passwd

package module
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2025 License: MIT Imports: 19 Imported by: 0

README

go-passwd

This is a libxcrypt compatible password hashing library for the Go language. The passwords generated with this library is fully compatible with libxcrypt which can be used to generate or test passwords in use by software such as MySQL or the Linux shadow system.

Install

go get github.com/GRMrGecko/go-passwd

Docs

https://pkg.go.dev/github.com/GRMrGecko/go-passwd

Example

package main

import (
	"github.com/GRMrGecko/go-passwd"
	"log"
)

func main() {
	result, err := passwd.SCheckPassword("$y$j9T$Q3N1jZa3Cp.yNINNDt5dDgYkHU7k$9o7WJJB5F.tTEhZdz6T6LMWY/0C3JkhvmcNyUPvUBlC", "Test")
	if err != nil {
		log.Fatalln(err)
	}

	if result {
		log.Println("Password confirmed, saving new password.")

		pw := passwd.NewSHA512CryptPasswd()
		hash, err := pw.SHashPassword("New Password!!!")
		if err != nil {
			log.Fatalln(err)
		}
		log.Println("The new password hash to save is:", hash)
	}
}

Example output:

$ ./test
2024/09/07 18:42:35 Password confirmed, saving new password.
2024/09/07 18:42:35 The new password hash to save is: $6$4Eu/l5e.otcRj0rJ$YAlwxJD9pZY9.Z2TjseCbkXiUIrFU2AXh9DPEm5Z1SagxP..xaQCsz7jAgfW4nmUbLh.o23pEZGvvxPCLltf11

Known issues

  • It is possible to generate password hashes that are incompatible with libxcrypt by setting a large round count. This may be mitigated in the future by adding an option to disable compatibility and otherwise require compatible parameters to be set.
  • The bcrypt hashing algorithms are not implemented yet, it may be implemented in the near futre.

Documentation

Index

Constants

View Source 
const (
	SHA1_CRYPT_MAGIC     = "$sha1$"
	SHA1_SIZE            = 20
	SUN_MD5_MAGIC        = "$md5"
	MD5_CRYPT_MAGIC      = "$1$"
	MD5_SIZE             = 16
	NT_HASH_MAGIC        = "$3$"
	MD4_SIZE             = 16
	SHA256_CRYPT_MAGIC   = "$5$"
	SHA256_SIZE          = 32
	SHA512_CRYPT_MAGIC   = "$6$"
	SHA512_SIZE          = 64
	S_CRYPT_MAGIC        = "$7$"
	YES_CRYPT_MAGIC      = "$y$"
	GOST_YES_CRYPT_MAGIC = "$gy$"
)

Variables

This section is empty.

Functions

func AToI64 

func AToI64(c byte) (val int)

Convert base64 byte to integer value.

func Base64Append 

func Base64Append(dst []byte, v uint, n int) []byte

Append base64 for provided uint.

func Base64Encode 

func Base64Encode(src []byte) []byte

Encode to crypt base64.

func Base64RotateEncode 

func Base64RotateEncode(src []byte, order bool) []byte

The crypt standard likes to rotate bits in base64, although it doesn't really do anything for brute force protection. This performs the rotation algorithm.

func Base64Uint32Decode 

func Base64Uint32Decode(src []byte, dstbits uint32) (dst uint32)

Decode uint32 from base64 at a fixed length.

func Base64Uint32Encode 

func Base64Uint32Encode(src, srcbits uint32) (b64 []byte)

Encode uint32 into base64 at a fixed length.

func CheckPassword 

func CheckPassword(hash []byte, password []byte) (bool, error)

Check a password hash against a password.

func HashBlockRecycle 

func HashBlockRecycle(h hash.Hash, block []byte, len int)

Takes a prior hash, and recycles bytes until the length provided is covered.

func HashGostYesCryptPassword 

func HashGostYesCryptPassword(password []byte) (hash []byte, err error)

Hash an password using default parameters with Gost Yes Crypt.

func HashGostYesCryptPasswordWithSalt 

func HashGostYesCryptPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with Gost Yes Crypt.

func HashMD5Password 

func HashMD5Password(password []byte) (hash []byte, err error)

Hash an password using default parameters with MD5.

