v04 ^= v09 + v04 = v04>>63 | v04<<1 + + *t00, *t01, *t02, *t03 = v00, v01, v02, v03 + *t04, *t05, *t06, *t07 = v04, v05, v06, v07 + *t08, *t09, *t10, *t11 = v08, v09, v10, v11 + *t12, *t13, *t14, *t15 = v12, v13, v14, v15 +} diff --git a/vendor/golang.org/x/crypto/argon2/blamka_ref.go b/vendor/golang.org/x/crypto/argon2/blamka_ref.go new file mode 100644 index 0000000..baf7b55 --- /dev/null +++ b/vendor/golang.org/x/crypto/argon2/blamka_ref.go @@ -0,0 +1,15 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !amd64 appengine gccgo + +package argon2 + +func processBlock(out, in1, in2 *block) { + processBlockGeneric(out, in1, in2, false) +} + +func processBlockXOR(out, in1, in2 *block) { + processBlockGeneric(out, in1, in2, true) +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/.travis.yml b/vendor/gopkg.in/hlandau/passlib.v1/.travis.yml index b87a857..f817ef3 100644 --- a/vendor/gopkg.in/hlandau/passlib.v1/.travis.yml +++ b/vendor/gopkg.in/hlandau/passlib.v1/.travis.yml @@ -2,9 +2,11 @@ language: go os: - linux go: - - 1.4 + - 1.10 - tip sudo: false install: - - go get gopkg.in/hlandau/passlib.v1 + - mkdir -p $HOME/gopath/src/gopkg.in/hlandau/ + - ln -s $TRAVIS_BUILD_DIR $HOME/gopath/src/gopkg.in/hlandau/passlib.v1 - cd $HOME/gopath/src/gopkg.in/hlandau/passlib.v1 + - go get diff --git a/vendor/gopkg.in/hlandau/passlib.v1/README.md b/vendor/gopkg.in/hlandau/passlib.v1/README.md index ba9b42c..ca79918 100644 --- a/vendor/gopkg.in/hlandau/passlib.v1/README.md +++ b/vendor/gopkg.in/hlandau/passlib.v1/README.md @@ -10,9 +10,19 @@ put into it, or with more support for obscure password formats. This is a skeleton of a port of passlib to Go. It dogmatically adopts the modular crypt format, which [passlib has excellent documentation for](https://pythonhosted.org/passlib/modular_crypt_format.html#modular-crypt-format). -Currently, it supports sha256-crypt, sha512-crypt, scrypt-sha256, bcrypt and -passlib's bcrypt-sha256 variant. By default, it will hash using scrypt-sha256 -and verify existing hashes using any of these schemes. +Currently, it supports: + + - sha256-crypt + - sha512-crypt + - scrypt-sha256 + - bcrypt + - passlib's bcrypt-sha256 variant + - pbkdf2-sha1 (in passlib format) + - pbkdf2-sha256 (in passlib format) + - pbkdf2-sha512 (in passlib format) + +By default, it will hash using scrypt-sha256 and verify existing hashes using +any of these schemes. Example Usage ------------- @@ -81,11 +91,6 @@ Since scrypt does not have a pre-existing modular crypt format standard, I made ...where `N`, `r` and `p` are the respective difficulty parameters to scrypt as positive decimal integers without leading zeroes, and `salt` and `hash` are base64-encoded binary strings. Note that the RFC 4648 base64 encoding is used (not the one used by sha256-crypt and sha512-crypt). -TODO ----- - - - PBKDF2 - Licence ------- passlib is partially derived from Python's passlib and so maintains its BSD license. diff --git a/vendor/gopkg.in/hlandau/passlib.v1/default.go b/vendor/gopkg.in/hlandau/passlib.v1/default.go new file mode 100644 index 0000000..d778584 --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/default.go @@ -0,0 +1,141 @@ +package passlib + +import ( + "fmt" + "gopkg.in/hlandau/passlib.v1/abstract" + "gopkg.in/hlandau/passlib.v1/hash/argon2" + "gopkg.in/hlandau/passlib.v1/hash/bcrypt" + "gopkg.in/hlandau/passlib.v1/hash/bcryptsha256" + "gopkg.in/hlandau/passlib.v1/hash/pbkdf2" + "gopkg.in/hlandau/passlib.v1/hash/scrypt" + "gopkg.in/hlandau/passlib.v1/hash/sha2crypt" + "time" +) + +// This is the first and default set of defaults used by passlib. It prefers +// scrypt-sha256. It is now obsolete. +const Defaults20160922 = "20160922" + +// This is the most up-to-date set of defaults preferred by passlib. It prefers +// Argon2i. You must opt into it by calling UseDefaults at startup. +const Defaults20180601 = "20180601" + +// This value, when passed to UseDefaults, causes passlib to always use the +// very latest set of defaults. DO NOT use this unless you are sure that +// opportunistic hash upgrades will not cause breakage for your application +// when future versions of passlib are released. See func UseDefaults. +const DefaultsLatest = "latest" + +// Default schemes as of 2016-09-22. +var defaultSchemes20160922 = []abstract.Scheme{ + scrypt.SHA256Crypter, + argon2.Crypter, + sha2crypt.Crypter512, + sha2crypt.Crypter256, + bcryptsha256.Crypter, + pbkdf2.SHA512Crypter, + pbkdf2.SHA256Crypter, + bcrypt.Crypter, + pbkdf2.SHA1Crypter, +} + +// Default schemes as of 2018-06-01. +var defaultSchemes20180601 = []abstract.Scheme{ + argon2.Crypter, + scrypt.SHA256Crypter, + sha2crypt.Crypter512, + sha2crypt.Crypter256, + bcryptsha256.Crypter, + pbkdf2.SHA512Crypter, + pbkdf2.SHA256Crypter, + bcrypt.Crypter, + pbkdf2.SHA1Crypter, +} + +// The default schemes, most preferred first. The first scheme will be used to +// hash passwords, and any of the schemes may be used to verify existing +// passwords. The contents of this value may change with subsequent releases. +// +// If you want to change this, set DefaultSchemes to a slice to an +// abstract.Scheme array of your own construction, rather than mutating the +// array the slice points to. +// +// To see the default schemes used in the current release of passlib, see +// default.go. See also the UseDefaults function for more information on how +// the list of default schemes is determined. The default value of +// DefaultSchemes (the default defaults) won't change; you need to call +// UseDefaults to allow your application to upgrade to newer hashing schemes +// (or set DefaultSchemes manually, or create a custom context with its own +// schemes set). +var DefaultSchemes []abstract.Scheme + +func init() { + DefaultSchemes = defaultSchemes20160922 +} + +// It is strongly recommended that you call this function like this before using passlib: +// +// passlib.UseDefaults("YYYYMMDD") +// +// where YYYYMMDD is a date. This will be used to select the preferred scheme +// to use. If you do not call UseDefaults, the preferred scheme (the first item +// in the default schemes list) current as of 2016-09-22 will always be used, +// meaning that upgrade will not occur even though better schemes are now +// available. +// +// Note that even if you don't call this function, new schemes will still be +// added to DefaultSchemes over time as non-initial values (items not at index +// 0), so servers will always, by default, be able to validate all schemes +// which passlib supports at any given time. +// +// The reason you must call this function is as follows: If passlib is deployed +// as part of a web application in a multi-server deployment, and passlib is +// updated, and the new version of that application with the updated passlib is +// deployed, that upgrade process is unlikely to be instantaneous. Old versions +// of the web application may continue to run on some servers. If merely +// upgrading passlib caused password hashes to be upgraded to the newer scheme +// on login, the older daemons may not be able to validate these passwords and +// users may have issues logging in. Although this can be ameliorated to some +// extent by introducing a new scheme to passlib, waiting some months, and only +// then making this the default, this could still cause issued if passlib is +// only updated very occasionally. +// +// Thus, you should update your call to UseDefaults only when all servers have +// been upgraded, and it is thus guaranteed that they will all be able to +// verify the new scheme. Making this value loadable from a configuration file +// is recommended. +// +// If you are using a single-server configuration, you can use the special +// value "latest" here (or, equivalently, a date far into the future), which +// will always use the most preferred scheme. This is hazardous in a +// multi-server environment. +// +// The constants beginning 'Defaults' in this package document dates +// which are meaningful to this function. The constant values they are equal to +// will never change, so there is no need to use them instead of string +// literals, although you may if you wish; they are intended mainly as +// documentation as to the significance of various dates. +// +// Example for opting in to the latest set of defaults: +// +// passlib.UseDefaults(passlib.Defaults20180601) +// +func UseDefaults(date string) error { + if date == "latest" { + DefaultSchemes = defaultSchemes20180601 + return nil + } + + t, err := time.ParseInLocation("20060102", date, time.UTC) + if err != nil { + return fmt.Errorf("invalid time string passed to passlib.UseDefaults: %q", date) + } + + if !t.Before(time.Date(2016, 9, 22, 0, 0, 0, 0, time.UTC)) { + DefaultSchemes = defaultSchemes20180601 + return nil + } + + DefaultSchemes = defaultSchemes20160922 + return nil +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/argon2.go b/vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/argon2.go new file mode 100644 index 0000000..63629ac --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/argon2.go @@ -0,0 +1,115 @@ +// Package argon2 implements the argon2 password hashing mechanism, wrapped in +// the argon2 encoded format. +package argon2 + +import ( + "crypto/rand" + "encoding/base64" + "fmt" + "strings" + + "golang.org/x/crypto/argon2" + "gopkg.in/hlandau/passlib.v1/abstract" + "gopkg.in/hlandau/passlib.v1/hash/argon2/raw" +) + +// An implementation of Scheme performing argon2 hashing. +// +// Uses the recommended values for time, memory and threads defined in raw. +var Crypter abstract.Scheme + +const saltLength = 16 + +func init() { + Crypter = New( + raw.RecommendedTime, + raw.RecommendedMemory, + raw.RecommendedThreads, + ) +} + +// Returns an implementation of Scheme implementing argon2 +// with the specified parameters. +func New(time, memory uint32, threads uint8) abstract.Scheme { + return &scheme{ + time: time, + memory: memory, + threads: threads, + } +} + +type scheme struct { + time, memory uint32 + threads uint8 +} + +func (c *scheme) SetParams(time, memory uint32, threads uint8) error { + c.time = time + c.memory = memory + c.threads = threads + return nil +} + +func (c *scheme) SupportsStub(stub string) bool { + return strings.HasPrefix(stub, "$argon2i$") +} + +func (c *scheme) Hash(password string) (string, error) { + + stub, err := c.makeStub() + if err != nil { + return "", err + } + + _, newHash, _, _, _, _, _, err := c.hash(password, stub) + return newHash, err +} + +func (c *scheme) Verify(password, hash string) (err error) { + + _, newHash, _, _, _, _, _, err := c.hash(password, hash) + if err == nil && !abstract.SecureCompare(hash, newHash) { + err = abstract.ErrInvalidPassword + } + + return +} + +func (c *scheme) NeedsUpdate(stub string) bool { + salt, _, version, time, memory, threads, err := raw.Parse(stub) + if err != nil { + return false // ... + } + + return c.needsUpdate(salt, version, time, memory, threads) +} + +func (c *scheme) needsUpdate(salt []byte, version int, time, memory uint32, threads uint8) bool { + return len(salt) < saltLength || version < argon2.Version || time < c.time || memory < c.memory || threads < c.threads +} + +func (c *scheme) hash(password, stub string) (oldHashRaw []byte, newHash string, salt []byte, version int, memory, time uint32, threads uint8, err error) { + + salt, oldHashRaw, version, time, memory, threads, err = raw.Parse(stub) + if err != nil { + return + } + + return oldHashRaw, raw.Argon2(password, salt, time, memory, threads), salt, version, memory, time, threads, nil +} + +func (c *scheme) makeStub() (string, error) { + buf := make([]byte, saltLength) + _, err := rand.Read(buf) + if err != nil { + return "", err + } + + salt := base64.RawStdEncoding.EncodeToString(buf) + + return fmt.Sprintf("$argon2i$v=%d$m=%d,t=%d,p=%d$%s$", argon2.Version, c.memory, c.time, c.threads, salt), nil +} + +func (c *scheme) String() string { + return fmt.Sprintf("argon2(%d,%d,%d,%d)", argon2.Version, c.memory, c.time, c.threads) +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/raw/argon2.go b/vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/raw/argon2.go new file mode 100644 index 0000000..47a8dde --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/argon2/raw/argon2.go @@ -0,0 +1,186 @@ +// Package raw provides a raw implementation of the modular-crypt-wrapped Argon2i primitive. +package raw + +import ( + "encoding/base64" + "fmt" + "golang.org/x/crypto/argon2" + "strconv" + "strings" +) + +// The current recommended time value for interactive logins. +const RecommendedTime uint32 = 4 + +// The current recommended memory for interactive logins. +const RecommendedMemory uint32 = 32 * 1024 + +// The current recommended number of threads for interactive logins. +const RecommendedThreads uint8 = 4 + +// Wrapper for golang.org/x/crypto/argon2 implementing a sensible +// hashing interface. +// +// password should be a UTF-8 plaintext password. +// salt should be a random salt value in binary form. +// +// Time, memory, and threads are parameters to argon2. +// +// Returns an argon2 encoded hash. +func Argon2(password string, salt []byte, time, memory uint32, threads uint8) string { + passwordb := []byte(password) + + hash := argon2.Key(passwordb, salt, time, memory, threads, 32) + + hstr := base64.RawStdEncoding.EncodeToString(hash) + sstr := base64.RawStdEncoding.EncodeToString(salt) + + return fmt.Sprintf("$argon2i$v=%d$m=%d,t=%d,p=%d$%s$%s", argon2.Version, memory, time, threads, sstr, hstr) +} + +// Indicates that a password hash or stub is invalid. +var ErrInvalidStub = fmt.Errorf("invalid argon2 password stub") + +// Indicates that a key-value pair in the configuration part is malformed. +var ErrInvalidKeyValuePair = fmt.Errorf("invalid argon2 key-value pair") + +// Indicates that the version part had the wrong number of parameters. +var ErrParseVersion = fmt.Errorf("version section has wrong number of parameters") + +// Indicates that the hash config part had the wrong number of parameters. +var ErrParseConfig = fmt.Errorf("hash config section has wrong number of parameters") + +// Indicates that the version parameter ("v") was missing in the version part, +// even though it is required. +var ErrMissingVersion = fmt.Errorf("version parameter (v) is missing") + +// Indicates that the memory parameter ("m") was mossing in the hash config +// part, even though it is required. +var ErrMissingMemory = fmt.Errorf("memory parameter (m) is missing") + +// Indicates that the time parameter ("t") was mossing in the hash config part, +// even though it is required. +var ErrMissingTime = fmt.Errorf("time parameter (t) is missing") + +// Indicates that the parallelism parameter ("p") was mossing in the hash config +// part, even though it is required. +var ErrMissingParallelism = fmt.Errorf("parallelism parameter (p) is missing") + +// Parses an argon2 encoded hash. +// +// The format is as follows: +// +// $argon2i$v=version$m=memory,t=time,p=threads$salt$hash // hash +// $argon2i$v=version$m=memory,t=time,p=threads$salt // stub +// +func Parse(stub string) (salt, hash []byte, version int, time, memory uint32, parallelism uint8, err error) { + if len(stub) < 26 || !strings.HasPrefix(stub, "$argon2i$") { + err = ErrInvalidStub + return + } + + // $argon2i$ v=version$m=memory,t=time,p=threads$salt-base64$hash-base64 + parts := strings.Split(stub[9:], "$") + + // version-params$hash-config-params$salt[$hash] + if len(parts) < 3 || len(parts) > 4 { + err = ErrInvalidStub + return + } + + // Parse the first configuration part, the version parameters. + versionParams, err := parseKeyValuePair(parts[0]) + if err != nil { + return + } + + // Must be exactly one parameter in the version part. + if len(versionParams) != 1 { + err = ErrParseVersion + return + } + + // It must be "v". + val, ok := versionParams["v"] + if !ok { + err = ErrMissingVersion + return + } + + version = int(val) + + // Parse the second configuration part, the hash config parameters. + hashParams, err := parseKeyValuePair(parts[1]) + if err != nil { + return + } + + // It must have exactly three parameters. + if len(hashParams) != 3 { + err = ErrParseConfig + return + } + + // Memory parameter. + val, ok = hashParams["m"] + if !ok { + err = ErrMissingMemory + return + } + + memory = uint32(val) + + // Time parameter. + val, ok = hashParams["t"] + if !ok { + err = ErrMissingTime + return + } + + time = uint32(val) + + // Parallelism parameter. + val, ok = hashParams["p"] + if !ok { + err = ErrMissingParallelism + return + } + + parallelism = uint8(val) + + // Decode salt. + salt, err = base64.RawStdEncoding.DecodeString(parts[2]) + if err != nil { + return + } + + // Decode hash if present. + if len(parts) >= 4 { + hash, err = base64.RawStdEncoding.DecodeString(parts[3]) + } + + return +} + +func parseKeyValuePair(pairs string) (result map[string]uint64, err error) { + result = map[string]uint64{} + + parameterParts := strings.Split(pairs, ",") + + for _, parameter := range parameterParts { + parts := strings.SplitN(parameter, "=", 2) + if len(parts) != 2 { + err = ErrInvalidKeyValuePair + return + } + + parsedi, err := strconv.ParseUint(parts[1], 10, 32) + if err != nil { + return result, err + } + + result[parts[0]] = parsedi + } + + return result, nil +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/pbkdf2.go b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/pbkdf2.go new file mode 100644 index 0000000..8037bb1 --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/pbkdf2.go @@ -0,0 +1,94 @@ +// Package pbkdf2 implements a modular crypt format for PBKDF2-SHA1, +// PBKDF2-SHA256 and PBKDF-SHA512. +// +// The format is the same as that used by Python's passlib and is compatible. +package pbkdf2 + +import ( + "crypto/rand" + "crypto/sha1" + "crypto/sha256" + "crypto/sha512" + "fmt" + "gopkg.in/hlandau/passlib.v1/abstract" + "gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw" + "hash" + "strings" +) + +// An implementation of Scheme implementing a number of PBKDF2 modular crypt +// formats used by Python's passlib ($pbkdf2$, $pbkdf2-sha256$, +// $pbkdf2-sha512$). +// +// Uses RecommendedRounds. +// +// WARNING: SHA1 should not be used for new applications under any +// circumstances. It should be used for legacy compatibility only. +var SHA1Crypter abstract.Scheme +var SHA256Crypter abstract.Scheme +var SHA512Crypter abstract.Scheme + +const ( + RecommendedRoundsSHA1 = 131000 + RecommendedRoundsSHA256 = 29000 + RecommendedRoundsSHA512 = 25000 +) + +const SaltLength = 16 + +func init() { + SHA1Crypter = New("$pbkdf2$", sha1.New, RecommendedRoundsSHA1) + SHA256Crypter = New("$pbkdf2-sha256$", sha256.New, RecommendedRoundsSHA256) + SHA512Crypter = New("$pbkdf2-sha512$", sha512.New, RecommendedRoundsSHA512) +} + +type scheme struct { + Ident string + HashFunc func() hash.Hash + Rounds int +} + +func New(ident string, hf func() hash.Hash, rounds int) abstract.Scheme { + return &scheme{ + Ident: ident, + HashFunc: hf, + Rounds: rounds, + } +} + +func (s *scheme) Hash(password string) (string, error) { + salt := make([]byte, SaltLength) + _, err := rand.Read(salt) + if err != nil { + return "", err + } + + hash := raw.Hash([]byte(password), salt, s.Rounds, s.HashFunc) + + newHash := fmt.Sprintf("%s%d$%s$%s", s.Ident, s.Rounds, raw.Base64Encode(salt), hash) + return newHash, nil +} + +func (s *scheme) Verify(password, stub string) (err error) { + _, rounds, salt, oldHash, err := raw.Parse(stub) + if err != nil { + return + } + + newHash := raw.Hash([]byte(password), salt, rounds, s.HashFunc) + + if len(newHash) == 0 || !abstract.SecureCompare(oldHash, newHash) { + err = abstract.ErrInvalidPassword + } + + return +} + +func (s *scheme) SupportsStub(stub string) bool { + return strings.HasPrefix(stub, s.Ident) +} + +func (s *scheme) NeedsUpdate(stub string) bool { + _, rounds, salt, _, err := raw.Parse(stub) + return err == raw.ErrInvalidRounds || rounds < s.Rounds || len(salt) < SaltLength +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/base64.go b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/base64.go new file mode 100644 index 0000000..ad57957 --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/base64.go @@ -0,0 +1,20 @@ +package raw + +import ( + "encoding/base64" + "strings" +) + +var b64 = base64.RawStdEncoding + +func Base64Encode(src []byte) (dst string) { + dst = b64.EncodeToString(src) + dst = strings.Replace(dst, "+", ".", -1) + return +} + +func Base64Decode(src string) (dst []byte, err error) { + src = strings.Replace(src, ".", "+", -1) + dst, err = b64.DecodeString(src) + return +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/parse.go b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/parse.go new file mode 100644 index 0000000..54f7108 --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/parse.go @@ -0,0 +1,62 @@ +package raw + +import ( + "crypto/sha1" + "crypto/sha256" + "crypto/sha512" + "fmt" + "hash" + "strconv" + "strings" +) + +// Indicates that a password hash or stub is invalid. +var ErrInvalidStub = fmt.Errorf("invalid stub") + +// Indicates that the number of rounds specified is not in the valid range. +var ErrInvalidRounds = fmt.Errorf("invalid number of rounds") + +var hashMap = map[string]func() hash.Hash{ + "pbkdf2": sha1.New, + "pbkdf2-sha256": sha256.New, + "pbkdf2-sha512": sha512.New, +} + +func Parse(stub string) (hashFunc func() hash.Hash, rounds int, salt []byte, hash string, err error) { + // does not start with $pbkdf2 + if !strings.HasPrefix(stub, "$pbkdf2") { + err = ErrInvalidStub + return + } + + parts := strings.Split(stub, "$") + if f, ok := hashMap[parts[1]]; ok { + hashFunc = f + } else { + err = ErrInvalidStub + return + } + + roundsStr := parts[2] + var n uint64 + n, err = strconv.ParseUint(roundsStr, 10, 31) + if err != nil { + err = ErrInvalidStub + return + } + rounds = int(n) + + if rounds < MinRounds || rounds > MaxRounds { + err = ErrInvalidRounds + return + } + + salt, err = Base64Decode(parts[3]) + if err != nil { + err = fmt.Errorf("could not decode base64 salt") + return + } + hash = parts[4] + + return +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/pbkdf2.go b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/pbkdf2.go new file mode 100644 index 0000000..5b3299f --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/pbkdf2.go @@ -0,0 +1,15 @@ +package raw + +import ( + "golang.org/x/crypto/pbkdf2" + "hash" +) + +const ( + MinRounds = 1 + MaxRounds = 0xffffffff // setting at 32-bit limit for now +) + +func Hash(password, salt []byte, rounds int, hf func() hash.Hash) (hash string) { + return Base64Encode(pbkdf2.Key(password, salt, rounds, hf().Size(), hf)) +} diff --git a/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/test.py b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/test.py new file mode 100644 index 0000000..f851848 --- /dev/null +++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/test.