|
Packit Service |
4d2de5 |
package crypt
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
import (
|
|
Packit Service |
4d2de5 |
"crypto/rand"
|
|
Packit Service |
4d2de5 |
"math/big"
|
|
Packit Service |
4d2de5 |
"strings"
|
|
Packit Service |
4d2de5 |
)
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
// CryptSHA512 encrypts the given password with SHA512 and a random salt.
|
|
Packit Service |
4d2de5 |
//
|
|
Packit Service |
4d2de5 |
// Note that this function is not deterministic.
|
|
Packit Service |
4d2de5 |
func CryptSHA512(phrase string) (string, error) {
|
|
Packit Service |
4d2de5 |
const SHA512SaltLength = 16
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
salt, err := genSalt(SHA512SaltLength)
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
if err != nil {
|
|
Packit Service |
4d2de5 |
return "", nil
|
|
Packit Service |
4d2de5 |
}
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
hashSettings := "$6$" + salt
|
|
Packit Service |
4d2de5 |
return crypt(phrase, hashSettings)
|
|
Packit Service |
4d2de5 |
}
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
func genSalt(length int) (string, error) {
|
|
Packit Service |
4d2de5 |
saltChars := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
b := make([]byte, length)
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
for i := range b {
|
|
Packit Service |
4d2de5 |
runeIndex, err := rand.Int(rand.Reader, big.NewInt(int64(len(saltChars))))
|
|
Packit Service |
4d2de5 |
if err != nil {
|
|
Packit Service |
4d2de5 |
return "", err
|
|
Packit Service |
4d2de5 |
}
|
|
Packit Service |
4d2de5 |
b[i] = saltChars[runeIndex.Int64()]
|
|
Packit Service |
4d2de5 |
}
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
return string(b), nil
|
|
Packit Service |
4d2de5 |
}
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
// PasswordIsCrypted returns true if the password appears to be an encrypted
|
|
Packit Service |
4d2de5 |
// one, according to a very simple heuristic.
|
|
Packit Service |
4d2de5 |
//
|
|
Packit Service |
4d2de5 |
// Any string starting with one of $2$, $6$ or $5$ is considered to be
|
|
Packit Service |
4d2de5 |
// encrypted. Any other string is consdirede to be unencrypted.
|
|
Packit Service |
4d2de5 |
//
|
|
Packit Service |
4d2de5 |
// This functionality is taken from pylorax.
|
|
Packit Service |
4d2de5 |
func PasswordIsCrypted(s string) bool {
|
|
Packit Service |
4d2de5 |
// taken from lorax src: src/pylorax/api/compose.py:533
|
|
Packit Service |
4d2de5 |
prefixes := [...]string{"$2b$", "$6$", "$5$"}
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
for _, prefix := range prefixes {
|
|
Packit Service |
4d2de5 |
if strings.HasPrefix(s, prefix) {
|
|
Packit Service |
4d2de5 |
return true
|
|
Packit Service |
4d2de5 |
}
|
|
Packit Service |
4d2de5 |
}
|
|
Packit Service |
4d2de5 |
|
|
Packit Service |
4d2de5 |
return false
|
|
Packit Service |
4d2de5 |
}
|