111 lines
2.7 KiB
Go
111 lines
2.7 KiB
Go
package passwd
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha1"
|
|
"fmt"
|
|
"strconv"
|
|
)
|
|
|
|
type SHA1Crypt struct {
|
|
Passwd
|
|
}
|
|
|
|
func NewSHA1Passwd() PasswdInterface {
|
|
m := new(SHA1Crypt)
|
|
m.Magic = SHA1_CRYPT_MAGIC
|
|
m.Params = "262144"
|
|
m.i = m
|
|
return m
|
|
}
|
|
|
|
// PBKDF1 with SHA1 crypt algorithm.
|
|
func (a *SHA1Crypt) Hash(password []byte, salt []byte, iterations uint64) (hash []byte) {
|
|
// We store the magic bytes as a string as we use sprintf to
|
|
// encode the outputs and easily translate the iterations
|
|
// from an uint64 to a string.
|
|
magic := a.Magic
|
|
|
|
// The first bit we encode into the hmac is the salt,
|
|
// magic string, and iterations of hmac rounds.
|
|
output := fmt.Sprintf("%s%s%d", salt, magic, iterations)
|
|
|
|
// Setup hmac with the password as the key.
|
|
hm := hmac.New(sha1.New, password)
|
|
|
|
// Write the salt and parameters to the hmac.
|
|
hm.Write([]byte(output))
|
|
|
|
// Get the first sum for the iterrations.
|
|
buf := hm.Sum(nil)
|
|
|
|
// Iterate the hmac to the specified number of iterations.
|
|
for i := uint64(1); i < iterations; i++ {
|
|
// Setup the hmac for this iteration.
|
|
hm.Reset()
|
|
|
|
// Feed back in the buffer from the last iteration.
|
|
hm.Write(buf)
|
|
|
|
// Get the buffer from this iteration.
|
|
buf = hm.Sum(nil)
|
|
}
|
|
|
|
// Create hash with result.
|
|
b64 := Base64Encode(buf)
|
|
hash = []byte(fmt.Sprintf("%s%d$%s$", magic, iterations, salt))
|
|
hash = append(hash, b64...)
|
|
return
|
|
}
|
|
|
|
// Override the hash with salt function to encode PBKDF1 with SHA1 hash.
|
|
func (a *SHA1Crypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error) {
|
|
iterations, err := strconv.ParseUint(a.Params, 10, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
hash = a.Hash(password, salt, iterations)
|
|
return
|
|
}
|
|
|
|
// Hash an password using default parameters with SHA1.
|
|
func HashSHA1Password(password []byte) (hash []byte, err error) {
|
|
passwd := NewSHA1Passwd()
|
|
hash, err = passwd.HashPassword(password)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
// Hash an password with salt using default parameters with SHA1.
|
|
func HashSHA1PasswordWithSalt(password []byte, salt []byte) (hash []byte, err error) {
|
|
passwd := NewSHA1Passwd()
|
|
hash, err = passwd.HashPasswordWithSalt(password, salt)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
// Hash an password string using default parameters with SHA1.
|
|
func SHashSHA1Password(password string) (hash string, err error) {
|
|
passwd := NewSHA1Passwd()
|
|
hash, err = passwd.SHashPassword(password)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
// Hash an password string with salt using default parameters with SHA1.
|
|
func SHashSHA1PasswordWithSalt(password string, salt string) (hash string, err error) {
|
|
passwd := NewSHA1Passwd()
|
|
hash, err = passwd.SHashPasswordWithSalt(salt, salt)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|