hash

package
v1.22.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2024 License: MIT Imports: 12 Imported by: 4

Documentation

Index

Constants

View Source
const DefaultHashAlgorithmName = "pbkdf2"

DefaultHashAlgorithmName represents the default value of PASSWORD_HASH_ALGO configured in app.ini.

It is NOT the same and does NOT map to the defaultEmptyHashAlgorithmSpecification.

It will be dealiased as per aliasAlgorithmNames whereas defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.

Variables

View Source
var RecommendedHashAlgorithms = []string{
	"pbkdf2",
	"argon2",
	"bcrypt",
	"scrypt",
	"pbkdf2_hi",
}

Functions

func ConfigHashAlgorithm added in v1.19.0

func ConfigHashAlgorithm(algorithm string) string

ConfigHashAlgorithm will try to find a "recommended algorithm name" defined by RecommendedHashAlgorithms for config This function is not fast and is only used for the installation page

func MustRegister added in v1.19.0

func MustRegister[T PasswordSaltHasher](name string, newFn func(config string) T)

MustRegister registers a PasswordSaltHasher with the availableHasherFactories Caution: This is not thread safe.

func Register

func Register[T PasswordSaltHasher](name string, newFn func(config string) T) error

Register registers a PasswordSaltHasher with the availableHasherFactories Caution: This is not thread safe.

Types

type Argon2Hasher

type Argon2Hasher struct {
	// contains filtered or unexported fields
}

Argon2Hasher implements PasswordHasher and uses the Argon2 key derivation function, hybrant variant

func NewArgon2Hasher

func NewArgon2Hasher(config string) *Argon2Hasher

NewArgon2Hasher is a factory method to create an Argon2Hasher The provided config should be either empty or of the form: "<time>$<memory>$<threads>$<keyLen>", where <x> is the string representation of an integer

func (*Argon2Hasher) HashWithSaltBytes

func (hasher *Argon2Hasher) HashWithSaltBytes(password string, salt []byte) string

HashWithSaltBytes a provided password and salt

type BcryptHasher

type BcryptHasher struct {
	// contains filtered or unexported fields
}

BcryptHasher implements PasswordHasher and uses the bcrypt password hash function.

func NewBcryptHasher

func NewBcryptHasher(config string) *BcryptHasher

NewBcryptHasher is a factory method to create an BcryptHasher The provided config should be either empty or the string representation of the "<cost>" as an integer

func (*BcryptHasher) HashWithSaltBytes

func (hasher *BcryptHasher) HashWithSaltBytes(password string, salt []byte) string

HashWithSaltBytes a provided password and salt

func (*BcryptHasher) VerifyPassword

func (hasher *BcryptHasher) VerifyPassword(password, hashedPassword, salt string) bool

type DummyHasher added in v1.19.0

type DummyHasher struct{}

DummyHasher implements PasswordHasher and is a dummy hasher that simply puts the password in place with its salt This SHOULD NOT be used in production and is provided to make the integration tests faster only

func NewDummyHasher added in v1.19.0

func NewDummyHasher(_ string) *DummyHasher

NewDummyHasher is a factory method to create a DummyHasher Any provided configuration is ignored

func (*DummyHasher) HashWithSaltBytes added in v1.19.0

func (hasher *DummyHasher) HashWithSaltBytes(password string, salt []byte) string

HashWithSaltBytes a provided password and salt

type PBKDF2Hasher

type PBKDF2Hasher struct {
	// contains filtered or unexported fields
}

PBKDF2Hasher implements PasswordHasher and uses the PBKDF2 key derivation function.

func NewPBKDF2Hasher

func NewPBKDF2Hasher(config string) *PBKDF2Hasher

NewPBKDF2Hasher is a factory method to create an PBKDF2Hasher config should be either empty or of the form: "<iter>$<keyLen>", where <x> is the string representation of an integer

func (*PBKDF2Hasher) HashWithSaltBytes

func (hasher *PBKDF2Hasher) HashWithSaltBytes(password string, salt []byte) string

HashWithSaltBytes a provided password and salt

type PasswordHashAlgorithm

type PasswordHashAlgorithm struct {
	PasswordSaltHasher
	Specification string // The specification that is used to create the internal PasswordSaltHasher
}

PasswordHashAlgorithms are named PasswordSaltHashers with a default verifier and hash function

var DefaultHashAlgorithm *PasswordHashAlgorithm

func Parse

func Parse(algorithmSpec string) *PasswordHashAlgorithm

Parse will convert the provided algorithm specification in to a PasswordHashAlgorithm If the provided specification matches the DefaultHashAlgorithm Specification it will be used. In addition the last non-default hasher will be cached to help reduce the load from parsing specifications.

NOTE: No de-aliasing is done in this function, thus any specification which does not contain a configuration will use the default values for that hasher. These are not necessarily the same values as those obtained by dealiasing. This allows for seamless backwards compatibility with the original configuration.

To further labour this point, running `Parse("pbkdf2")` does not obtain the same algorithm as setting `PASSWORD_HASH_ALGO=pbkdf2` in app.ini, nor is it intended to. A user that has `password_hash_algo='pbkdf2'` in the db means get the original, unconfigured algorithm Users will be migrated automatically as they log-in to have the complete specification stored in their `password_hash_algo` fields by other code.

func SetDefaultPasswordHashAlgorithm

func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHashAlgorithm)

SetDefaultPasswordHashAlgorithm will take a provided algorithmName and de-alias it to a complete algorithm specification.

func (*PasswordHashAlgorithm) Hash

func (algorithm *PasswordHashAlgorithm) Hash(password, salt string) (string, error)

Hash the provided password with the salt and return the hash

func (*PasswordHashAlgorithm) VerifyPassword

func (algorithm *PasswordHashAlgorithm) VerifyPassword(providedPassword, hashedPassword, salt string) bool

Verify the provided password matches the hashPassword when hashed with the salt

type PasswordHasher

type PasswordHasher interface {
	Hash(password, salt string) (string, error)
}

PasswordHasher will hash a provided password with the salt

type PasswordSaltHasher

type PasswordSaltHasher interface {
	HashWithSaltBytes(password string, saltBytes []byte) string
}

PasswordSaltHasher will hash a provided password with the provided saltBytes

type PasswordVerifier

type PasswordVerifier interface {
	VerifyPassword(providedPassword, hashedPassword, salt string) bool
}

PasswordVerifier will ensure that a providedPassword matches the hashPassword when hashed with the salt

type ScryptHasher

type ScryptHasher struct {
	// contains filtered or unexported fields
}

ScryptHasher implements PasswordHasher and uses the scrypt key derivation function.

func NewScryptHasher

func NewScryptHasher(config string) *ScryptHasher

NewScryptHasher is a factory method to create an ScryptHasher The provided config should be either empty or of the form: "<n>$<r>$<p>$<keyLen>", where <x> is the string representation of an integer

func (*ScryptHasher) HashWithSaltBytes

func (hasher *ScryptHasher) HashWithSaltBytes(password string, salt []byte) string

HashWithSaltBytes a provided password and salt

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL