go-passwd/pkg/scrypt/scrypt.go

224 lines
4.7 KiB
Go
Raw Permalink Normal View History

2022-12-07 14:19:04 -07:00
package scrypt
import (
"bytes"
2022-12-07 14:19:04 -07:00
"crypto/rand"
"crypto/subtle"
"encoding/base64"
"encoding/hex"
"fmt"
"strconv"
"github.com/sour-is/go-passwd"
"golang.org/x/crypto/scrypt"
)
type scryptpw struct {
N int // CPU/memory cost parameter (logN)
R int // block size parameter (octets)
2022-12-07 15:53:33 -07:00
P int // parallelization parameter (positive int)
2022-12-07 14:19:04 -07:00
SaltLen int // bytes to use as salt (octets)
DKLen int // length of the derived key (octets)
name string
encoder interface {
EncodedLen(n int) int
Encode(dst, src []byte)
DecodedLen(x int) int
Decode(dst, src []byte) (n int, err error)
2022-12-07 14:19:04 -07:00
}
}
type scryptArgs struct {
N int // CPU/memory cost parameter (logN)
R int // block size parameter (octets)
2022-12-07 15:53:33 -07:00
P int // parallelization parameter (positive int)
2022-12-07 14:19:04 -07:00
SaltLen int // bytes to use as salt (octets)
DKLen int // length of the derived key (octets)
name string
salt []byte
hash []byte
encoder interface {
EncodedLen(n int) int
Encode(dst, src []byte)
DecodedLen(x int) int
Decode(dst, src []byte) (n int, err error)
2022-12-07 14:19:04 -07:00
}
}
var All = []passwd.Passwder{Simple, Scrypt2}
var Simple = &scryptpw{
N: 16384, R: 8, P: 1, SaltLen: 16, DKLen: 32,
name: "s1", encoder: hexenc{},
}
var Scrypt2 = &scryptpw{
N: 16384, R: 8, P: 1, SaltLen: 16, DKLen: 32,
name: "s2", encoder: base64.RawStdEncoding,
}
func (s *scryptpw) Passwd(pass, check []byte) ([]byte, error) {
2022-12-07 14:19:04 -07:00
var args *scryptArgs
var err error
if check == nil {
2022-12-07 14:19:04 -07:00
args = s.defaultArgs()
_, err := rand.Read(args.salt)
if err != nil {
return nil, err
2022-12-07 14:19:04 -07:00
}
args.hash, err = scrypt.Key(pass, args.salt, args.N, args.R, args.P, args.DKLen)
2022-12-07 14:19:04 -07:00
if err != nil {
return nil, err
2022-12-07 14:19:04 -07:00
}
} else {
args, err = s.parseArgs(check)
if err != nil {
return nil, err
2022-12-07 14:19:04 -07:00
}
hash, err := scrypt.Key([]byte(pass), args.salt, args.N, args.R, args.P, args.DKLen)
if err != nil {
return nil, err
2022-12-07 14:19:04 -07:00
}
if subtle.ConstantTimeCompare(hash, args.hash) == 0 {
return nil, passwd.ErrNoMatch
2022-12-07 14:19:04 -07:00
}
}
return args.Bytes(), nil
2022-12-07 14:19:04 -07:00
}
func (s *scryptpw) ApplyPasswd(p *passwd.Passwd) {
p.Register(s.name, s)
if s.name == "s1" {
p.SetFallthrough(s)
}
}
func (s *scryptpw) IsPreferred(hash []byte) bool {
2022-12-07 14:30:32 -07:00
args, err := s.parseArgs(hash)
if err != nil {
return false
}
if args.N < s.N {
return false
}
if args.R < s.R {
return false
}
if args.P < s.P {
return false
}
if args.SaltLen < s.SaltLen {
return false
}
