diff options
author | Unknown <joe2010xtmf@163.com> | 2014-04-06 16:10:57 -0400 |
---|---|---|
committer | Unknown <joe2010xtmf@163.com> | 2014-04-06 16:10:57 -0400 |
commit | e7c8a3cb8d26da68b09f799585c03970cd243be1 (patch) | |
tree | 2226974dc3be1d926b6caaffcafa5feee6de2d68 /modules/base | |
parent | db1fe3483ed2c8c0962ee4395073e0b190310602 (diff) | |
download | gitea-e7c8a3cb8d26da68b09f799585c03970cd243be1.tar.gz gitea-e7c8a3cb8d26da68b09f799585c03970cd243be1.zip |
Add salt for every single user
Diffstat (limited to 'modules/base')
-rw-r--r-- | modules/base/tool.go | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/modules/base/tool.go b/modules/base/tool.go index 3946c4b56b..f7d1bc2c55 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -6,12 +6,14 @@ package base import ( "bytes" + "crypto/hmac" "crypto/md5" "crypto/rand" "crypto/sha1" "encoding/hex" "encoding/json" "fmt" + "hash" "math" "strconv" "strings" @@ -40,6 +42,44 @@ func GetRandomString(n int, alphabets ...byte) string { return string(bytes) } +// http://code.google.com/p/go/source/browse/pbkdf2/pbkdf2.go?repo=crypto +func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { + prf := hmac.New(h, password) + hashLen := prf.Size() + numBlocks := (keyLen + hashLen - 1) / hashLen + + var buf [4]byte + dk := make([]byte, 0, numBlocks*hashLen) + U := make([]byte, hashLen) + for block := 1; block <= numBlocks; block++ { + // N.B.: || means concatenation, ^ means XOR + // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter + // U_1 = PRF(password, salt || uint(i)) + prf.Reset() + prf.Write(salt) + buf[0] = byte(block >> 24) + buf[1] = byte(block >> 16) + buf[2] = byte(block >> 8) + buf[3] = byte(block) + prf.Write(buf[:4]) + dk = prf.Sum(dk) + T := dk[len(dk)-hashLen:] + copy(U, T) + + // U_n = PRF(password, U_(n-1)) + for n := 2; n <= iter; n++ { + prf.Reset() + prf.Write(U) + U = U[:0] + U = prf.Sum(U) + for x := range U { + T[x] ^= U[x] + } + } + } + return dk[:keyLen] +} + // verify time limit code func VerifyTimeLimitCode(data string, minutes int, code string) bool { if len(code) <= 18 { |