sour-is/go-passwd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

feat: add algo specific pref check

Browse Source
This commit is contained in:
Jon Lundy 2022-12-07 14:30:32 -07:00
parent 0c36a25333
commit 5bcec7c5a0
Signed by untrusted user who does not match committer: xuu
GPG Key ID: C63E6D61F3035024
3 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
passwd.go
View File

@ -62,6 +62,12 @@ func (p *Passwd) Passwd(pass, hash string) (string, error) {
func (p *Passwd) IsPreferred(hash string) bool { func (p *Passwd) IsPreferred(hash string) bool {
_, algo := p.getAlgo(hash) _, algo := p.getAlgo(hash)
if algo != nil && algo == p.d { if algo != nil && algo == p.d {
// if the algorithem defines its own check for preference.
if ck, ok := algo.(interface{ IsPreferred(string) bool }); ok {
return ck.IsPreferred(hash)
}
return true return true
} }
return false return false

30
pkg/argon2/argon2.go
View File

@ -101,6 +101,36 @@ func (p *argon) Passwd(pass string, check string) (string, error) {
func (p *argon) ApplyPasswd(passwd *passwd.Passwd) { func (p *argon) ApplyPasswd(passwd *passwd.Passwd) {
passwd.Register(p.name, p) passwd.Register(p.name, p)
} }
func (s *argon) IsPreferred(hash string) bool {
args, err := s.parseArgs(hash)
if err != nil {
return false
}
if args.version < s.version {
return false
}
if args.time < s.time {
return false
}
if args.memory < s.memory {
return false
}
if args.threads < s.threads {
return false
}
if args.keyLen < s.keyLen {
return false
}
if len(args.salt) < int(s.saltLen) {
return false
}
if len(args.hash) < int(s.keyLen) {
return false
}
return true
}
func (p *argon) defaultArgs() *pwArgs { func (p *argon) defaultArgs() *pwArgs {
return &pwArgs{ return &pwArgs{
name: p.name, name: p.name,

26
pkg/scrypt/scrypt.go
View File

@ -93,6 +93,30 @@ func (s *scryptpw) ApplyPasswd(p *passwd.Passwd) {
p.SetFallthrough(s) p.SetFallthrough(s)
} }
} }
func (s *scryptpw) IsPreferred(hash string) bool {
args, err := s.parseArgs(hash)
if err != nil {
return false
}
if args.N < s.N {
return false
}
if args.R < s.R {
return false
}
if args.P < s.P {
return false
}
if args.SaltLen < s.SaltLen {
return false
}
if args.DKLen < s.DKLen {
return false
}
return true
}
func (s *scryptpw) defaultArgs() *scryptArgs { func (s *scryptpw) defaultArgs() *scryptArgs {
return &scryptArgs{ return &scryptArgs{
name: s.name, name: s.name,
@ -145,11 +169,13 @@ func (s *scryptpw) parseArgs(hash string) (*scryptArgs, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("%w: corrupt salt part", passwd.ErrBadHash) return nil, fmt.Errorf("%w: corrupt salt part", passwd.ErrBadHash)
} }
args.SaltLen = len(args.salt)
args.hash, err = s.encoder.DecodeString(hash) args.hash, err = s.encoder.DecodeString(hash)
if err != nil { if err != nil {
return nil, fmt.Errorf("%w: corrupt hash part", passwd.ErrBadHash) return nil, fmt.Errorf("%w: corrupt hash part", passwd.ErrBadHash)
} }
args.DKLen = len(args.hash)
return args, nil return args, nil
} }