mstar/linstrom
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages 1 Wiki Activity Actions
linstrom/auth-new/helpers.go
mStar c59b0c8340
Some checks are pending
/ test (push) Waiting to run
Details
Move hashing and encryption to auth/helpers
2025-03-31 23:06:27 +02:00

110 lines
2.2 KiB
Go
Raw Blame History

package auth
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"golang.org/x/crypto/argon2"
)
// Len of salt for passwords in bytes
const saltLen = 32
func generateSalt(length int) ([]byte, error) {
salt := make([]byte, length)
if _, err := rand.Read(salt); err != nil {
return nil, err
}
return salt, nil
}
func hashPassword(password string) ([]byte, error) {
salt, err := generateSalt(saltLen)
if err != nil {
return nil, err
}
hash := argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32)
hash = append(hash, salt...)
// return bcrypt.GenerateFromPassword([]byte(password), 14)
return hash, nil
}
// Compare a raw password against a hash + salt
func comparePassword(password string, hash []byte) bool {
// Hash is actually hash(password)+salt
salt := hash[len(hash)-saltLen:]
return bytes.Equal(argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32), hash)
}
// Copied and adjusted from: https://bruinsslot.jp/post/golang-crypto/
func Encrypt(key, data []byte) ([]byte, error) {
key, salt, err := deriveKey(key, nil)
if err != nil {
return nil, err
}
blockCipher, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(blockCipher)
if err != nil {
return nil, err
}
nonce := make([]byte, gcm.NonceSize())
if _, err = rand.Read(nonce); err != nil {
return nil, err
}
ciphertext := gcm.Seal(nonce, nonce, data, nil)
ciphertext = append(ciphertext, salt...)
return ciphertext, nil
}
func Decrypt(key, data []byte) ([]byte, error) {
salt, data := data[len(data)-32:], data[:len(data)-32]
key, _, err := deriveKey(key, salt)
if err != nil {
return nil, err
}
blockCipher, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(blockCipher)
if err != nil {
return nil, err
}
nonce, ciphertext := data[:gcm.NonceSize()], data[gcm.NonceSize():]
plaintext, err := gcm.Open(nil, nonce, ciphertext, nil)
if err != nil {
return nil, err
}
return plaintext, nil
}
func deriveKey(password, salt []byte) ([]byte, []byte, error) {
if salt == nil {
salt = make([]byte, 32)
if _, err := rand.Read(salt); err != nil {
return nil, nil, err
}
}
key := argon2.IDKey(password, salt, 1, 64*1024, 4, 32)
return key, salt, nil
}
Reference in a new issue View git blame Copy permalink