diff options
author | wxiaoguang <wxiaoguang@gmail.com> | 2022-01-26 12:10:10 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-26 12:10:10 +0800 |
commit | 49dd9067535538771ef13623ed1dd9698a4a2151 (patch) | |
tree | 7a06ff053683e50d93ad50ce25585a13d54c41e5 /modules/util | |
parent | 4889ab52de0b390bb6e96ad6a64ee082585b3d79 (diff) | |
download | gitea-49dd9067535538771ef13623ed1dd9698a4a2151.tar.gz gitea-49dd9067535538771ef13623ed1dd9698a4a2151.zip |
Use base32 for 2FA scratch token (#18384)
* Use base32 for 2FA scratch token
* rename Secure* to Crypto*, add comments
Diffstat (limited to 'modules/util')
-rw-r--r-- | modules/util/util.go | 36 | ||||
-rw-r--r-- | modules/util/util_test.go | 18 |
2 files changed, 27 insertions, 27 deletions
diff --git a/modules/util/util.go b/modules/util/util.go index c2117a6525..90d0eca15c 100644 --- a/modules/util/util.go +++ b/modules/util/util.go @@ -137,8 +137,8 @@ func MergeInto(dict map[string]interface{}, values ...interface{}) (map[string]i return dict, nil } -// RandomInt returns a random integer between 0 and limit, inclusive -func RandomInt(limit int64) (int64, error) { +// CryptoRandomInt returns a crypto random integer between 0 and limit, inclusive +func CryptoRandomInt(limit int64) (int64, error) { rInt, err := rand.Int(rand.Reader, big.NewInt(limit)) if err != nil { return 0, err @@ -146,27 +146,27 @@ func RandomInt(limit int64) (int64, error) { return rInt.Int64(), nil } -const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" +const alphanumericalChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" -// RandomString generates a random alphanumerical string -func RandomString(length int64) (string, error) { - bytes := make([]byte, length) - limit := int64(len(letters)) - for i := range bytes { - num, err := RandomInt(limit) +// CryptoRandomString generates a crypto random alphanumerical string, each byte is generated by [0,61] range +func CryptoRandomString(length int64) (string, error) { + buf := make([]byte, length) + limit := int64(len(alphanumericalChars)) + for i := range buf { + num, err := CryptoRandomInt(limit) if err != nil { return "", err } - bytes[i] = letters[num] + buf[i] = alphanumericalChars[num] } - return string(bytes), nil + return string(buf), nil } -// RandomBytes generates `length` bytes -// This differs from RandomString, as RandomString is limits each byte to have -// a maximum value of 63 instead of 255(max byte size) -func RandomBytes(length int64) ([]byte, error) { - bytes := make([]byte, length) - _, err := rand.Read(bytes) - return bytes, err +// CryptoRandomBytes generates `length` crypto bytes +// This differs from CryptoRandomString, as each byte in CryptoRandomString is generated by [0,61] range +// This function generates totally random bytes, each byte is generated by [0,255] range +func CryptoRandomBytes(length int64) ([]byte, error) { + buf := make([]byte, length) + _, err := rand.Read(buf) + return buf, err } diff --git a/modules/util/util_test.go b/modules/util/util_test.go index e2e26b2627..b32cec23d9 100644 --- a/modules/util/util_test.go +++ b/modules/util/util_test.go @@ -120,20 +120,20 @@ func Test_NormalizeEOL(t *testing.T) { } func Test_RandomInt(t *testing.T) { - int, err := RandomInt(255) + int, err := CryptoRandomInt(255) assert.True(t, int >= 0) assert.True(t, int <= 255) assert.NoError(t, err) } func Test_RandomString(t *testing.T) { - str1, err := RandomString(32) + str1, err := CryptoRandomString(32) assert.NoError(t, err) matches, err := regexp.MatchString(`^[a-zA-Z0-9]{32}$`, str1) assert.NoError(t, err) assert.True(t, matches) - str2, err := RandomString(32) + str2, err := CryptoRandomString(32) assert.NoError(t, err) matches, err = regexp.MatchString(`^[a-zA-Z0-9]{32}$`, str1) assert.NoError(t, err) @@ -141,13 +141,13 @@ func Test_RandomString(t *testing.T) { assert.NotEqual(t, str1, str2) - str3, err := RandomString(256) + str3, err := CryptoRandomString(256) assert.NoError(t, err) matches, err = regexp.MatchString(`^[a-zA-Z0-9]{256}$`, str3) assert.NoError(t, err) assert.True(t, matches) - str4, err := RandomString(256) + str4, err := CryptoRandomString(256) assert.NoError(t, err) matches, err = regexp.MatchString(`^[a-zA-Z0-9]{256}$`, str4) assert.NoError(t, err) @@ -157,18 +157,18 @@ func Test_RandomString(t *testing.T) { } func Test_RandomBytes(t *testing.T) { - bytes1, err := RandomBytes(32) + bytes1, err := CryptoRandomBytes(32) assert.NoError(t, err) - bytes2, err := RandomBytes(32) + bytes2, err := CryptoRandomBytes(32) assert.NoError(t, err) assert.NotEqual(t, bytes1, bytes2) - bytes3, err := RandomBytes(256) + bytes3, err := CryptoRandomBytes(256) assert.NoError(t, err) - bytes4, err := RandomBytes(256) + bytes4, err := CryptoRandomBytes(256) assert.NoError(t, err) assert.NotEqual(t, bytes3, bytes4) |