func HashMD5PasswordWithSalt 

func HashMD5PasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with MD5.

func HashNTPassword 

func HashNTPassword(password []byte) (hash []byte, err error)

Hash an password using default parameters with NT.

func HashNTPasswordWithSalt 

func HashNTPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with NT.

func HashSCryptPassword 

func HashSCryptPassword(password []byte) (hash []byte, err error)

Hash an password using default parameters with SCrypt.

func HashSCryptPasswordWithSalt 

func HashSCryptPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with SCrypt.

func HashSHA1Password 

func HashSHA1Password(password []byte) (hash []byte, err error)

Hash an password using default parameters with SHA1.

func HashSHA1PasswordWithSalt 

func HashSHA1PasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with SHA1.

func HashSHA256Password 

func HashSHA256Password(password []byte) (hash []byte, err error)

Hash an password using default parameters with SHA256.

func HashSHA256PasswordWithSalt 

func HashSHA256PasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with SHA256.

func HashSHA512Password 

func HashSHA512Password(password []byte) (hash []byte, err error)

Hash an password using default parameters with SHA512.

func HashSHA512PasswordWithSalt 

func HashSHA512PasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with SHA512.

func HashSunMD5Password 

func HashSunMD5Password(password []byte) (hash []byte, err error)

Hash an password using default parameters with Sun MD5.

func HashSunMD5PasswordWithSalt 

func HashSunMD5PasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with Sun MD5.

func HashYesCryptPassword 

func HashYesCryptPassword(password []byte) (hash []byte, err error)

Hash an password using default parameters with YesCrypt.

func HashYesCryptPasswordWithSalt 

func HashYesCryptPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash an password with salt using default parameters with YesCrypt.

func IToA64 

func IToA64(N int) (val byte, err error)

Convert integer to bae64.

func MD5Base64Encode 

func MD5Base64Encode(src []byte) []byte

Encode MD5 result to MD5 crypt base64.

func N2log2 

func N2log2(N uint64) (N_log2 int)

Get the power of 2 value.

func SCheckPassword 

func SCheckPassword(hash string, password string) (bool, error)

Check a password hash against a password string.

func SCryptBase64Decode 

func SCryptBase64Decode(src []byte) []byte

Decode base64 in the format used for SCrypt hashes.

func SCryptBase64Encode 

func SCryptBase64Encode(src []byte) []byte

Encode base64 in the format used for SCrypt hashes.

func SHashGostYesCryptPassword 

func SHashGostYesCryptPassword(password string) (hash string, err error)

Hash an password string using default parameters with Gost Yes Crypt.

func SHashGostYesCryptPasswordWithSalt 

func SHashGostYesCryptPasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with Gost Yes Crypt.

func SHashMD5Password 

func SHashMD5Password(password string) (hash string, err error)

Hash an password string using default parameters with MD5.

func SHashMD5PasswordWithSalt 

func SHashMD5PasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with MD5.

func SHashNTPassword 

func SHashNTPassword(password string) (hash string, err error)

Hash an password string using default parameters with NT.

func SHashNTPasswordWithSalt 

func SHashNTPasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with NT.

func SHashSCryptPassword 

func SHashSCryptPassword(password string) (hash string, err error)

Hash an password string using default parameters with SCrypt.

func SHashSCryptPasswordWithSalt 

func SHashSCryptPasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with SCrypt.

func SHashSHA1Password 

func SHashSHA1Password(password string) (hash string, err error)

Hash an password string using default parameters with SHA1.

func SHashSHA1PasswordWithSalt 

func SHashSHA1PasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with SHA1.

func SHashSHA256Password 

func SHashSHA256Password(password string) (hash string, err error)

Hash an password string using default parameters with SHA256.

func SHashSHA256PasswordWithSalt 

func SHashSHA256PasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with SHA256.

func SHashSHA512Password 

func SHashSHA512Password(password string) (hash string, err error)

Hash an password string using default parameters with SHA512.

func SHashSHA512PasswordWithSalt 

func SHashSHA512PasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with SHA512.

func SHashSunMD5Password 

func SHashSunMD5Password(password string) (hash string, err error)

Hash an password string using default parameters with Sun MD5.

func SHashSunMD5PasswordWithSalt 

func SHashSunMD5PasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with Sun MD5.

func SHashYesCryptPassword 

func SHashYesCryptPassword(password string) (hash string, err error)

Hash an password string using default parameters with YesCrypt.

func SHashYesCryptPasswordWithSalt 

func SHashYesCryptPasswordWithSalt(password string, salt string) (hash string, err error)

Hash an password string with salt using default parameters with YesCrypt.

