288 lines
6.3 KiB
Go
288 lines
6.3 KiB
Go
package passwd
|
|
|
|
import (
|
|
"errors"
|
|
"hash"
|
|
)
|
|
|
|
// The non-standard alphabet for crypt base64 encoding.
|
|
const iota64Encoding = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
|
|
|
// Base64 to integer encoding table.
|
|
var atoi64Partial = [...]byte{
|
|
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
|
|
64, 64, 64, 64, 64, 64, 64,
|
|
12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
|
|
25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
|
|
64, 64, 64, 64, 64, 64,
|
|
38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
|
|
51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
|
|
}
|
|
|
|
// Append base64 for provided uint.
|
|
func Base64Append(dst []byte, v uint, n int) []byte {
|
|
// Until we finish the number of rounds specified,
|
|
// loop and encode to base64.
|
|
for n > 0 {
|
|
// Append base64 of current bit.
|
|
dst = append(dst, iota64Encoding[v&0x3F])
|
|
// Jump to the next bit for encoding.
|
|
v >>= 6
|
|
n -= 1
|
|
}
|
|
// Return new byte array.
|
|
return dst
|
|
}
|
|
|
|
// Encode to crypt base64.
|
|
func Base64Encode(src []byte) []byte {
|
|
size := len(src)
|
|
var b64 []byte
|
|
var i int
|
|
for i = 0; i < size-3; i += 3 {
|
|
l := uint(src[i])<<16 |
|
|
uint(src[i+1])<<8 |
|
|
uint(src[i+2])
|
|
b64 = Base64Append(b64, l, 4)
|
|
}
|
|
var l uint
|
|
if size-i == 2 {
|
|
l = uint(src[i])<<16 |
|
|
uint(src[i+1])<<8 |
|
|
uint(src[0])
|
|
b64 = Base64Append(b64, l, 4)
|
|
}
|
|
return b64
|
|
}
|
|
|
|
// Takes a prior hash, and recycles bytes until the length provided is covered.
|
|
func HashBlockRecycle(h hash.Hash, block []byte, len int) {
|
|
size := h.BlockSize()
|
|
var cnt int
|
|
for cnt = len; cnt > size; cnt -= size {
|
|
h.Write(block)
|
|
}
|
|
// Remaining characters of the length, add sub slice here.
|
|
h.Write(block[:cnt])
|
|
}
|
|
|
|
// Convert base64 byte to integer value.
|
|
func AToI64(c byte) (val int) {
|
|
if c >= '.' && c <= 'z' {
|
|
val = int(atoi64Partial[c-'.'])
|
|
}
|
|
return
|
|
}
|
|
|
|
// Convert integer to bae64.
|
|
func IToA64(N int) (val byte, err error) {
|
|
if N > 64 {
|
|
err = errors.New("maximum itoa64 value is 64")
|
|
return
|
|
}
|
|
Nb := byte(N)
|
|
for i, b := range atoi64Partial {
|
|
if b == Nb {
|
|
val = '.' + byte(i)
|
|
}
|
|
}
|
|
return
|
|
}
|
|
|
|
// Get the power of 2 value.
|
|
func N2log2(N uint64) (N_log2 int) {
|
|
if N < 2 {
|
|
return
|
|
}
|
|
|
|
// Find power by bit shifting until shifting results in 0.
|
|
N_log2 = 2
|
|
for N>>N_log2 != 0 {
|
|
N_log2++
|
|
}
|
|
N_log2--
|
|
|
|
// If the result of removing one power level ends up resulting in a shift of not 1, return 0.
|
|
if N>>N_log2 != 1 {
|
|
return 0
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// Encode uint32 into base64 at a fixed length.
|
|
func Base64Uint32Encode(src, srcbits uint32) (b64 []byte) {
|
|
var bits uint32
|
|
|
|
for bits = 0; bits < srcbits; bits += 6 {
|
|
b64 = append(b64, iota64Encoding[src&0x3F])
|
|
src >>= 6
|
|
}
|
|
|
|
if src != 0 {
|
|
return []byte{}
|
|
}
|
|
return
|
|
}
|
|
|
|
// Decode uint32 from base64 at a fixed length.
|
|
func Base64Uint32Decode(src []byte, dstbits uint32) (dst uint32) {
|
|
var bits uint32
|
|
var i uint
|
|
for bits = 0; bits < dstbits; bits += 6 {
|
|
c := AToI64(src[i])
|
|
i++
|
|
if c > 63 {
|
|
return 0
|
|
}
|
|
dst |= uint32(c << bits)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Encode base64 in the format used for SCrypt hashes.
|
|
func SCryptBase64Encode(src []byte) []byte {
|
|
dst := make([]byte, 0, (len(src)*8+5)/6)
|
|
for i := 0; i < len(src); {
|
|
var val uint32
|
|
var bits int32
|
|
for ; bits < 24 && i < len(src); bits += 8 {
|
|
val |= uint32(src[i]) << bits
|
|
i++
|
|
}
|
|
for ; bits > 0; bits -= 6 {
|
|
dst = append(dst, iota64Encoding[val&0x3F])
|
|
val >>= 6
|
|
}
|
|
}
|
|
return dst
|
|
}
|
|
|
|
// Decode base64 in the format used for SCrypt hashes.
