go-passwd/gost_yes_crypt.go

122 lines
3.0 KiB
Go

package passwd
import (
"crypto/hmac"
"fmt"
"github.com/openwall/yescrypt-go"
"github.com/pedroalbanese/gogost/gost34112012256"
)
type GostYesCrypt struct {
Passwd
}
// Make an MD5Crypt password instance.
func NewGostYesCryptPasswd() PasswdInterface {
m := new(GostYesCrypt)
m.Magic = GOST_YES_CRYPT_MAGIC
m.SetSCryptParams(11, 31)
m.SaltLength = 22
// Set the interface to allow parents to call overriden functions.
m.i = m
return m
}
// Sets the SCrypt params using integers.
func (a *GostYesCrypt) SetSCryptParams(N, r int) (err error) {
Nval, err := IToA64(N)
if err != nil {
return
}
rval, err := IToA64(r)
if err != nil {
return
}
a.Params = fmt.Sprintf("j%c%c", Nval, rval)
return
}
// Decode SCrypt params.
func (a *GostYesCrypt) DecodeSCryptParams() (N, r int) {
b64 := []byte(a.Params)
if len(b64) != 3 {
return
}
N = AToI64(b64[1])
r = AToI64(b64[2])
return
}
// Hash a password with salt using gost yes crypt standard.
func (a *GostYesCrypt) Hash(password []byte, salt []byte) (hash []byte, err error) {
output := []byte(fmt.Sprintf("%s%s$%s", YES_CRYPT_MAGIC, a.Params, salt))
yescryptHash, err := yescrypt.Hash(password, output)
if err != nil {
return
}
bytes := SCryptBase64Decode(yescryptHash[len(output)+1:])
h := gost34112012256.New()
h.Write(password)
hmacKey := h.Sum(nil)
settings := []byte(fmt.Sprintf("%s%s$%s", a.Magic, a.Params, salt))
hm := hmac.New(gost34112012256.New, hmacKey)
hm.Write(settings)
hmacKey = hm.Sum(nil)
hm = hmac.New(gost34112012256.New, hmacKey)
hm.Write(bytes)
b64 := SCryptBase64Encode(hm.Sum(nil))
hash = append(settings, '$')
hash = append(hash, b64...)
return
}
// Override the passwd hash with salt function to hash with gost yes crypt.
func (a *GostYesCrypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error) {
hash, err = a.Hash(password, salt)
return
}
// Hash an password using default parameters with Gost Yes Crypt.
func HashGostYesCryptPassword(password []byte) (hash []byte, err error) {
passwd := NewGostYesCryptPasswd()
hash, err = passwd.HashPassword(password)
if err != nil {
return
}
return
}
// Hash an password with salt using default parameters with Gost Yes Crypt.
func HashGostYesCryptPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error) {
passwd := NewGostYesCryptPasswd()
hash, err = passwd.HashPasswordWithSalt(password, salt)
if err != nil {
return
}
return
}
// Hash an password string using default parameters with Gost Yes Crypt.
func SHashGostYesCryptPassword(password string) (hash string, err error) {
passwd := NewGostYesCryptPasswd()
hash, err = passwd.SHashPassword(password)
if err != nil {
return
}
return
}
// Hash an password string with salt using default parameters with Gost Yes Crypt.
func SHashGostYesCryptPasswordWithSalt(password string, salt string) (hash string, err error) {
passwd := NewGostYesCryptPasswd()
hash, err = passwd.SHashPasswordWithSalt(salt, salt)
if err != nil {
return
}
return
}