Files
dns-autoresolver/internal/auth/password.go
T

94 lines
2.7 KiB
Go

package auth
import (
"crypto/rand"
"crypto/subtle"
"encoding/base64"
"fmt"
"regexp"
"strconv"
"strings"
"golang.org/x/crypto/argon2"
)
const (
argonTime = 1
argonMemory = 64 * 1024
argonThreads = 4
argonKeyLen = 32
argonSaltLen = 16
// Upper bounds guard against a corrupted/attacker-controlled
// password_hash forcing an oversized argon2 computation (DoS).
argonMaxMemoryKiB = 1 << 21 // 2 GiB in KiB
argonMaxTime = 10
argonMaxThreads = 16
)
// paramsRe strictly matches the "m=<n>,t=<n>,p=<n>" parameter segment,
// requiring the whole segment to be consumed (no trailing garbage).
var paramsRe = regexp.MustCompile(`^m=([0-9]+),t=([0-9]+),p=([0-9]+)$`)
func HashPassword(password string) (string, error) {
salt := make([]byte, argonSaltLen)
if _, err := rand.Read(salt); err != nil {
return "", err
}
key := argon2.IDKey([]byte(password), salt, argonTime, argonMemory, argonThreads, argonKeyLen)
b64 := base64.RawStdEncoding.EncodeToString
return fmt.Sprintf("$argon2id$v=19$m=%d,t=%d,p=%d$%s$%s",
argonMemory, argonTime, argonThreads, b64(salt), b64(key)), nil
}
func VerifyPassword(encoded, password string) (bool, error) {
parts := strings.Split(encoded, "$")
if len(parts) != 6 || parts[1] != "argon2id" {
return false, fmt.Errorf("auth: bad hash format")
}
if parts[2] != "v=19" {
return false, fmt.Errorf("auth: unsupported version")
}
matches := paramsRe.FindStringSubmatch(parts[3])
if matches == nil {
return false, fmt.Errorf("auth: bad hash format")
}
m64, err := strconv.ParseUint(matches[1], 10, 32)
if err != nil {
return false, fmt.Errorf("auth: bad hash format")
}
t64, err := strconv.ParseUint(matches[2], 10, 32)
if err != nil {
return false, fmt.Errorf("auth: bad hash format")
}
p64, err := strconv.ParseUint(matches[3], 10, 8)
if err != nil {
return false, fmt.Errorf("auth: bad hash format")
}
m, t, p := uint32(m64), uint32(t64), uint8(p64)
// argon2.IDKey panics if time<1 ("number of rounds too small") or
// threads<1 ("parallelism degree too low"). Reject before calling it.
// Minimum memory per argon2 spec is 8*parallelism (in KiB).
if t < 1 || p < 1 || m < 8*uint32(p) {
return false, fmt.Errorf("auth: bad hash params")
}
// Upper bounds guard against DoS via inflated parameters in a
// corrupted or attacker-controlled stored hash.
if m > argonMaxMemoryKiB || t > argonMaxTime || p > argonMaxThreads {
return false, fmt.Errorf("auth: bad hash params")
}
salt, err := base64.RawStdEncoding.DecodeString(parts[4])
if err != nil {
return false, err
}
want, err := base64.RawStdEncoding.DecodeString(parts[5])
if err != nil {
return false, err
}
got := argon2.IDKey([]byte(password), salt, t, m, p, uint32(len(want)))
return subtle.ConstantTimeCompare(got, want) == 1, nil
}