|
|
func SCryptBase64Decode(src []byte) []byte {
|
|
dst := make([]byte, 0, len(src)*3/4)
|
|
for i := 0; i < len(src); {
|
|
var val uint32
|
|
var bits int32
|
|
for ; bits < 24 && i < len(src); bits += 6 {
|
|
c := AToI64(src[i])
|
|
if c > 63 {
|
|
return nil
|
|
}
|
|
i++
|
|
val |= uint32(c) << bits
|
|
}
|
|
if bits < 12 {
|
|
return nil
|
|
}
|
|
for ; bits >= 8; bits -= 8 {
|
|
dst = append(dst, byte(val))
|
|
val >>= 8
|
|
}
|
|
if val != 0 {
|
|
return nil
|
|
}
|
|
}
|
|
return dst
|
|
}
|
|
|
|
// Encode MD5 result to MD5 crypt base64.
|
|
func MD5Base64Encode(src []byte) []byte {
|
|
// The way the crypt standards work with base64 encoding of MD5 is odd, because the
|
|
// last round rotates some of the hash bytes positions. So we must have this custom
|
|
// function just to encode MD5 hashes to base64.
|
|
var b64 []byte
|
|
l := uint(src[0])<<16 | uint(src[6])<<8 | uint(src[12])
|
|
b64 = Base64Append(b64, l, 4)
|
|
l = uint(src[1])<<16 | uint(src[7])<<8 | uint(src[13])
|
|
b64 = Base64Append(b64, l, 4)
|
|
l = uint(src[2])<<16 | uint(src[8])<<8 | uint(src[14])
|
|
b64 = Base64Append(b64, l, 4)
|
|
l = uint(src[3])<<16 | uint(src[9])<<8 | uint(src[15])
|
|
b64 = Base64Append(b64, l, 4)
|
|
l = uint(src[4])<<16 | uint(src[10])<<8 | uint(src[5])
|
|
b64 = Base64Append(b64, l, 4)
|
|
l = uint(src[11])
|
|
b64 = Base64Append(b64, l, 2)
|
|
return b64
|
|
}
|
|
|
|
// The crypt standard likes to rotate bits in base64,
|
|
// although it doesn't really do anything for brute force protection.
|
|
// This performs the rotation algorithm.
|
|
func Base64RotateEncode(src []byte, order bool) []byte {
|
|
var b64 []byte
|
|
l := len(src)
|
|
// Setup indexes.
|
|
// Used for the loop.
|
|
i := 0
|
|
// Index A.
|
|
ia := 0
|
|
// Index C, should be byte length divided by 3 to ensure we start a the 3rd point.
|
|
ib := l / 3
|
|
// Index C is just B doubled.
|
|
ic := ib + ib
|
|
// Index D is used to determine which iteration we're on.
|
|
id := 0
|
|
// Loop until we reach the last index that fits all 3 values to b64.
|
|
for ; i < l-3; i += 3 {
|
|
var a, b, c int
|
|
// Depending on index D, rotate the A, B, and C indexes.
|
|
// I am not sure why we are rotating byte input, it doesn't do anything
|
|
// with regards to brute force protection. Someone can just reverse the
|
|
// byte order to decode the base64 back down to binary, then use the binary
|
|
// for brute force attacks.
|
|
if order {
|
|
switch id % 3 {
|
|
case 0:
|
|
a = ia
|
|
b = ib
|
|
c = ic
|
|
case 1:
|
|
a = ib
|
|
b = ic
|
|
c = ia
|
|
case 2:
|
|
a = ic
|
|
b = ia
|
|
c = ib
|
|
}
|
|
} else {
|
|
switch id % 3 {
|
|
case 0:
|
|
a = ia
|
|
b = ib
|
|
c = ic
|
|
case 1:
|
|
a = ic
|
|
b = ia
|
|
c = ib
|
|
case 2:
|
|
a = ib
|
|
b = ic
|
|
c = ia
|
|
}
|
|
}
|
|
|
|
// For this round, append the base64.
|
|
l := uint(src[a])<<16 | uint(src[b])<<8 | uint(src[c])
|
|
b64 = Base64Append(b64, l, 4)
|
|
|
|
// Increment the indexes.
|
|
ia++
|
|
ib++
|
|
ic++
|
|
id++
|
|
}
|
|
// For the remaining bytes, append as needed.
|
|
if l-i == 2 {
|
|
l := uint(0)<<16 | uint(src[l-1])<<8 | uint(src[l-2])
|
|
b64 = Base64Append(b64, l, 3)
|
|
} else {
|
|
l := uint(0)<<16 | uint(0)<<8 | uint(src[l-1])
|
|
b64 = Base64Append(b64, l, 2)
|
|
}
|
|
// Return the base64.
|
|
return b64
|
|
}
|