if args.DKLen < s.DKLen {
return false
}
return true
}
2022-12-07 14:19:04 -07:00
func (s *scryptpw) defaultArgs() *scryptArgs {
return &scryptArgs{
name: s.name,
N: s.N,
R: s.R,
P: s.P,
DKLen: s.DKLen,
SaltLen: s.SaltLen,
salt: make([]byte, s.SaltLen),
encoder: s.encoder,
}
}
func (s *scryptpw) parseArgs(hash []byte) (*scryptArgs, error) {
2022-12-07 14:19:04 -07:00
args := s.defaultArgs()
name := []byte("$" + s.name + "$")
hash = bytes.TrimPrefix(hash, name)
2022-12-07 14:19:04 -07:00
N, hash, ok := bytes.Cut(hash, []byte("$"))
2022-12-07 14:19:04 -07:00
if !ok {
return nil, fmt.Errorf("%w: missing args: N", passwd.ErrBadHash)
}
if n, err := strconv.Atoi(string(N)); err == nil {
2022-12-07 14:19:04 -07:00
args.N = n
}
R, hash, ok := bytes.Cut(hash, []byte("$"))
2022-12-07 14:19:04 -07:00
if !ok {
return nil, fmt.Errorf("%w: missing args: R", passwd.ErrBadHash)
}
if r, err := strconv.Atoi(string(R)); err == nil {
2022-12-07 14:19:04 -07:00
args.R = r
}
P, hash, ok := bytes.Cut(hash, []byte("$"))
2022-12-07 14:19:04 -07:00
if !ok {
return nil, fmt.Errorf("%w: missing args: P", passwd.ErrBadHash)
}
if p, err := strconv.Atoi(string(P)); err == nil {
2022-12-07 14:19:04 -07:00
args.P = p
}
salt, hash, ok := bytes.Cut(hash, []byte("$"))
2022-12-07 14:19:04 -07:00
if !ok {
return nil, fmt.Errorf("%w: missing args: salt", passwd.ErrBadHash)
}
var err error
args.salt = make([]byte, s.encoder.DecodedLen(len(salt)))
_, err = s.encoder.Decode(args.salt, salt)
2022-12-07 14:19:04 -07:00
if err != nil {
return nil, fmt.Errorf("%w: corrupt salt part", passwd.ErrBadHash)
}
2022-12-07 14:30:32 -07:00
args.SaltLen = len(args.salt)
2022-12-07 14:19:04 -07:00
args.hash = make([]byte, s.encoder.DecodedLen(len(hash)))
_, err = s.encoder.Decode(args.hash, hash)
2022-12-07 14:19:04 -07:00
if err != nil {
return nil, fmt.Errorf("%w: corrupt hash part", passwd.ErrBadHash)
}
2022-12-07 14:30:32 -07:00
args.DKLen = len(args.hash)
2022-12-07 14:19:04 -07:00
return args, nil
}
func (s *scryptArgs) Bytes() []byte {
var b bytes.Buffer
2022-12-07 14:19:04 -07:00
if s.name != "s1" {
b.WriteRune('$')
b.WriteString(s.name)
b.WriteRune('$')
2022-12-07 14:19:04 -07:00
}
fmt.Fprintf(&b, "%d$%d$%d", s.N, s.R, s.P)
salt := make([]byte, s.encoder.EncodedLen(len(s.salt)))
s.encoder.Encode(salt, s.salt)
b.WriteRune('$')
b.Write(salt)
hash := make([]byte, s.encoder.EncodedLen(len(s.hash)))
s.encoder.Encode(hash, s.hash)
b.WriteRune('$')
b.Write(hash)
return b.Bytes()
2022-12-07 14:19:04 -07:00
}
type hexenc struct{}
func (hexenc) Encode(dst, src []byte) {
hex.Encode(dst, src)
2022-12-07 14:19:04 -07:00
}
func (hexenc) EncodedLen(n int) int { return hex.EncodedLen(n) }
func (hexenc) Decode(dst, src []byte) (n int, err error) {
return hex.Decode(dst, src)
2022-12-07 14:19:04 -07:00
}
func (hexenc) DecodedLen(x int) int { return hex.DecodedLen(x) }