Types

type GostYesCrypt 

type GostYesCrypt struct {
	Passwd
}

func (*GostYesCrypt) DecodeSCryptParams 

func (a *GostYesCrypt) DecodeSCryptParams() (N, r int)

Decode SCrypt params.

func (*GostYesCrypt) Hash 

func (a *GostYesCrypt) Hash(password []byte, salt []byte) (hash []byte, err error)

Hash a password with salt using gost yes crypt standard.

func (*GostYesCrypt) HashPasswordWithSalt 

func (a *GostYesCrypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the passwd hash with salt function to hash with gost yes crypt.

func (*GostYesCrypt) SetSCryptParams 

func (a *GostYesCrypt) SetSCryptParams(N, r int) (err error)

Sets the SCrypt params using integers.

type MD5Crypt 

type MD5Crypt struct {
	Passwd
}

func (*MD5Crypt) Hash 

func (a *MD5Crypt) Hash(password []byte, salt []byte) (hash []byte)

Hash a password with salt using MD5 crypt standard.

func (*MD5Crypt) HashPasswordWithSalt 

func (a *MD5Crypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the passwd hash with salt function to hash with MD5 crypt.

type NTHash 

type NTHash struct {
	Passwd
}

func (*NTHash) Hash 

func (a *NTHash) Hash(password []byte) (hash []byte)

Hash an NT compatible hash.

func (*NTHash) HashPasswordWithSalt 

func (a *NTHash) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the hash with salt function with one that encodes the NT hash, ignoring the salt.

func (*NTHash) UTF8ToUCS2LE 

func (a *NTHash) UTF8ToUCS2LE(src []byte) []byte

Encode UTF-8 bytes to UCS-2LE bytes. The NT hash uses UCS-2LE, so we need to convert for compatibility.

type Passwd 

type Passwd struct {
	Magic      string
	Params     string
	SaltLength int
	Salt       []byte
	// contains filtered or unexported fields
}

Base structure.

func (*Passwd) GenerateSalt 

func (a *Passwd) GenerateSalt() ([]byte, error)

Generate a salt based on configs for this paassword algorithm.

func (*Passwd) HashPassword 

func (a *Passwd) HashPassword(password []byte) (hash []byte, err error)

Hash a password.

func (*Passwd) HashPasswordWithSalt 

func (a *Passwd) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Hash a password with a custom salt.

func (*Passwd) SHashPassword 

func (a *Passwd) SHashPassword(password string) (hash string, err error)

Hash a password string.

func (*Passwd) SHashPasswordWithSalt 

func (a *Passwd) SHashPasswordWithSalt(password string, salt string) (hash string, err error)

Hash a password string with a custom salt.

func (*Passwd) SetParams 

func (a *Passwd) SetParams(p string)

Set parameters for password generation. Typically used for iterations, but also used for yes crypt configuration.

func (*Passwd) SetSalt 

func (a *Passwd) SetSalt(s []byte)

Set a salt for hashing, an empty salt will generate a new one.

type PasswdInterface 

type PasswdInterface interface {
	SetParams(p string)
	SetSalt(s []byte)
	GenerateSalt() ([]byte, error)
	HashPassword(password []byte) (hash []byte, err error)
	HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)
	SHashPassword(password string) (hash string, err error)
	SHashPasswordWithSalt(password string, salt string) (hash string, err error)
}

Standard protocol for working with all hash algorithms.

func NewGostYesCryptPasswd 

func NewGostYesCryptPasswd() PasswdInterface

Make an MD5Crypt password instance.

func NewMD5CryptPasswd 

func NewMD5CryptPasswd() PasswdInterface

Make an MD5Crypt password instance.

func NewNTPasswd 

func NewNTPasswd() PasswdInterface

Make NTHash password interface.

