MVP, no mod tools or anything but it works

2025-09-13 12:04:13 +00:00 · 2017-03-12 20:37:53 +01:00
parent 70b12c516a
commit 69b0d20825
186 changed files with 44200 additions and 0 deletions
--- a/vendor/gopkg.in/hlandau/passlib.v1/hash/scrypt/raw/scrypt.go
+++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/scrypt/raw/scrypt.go
@@ -0,0 +1,95 @@
+// Package raw provides a raw implementation of the modular-crypt-wrapped scrypt primitive.
+package raw
+
+import "golang.org/x/crypto/scrypt"
+import "encoding/base64"
+import "strings"
+import "strconv"
+import "fmt"
+
+// The current recommended N value for interactive logins.
+const RecommendedN = 16384
+
+// The current recommended r value for interactive logins.
+const Recommendedr = 8
+
+// The current recommended p value for interactive logins.
+const Recommendedp = 1
+
+// Wrapper for golang.org/x/crypto/scrypt implementing a sensible
+// modular crypt interface.
+//
+// password should be a UTF-8 plaintext password.
+// salt should be a random salt value in binary form.
+//
+// N, r and p are parameters to scrypt.
+//
+// Returns a modular crypt hash.
+func ScryptSHA256(password string, salt []byte, N, r, p int) string {
+	passwordb := []byte(password)
+
+	hash, err := scrypt.Key(passwordb, salt, N, r, p, 32)
+	if err != nil {
+		panic(err)
+	}
+
+	hstr := base64.StdEncoding.EncodeToString(hash)
+	sstr := base64.StdEncoding.EncodeToString(salt)
+
+	return fmt.Sprintf("$s2$%d$%d$%d$%s$%s", N, r, p, sstr, hstr)
+}
+
+// Indicates that a password hash or stub is invalid.
+var ErrInvalidStub = fmt.Errorf("invalid scrypt password stub")
+
+// Parses an scrypt modular hash or stub string.
+//
+// The format is as follows:
+//
+//   $s2$N$r$p$salt$hash    // hash
+//   $s2$N$r$p$salt         // stub
+//
+func Parse(stub string) (salt, hash []byte, N, r, p int, err error) {
+	if len(stub) < 10 || !strings.HasPrefix(stub, "$s2$") {
+		err = ErrInvalidStub
+		return
+	}
+
+	// $s2$  N$r$p$salt-base64$hash-base64
+	parts := strings.Split(stub[4:], "$")
+
+	if len(parts) < 4 {
+		err = ErrInvalidStub
+		return
+	}
+
+	var Ni, ri, pi uint64
+
+	Ni, err = strconv.ParseUint(parts[0], 10, 31)
+	if err != nil {
+		return
+	}
+
+	ri, err = strconv.ParseUint(parts[1], 10, 31)
+	if err != nil {
+		return
+	}
+
+	pi, err = strconv.ParseUint(parts[2], 10, 31)
+	if err != nil {
+		return
+	}
+
+	N, r, p = int(Ni), int(ri), int(pi)
+
+	salt, err = base64.StdEncoding.DecodeString(parts[3])
+	if err != nil {
+		return
+	}
+
+	if len(parts) >= 5 {
+		hash, err = base64.StdEncoding.DecodeString(parts[4])
+	}
+
+	return
+}
--- a/vendor/gopkg.in/hlandau/passlib.v1/hash/scrypt/scrypt.go
+++ b/vendor/gopkg.in/hlandau/passlib.v1/hash/scrypt/scrypt.go
@@ -0,0 +1,113 @@
+// Package scrypt implements the scrypt password hashing mechanism, wrapped in
+// the modular crypt format.
+package scrypt
+
+import "fmt"
+import "expvar"
+import "strings"
+import "crypto/rand"
+import "encoding/base64"
+import "gopkg.in/hlandau/passlib.v1/hash/scrypt/raw"
+import "gopkg.in/hlandau/passlib.v1/abstract"
+
+var cScryptSHA256HashCalls = expvar.NewInt("passlib.scryptsha256.hashCalls")
+var cScryptSHA256VerifyCalls = expvar.NewInt("passlib.scryptsha256.verifyCalls")
+
+// An implementation of Scheme performing scrypt-sha256.
+//
+// Uses the recommended values for N,r,p defined in raw.
+var SHA256Crypter abstract.Scheme
+
+func init() {
+	SHA256Crypter = NewSHA256(
+		raw.RecommendedN,
+		raw.Recommendedr,
+		raw.Recommendedp,
+	)
+}
+
+// Returns an implementation of Scheme implementing scrypt-sha256
+// with the specified parameters.
+func NewSHA256(N, r, p int) abstract.Scheme {
+	return &scryptSHA256Crypter{
+		nN: N,
+		r:  r,
+		p:  p,
+	}
+}
+
+type scryptSHA256Crypter struct {
+	nN, r, p int
+}
+
+func (c *scryptSHA256Crypter) SetParams(N, r, p int) error {
+	c.nN = N
+	c.r = r
+	c.p = p
+	return nil
+}
+
+func (c *scryptSHA256Crypter) SupportsStub(stub string) bool {
+	return strings.HasPrefix(stub, "$s2$")
+}
+
+func (c *scryptSHA256Crypter) Hash(password string) (string, error) {
+	cScryptSHA256HashCalls.Add(1)
+
+	stub, err := c.makeStub()
+	if err != nil {
+		return "", err
+	}
+
+	_, newHash, _, _, _, _, err := c.hash(password, stub)
+	return newHash, err
+}
+
+func (c *scryptSHA256Crypter) Verify(password, hash string) (err error) {
+	cScryptSHA256VerifyCalls.Add(1)
+
+	_, newHash, _, _, _, _, err := c.hash(password, hash)
+	if err == nil && !abstract.SecureCompare(hash, newHash) {
+		err = abstract.ErrInvalidPassword
+	}
+
+	return
+}
+
+func (c *scryptSHA256Crypter) NeedsUpdate(stub string) bool {
+	salt, _, N, r, p, err := raw.Parse(stub)
+	if err != nil {
+		return false // ...
+	}
+
+	return c.needsUpdate(salt, N, r, p)
+}
+
+func (c *scryptSHA256Crypter) needsUpdate(salt []byte, N, r, p int) bool {
+	return len(salt) < 18 || N < c.nN || r < c.r || p < c.p
+}
+
+func (c *scryptSHA256Crypter) hash(password, stub string) (oldHashRaw []byte, newHash string, salt []byte, N, r, p int, err error) {
+	salt, oldHashRaw, N, r, p, err = raw.Parse(stub)
+	if err != nil {
+		return
+	}
+
+	return oldHashRaw, raw.ScryptSHA256(password, salt, N, r, p), salt, N, r, p, nil
+}
+
+func (c *scryptSHA256Crypter) makeStub() (string, error) {
+	buf := make([]byte, 18)
+	_, err := rand.Read(buf)
+	if err != nil {
+		return "", err
+	}
+
+	salt := base64.StdEncoding.EncodeToString(buf)
+
+	return fmt.Sprintf("$s2$%d$%d$%d$%s", c.nN, c.r, c.p, salt), nil
+}
+
+func (c *scryptSHA256Crypter) String() string {
+	return fmt.Sprintf("scrypt-sha256(%d,%d,%d)", c.nN, c.r, c.p)
+}