summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorUnknown <joe2010xtmf@163.com>2014-04-06 16:10:57 -0400
committerUnknown <joe2010xtmf@163.com>2014-04-06 16:10:57 -0400
commite7c8a3cb8d26da68b09f799585c03970cd243be1 (patch)
tree2226974dc3be1d926b6caaffcafa5feee6de2d68 /modules
parentdb1fe3483ed2c8c0962ee4395073e0b190310602 (diff)
downloadgitea-e7c8a3cb8d26da68b09f799585c03970cd243be1.tar.gz
gitea-e7c8a3cb8d26da68b09f799585c03970cd243be1.zip
Add salt for every single user
Diffstat (limited to 'modules')
-rw-r--r--modules/base/tool.go40
1 files changed, 40 insertions, 0 deletions
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 3946c4b56b..f7d1bc2c55 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -6,12 +6,14 @@ package base
import (
"bytes"
+ "crypto/hmac"
"crypto/md5"
"crypto/rand"
"crypto/sha1"
"encoding/hex"
"encoding/json"
"fmt"
+ "hash"
"math"
"strconv"
"strings"
@@ -40,6 +42,44 @@ func GetRandomString(n int, alphabets ...byte) string {
return string(bytes)
}
+// http://code.google.com/p/go/source/browse/pbkdf2/pbkdf2.go?repo=crypto
+func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
+ prf := hmac.New(h, password)
+ hashLen := prf.Size()
+ numBlocks := (keyLen + hashLen - 1) / hashLen
+
+ var buf [4]byte
+ dk := make([]byte, 0, numBlocks*hashLen)
+ U := make([]byte, hashLen)
+ for block := 1; block <= numBlocks; block++ {
+ // N.B.: || means concatenation, ^ means XOR
+ // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter
+ // U_1 = PRF(password, salt || uint(i))
+ prf.Reset()
+ prf.Write(salt)
+ buf[0] = byte(block >> 24)
+ buf[1] = byte(block >> 16)
+ buf[2] = byte(block >> 8)
+ buf[3] = byte(block)
+ prf.Write(buf[:4])
+ dk = prf.Sum(dk)
+ T := dk[len(dk)-hashLen:]
+ copy(U, T)
+
+ // U_n = PRF(password, U_(n-1))
+ for n := 2; n <= iter; n++ {
+ prf.Reset()
+ prf.Write(U)
+ U = U[:0]
+ U = prf.Sum(U)
+ for x := range U {
+ T[x] ^= U[x]
+ }
+ }
+ }
+ return dk[:keyLen]
+}
+
// verify time limit code
func VerifyTimeLimitCode(data string, minutes int, code string) bool {
if len(code) <= 18 {