func NewPasswd 

func NewPasswd(settings string) (PasswdInterface, error)

Get a password interface based on hash settings string.

func NewSCryptPasswd 

func NewSCryptPasswd() PasswdInterface

Make an MD5Crypt password instance.

func NewSHA1Passwd 

func NewSHA1Passwd() PasswdInterface

func NewSHA256CryptPasswd 

func NewSHA256CryptPasswd() PasswdInterface

Make an MD5Crypt password instance.

func NewSHA512CryptPasswd 

func NewSHA512CryptPasswd() PasswdInterface

Make an MD5Crypt password instance.

func NewSunMD5Passwd 

func NewSunMD5Passwd() PasswdInterface

Make an MD5Crypt password instance.

func NewYesCryptPasswd 

func NewYesCryptPasswd() PasswdInterface

Make an MD5Crypt password instance.

type SCrypt 

type SCrypt struct {
	Passwd
}

func (*SCrypt) DecodeSCryptParams 

func (a *SCrypt) DecodeSCryptParams() (N, r, p int)

Decode SCrypt params.

func (*SCrypt) Hash 

func (a *SCrypt) Hash(password []byte, salt []byte) (hash []byte, err error)

Hash a password with salt using scrypt standard.

func (*SCrypt) HashPasswordWithSalt 

func (a *SCrypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the passwd hash with salt function to hash with scrypt.

func (*SCrypt) SetSCryptParams 

func (a *SCrypt) SetSCryptParams(N, r, p int) (err error)

Sets the SCrypt params using integers.

type SHA1Crypt 

type SHA1Crypt struct {
	Passwd
}

func (*SHA1Crypt) Hash 

func (a *SHA1Crypt) Hash(password []byte, salt []byte, iterations uint64) (hash []byte)

PBKDF1 with SHA1 crypt algorithm.

func (*SHA1Crypt) HashPasswordWithSalt 

func (a *SHA1Crypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the hash with salt function to encode PBKDF1 with SHA1 hash.

type SHA256Crypt 

type SHA256Crypt struct {
	Passwd
}

func (*SHA256Crypt) Hash 

func (a *SHA256Crypt) Hash(password []byte, salt []byte, iterations uint64) (hash []byte)

Hash a password with salt using SHA256 crypt standard.

func (*SHA256Crypt) HashPasswordWithSalt 

func (a *SHA256Crypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the passwd hash with salt function to hash with SHA256 crypt.

type SHA512Crypt 

type SHA512Crypt struct {
	Passwd
}

func (*SHA512Crypt) Hash 

func (a *SHA512Crypt) Hash(password []byte, salt []byte, iterations uint64) (hash []byte)

Hash a password with salt using SHA512 crypt standard.

func (*SHA512Crypt) HashPasswordWithSalt 

func (a *SHA512Crypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the passwd hash with salt function to hash with SHA512 crypt.

type SunMD5 

type SunMD5 struct {
	Passwd
}

func (*SunMD5) Hash 

func (a *SunMD5) Hash(password []byte, salt []byte, additionalIterations uint64) (hash []byte)

Hash a password with salt using MD5 crypt standard.

func (*SunMD5) HashPasswordWithSalt 

func (a *SunMD5) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the passwd hash with salt function to hash with Sun MD5.

func (*SunMD5) MuffetCoinToss 

func (s *SunMD5) MuffetCoinToss(digest []byte, iteration uint64) bool

type YesCrypt 

type YesCrypt struct {
	Passwd
}

func (*YesCrypt) DecodeSCryptParams 

func (a *YesCrypt) DecodeSCryptParams() (N, r int)

Decode SCrypt params.

func (*YesCrypt) Hash 

func (a *YesCrypt) Hash(password []byte, salt []byte) (hash []byte, err error)

Hash a password with salt using yes crypt standard.

func (*YesCrypt) HashPasswordWithSalt 

func (a *YesCrypt) HashPasswordWithSalt(password []byte, salt []byte) (hash []byte, err error)

Override the passwd hash with salt function to hash with yes crypt.

func (*YesCrypt) SetSCryptParams 

func (a *YesCrypt) SetSCryptParams(N, r int) (err error)

Sets the SCrypt params using integers.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.