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python3 +import passlib.hash +import base64 +def f(p): + h = passlib.hash.pbkdf2_sha256.hash(p) + print(' {"%s", "%s"},' % (p,h)) + +f('') +f('a') +f('ab') +f('abc') +f('abcd') +f('abcde') +f('abcdef') +f('abcdefg') +f('abcdefgh') +f('abcdefghi') +f('abcdefghij') +f('abcdefghijk') +f('abcdefghijkl') +f('abcdefghijklm') +f('abcdefghijklmn') +f('abcdefghijklmno') +f('abcdefghijklmnop') +f('qrstuvwxyz012345') +f('67890./') +f('ABCDEFGHIJKLMNOP') +f('QRSTUVWXYZ012345') +for i in range(70): + f(('password'*10)[0:i]) diff --git a/vendor/gopkg.in/hlandau/passlib.v1/passlib.go b/vendor/gopkg.in/hlandau/passlib.v1/passlib.go index 889ec79..0d13c75 100644 --- a/vendor/gopkg.in/hlandau/passlib.v1/passlib.go +++ b/vendor/gopkg.in/hlandau/passlib.v1/passlib.go @@ -1,16 +1,24 @@ // Package passlib provides a simple password hashing and verification // interface abstracting multiple password hashing schemes. // -// Most people need concern themselves only with the functions Hash -// and Verify, which uses the default context and sensible defaults. +// After initialisation, most people need concern themselves only with the +// functions Hash and Verify, which uses the default context and sensible +// defaults. +// +// Library Initialization +// +// You should initialise the library before using it with the following line. +// +// // Call this at application startup. +// passlib.UseDefaults(passlib.Defaults20180601) +// +// See func UseDefaults for details. package passlib // import "gopkg.in/hlandau/passlib.v1" -import "gopkg.in/hlandau/passlib.v1/abstract" -import "gopkg.in/hlandau/passlib.v1/hash/scrypt" -import "gopkg.in/hlandau/passlib.v1/hash/sha2crypt" -import "gopkg.in/hlandau/passlib.v1/hash/bcryptsha256" -import "gopkg.in/hlandau/passlib.v1/hash/bcrypt" -import "gopkg.in/hlandau/easymetric.v1/cexp" +import ( + "gopkg.in/hlandau/easymetric.v1/cexp" + "gopkg.in/hlandau/passlib.v1/abstract" +) var cHashCalls = cexp.NewCounter("passlib.ctx.hashCalls") var cVerifyCalls = cexp.NewCounter("passlib.ctx.verifyCalls") @@ -19,17 +27,6 @@ var cFailedVerifyCalls = cexp.NewCounter("passlib.ctx.failedVerifyCalls") var cSuccessfulVerifyCallsWithUpgrade = cexp.NewCounter("passlib.ctx.successfulVerifyCallsWithUpgrade") var cSuccessfulVerifyCallsDeferringUpgrade = cexp.NewCounter("passlib.ctx.successfulVerifyCallsDeferringUpgrade") -// The default schemes, most preferred first. The first scheme will be used to -// hash passwords, and any of the schemes may be used to verify existing -// passwords. The contents of this value may change with subsequent releases. -var DefaultSchemes = []abstract.Scheme{ - scrypt.SHA256Crypter, - sha2crypt.Crypter256, - sha2crypt.Crypter512, - bcryptsha256.Crypter, - bcrypt.Crypter, -} - // A password hashing context, that uses a given set of schemes to hash and // verify passwords. type Context struct { diff --git a/vendor/modules.txt b/vendor/modules.txt index 16fa431..4e23698 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -11,8 +11,6 @@ github.com/dchest/captcha # github.com/dustin/go-humanize v0.0.0-20170228161531-259d2a102b87 ## explicit github.com/dustin/go-humanize -# github.com/hlandau/passlib v1.0.9 -## explicit # github.com/icza/session v0.0.0-20170217095304-81bce6267720 ## explicit github.com/icza/session @@ -49,6 +47,7 @@ github.com/tidwall/match github.com/tidwall/rtree # golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 ## explicit +golang.org/x/crypto/argon2 golang.org/x/crypto/bcrypt golang.org/x/crypto/blake2b golang.org/x/crypto/blowfish @@ -63,12 +62,16 @@ gopkg.in/hlandau/easymetric.v1/cexp # gopkg.in/hlandau/measurable.v1 v1.0.1 ## explicit gopkg.in/hlandau/measurable.v1 -# gopkg.in/hlandau/passlib.v1 v1.0.9 +# gopkg.in/hlandau/passlib.v1 v1.0.10 ## explicit gopkg.in/hlandau/passlib.v1 gopkg.in/hlandau/passlib.v1/abstract +gopkg.in/hlandau/passlib.v1/hash/argon2 +gopkg.in/hlandau/passlib.v1/hash/argon2/raw gopkg.in/hlandau/passlib.v1/hash/bcrypt gopkg.in/hlandau/passlib.v1/hash/bcryptsha256 +gopkg.in/hlandau/passlib.v1/hash/pbkdf2 +gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw gopkg.in/hlandau/passlib.v1/hash/scrypt gopkg.in/hlandau/passlib.v1/hash/scrypt/raw gopkg.in/hlandau/passlib.v1/hash/sha2crypt