diff options
| author | Daniel Baumann <daniel@debian.org> | 2024-10-18 20:33:49 +0200 |
|---|---|---|
| committer | Daniel Baumann <daniel@debian.org> | 2024-12-12 23:57:56 +0100 |
| commit | e68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch) | |
| tree | 97775d6c13b0f416af55314eb6a89ef792474615 /modules/auth/password/hash/pbkdf2.go | |
| parent | Initial commit. (diff) | |
| download | forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip | |
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to 'modules/auth/password/hash/pbkdf2.go')
| -rw-r--r-- | modules/auth/password/hash/pbkdf2.go | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/modules/auth/password/hash/pbkdf2.go b/modules/auth/password/hash/pbkdf2.go new file mode 100644 index 0000000..27382fe --- /dev/null +++ b/modules/auth/password/hash/pbkdf2.go @@ -0,0 +1,67 @@ +// Copyright 2023 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package hash + +import ( + "crypto/sha256" + "encoding/hex" + "strings" + + "code.gitea.io/gitea/modules/log" + + "golang.org/x/crypto/pbkdf2" +) + +func init() { + MustRegister("pbkdf2", NewPBKDF2Hasher) +} + +// PBKDF2Hasher implements PasswordHasher +// and uses the PBKDF2 key derivation function. +type PBKDF2Hasher struct { + iter, keyLen int +} + +// HashWithSaltBytes a provided password and salt +func (hasher *PBKDF2Hasher) HashWithSaltBytes(password string, salt []byte) string { + if hasher == nil { + return "" + } + return hex.EncodeToString(pbkdf2.Key([]byte(password), salt, hasher.iter, hasher.keyLen, sha256.New)) +} + +// NewPBKDF2Hasher is a factory method to create an PBKDF2Hasher +// config should be either empty or of the form: +// "<iter>$<keyLen>", where <x> is the string representation +// of an integer +func NewPBKDF2Hasher(config string) *PBKDF2Hasher { + // This default configuration uses the following parameters: + // iter=10000, keyLen=50. + // This matches the original configuration for `pbkdf2` prior to storing parameters + // in the database. + // THESE VALUES MUST NOT BE CHANGED OR BACKWARDS COMPATIBILITY WILL BREAK + hasher := &PBKDF2Hasher{ + iter: 10_000, + keyLen: 50, + } + + if config == "" { + return hasher + } + + vals := strings.SplitN(config, "$", 2) + if len(vals) != 2 { + log.Error("invalid pbkdf2 hash spec %s", config) + return nil + } + + var err error + hasher.iter, err = parseIntParam(vals[0], "iter", "pbkdf2", config, nil) + hasher.keyLen, err = parseIntParam(vals[1], "keyLen", "pbkdf2", config, err) + if err != nil { + return nil + } + + return hasher +} |