xs/vendor/gopkg.in/hlandau/passlib.v1/hash/bcrypt/bcrypt.go

// Package bcrypt implements the bcrypt password hashing mechanism.
//
// Please note that bcrypt truncates passwords to 72 characters in length. Consider using
// a more modern hashing scheme such as scrypt or sha-crypt. If you must use bcrypt,
// consider using bcrypt-sha256 instead.
package bcrypt

import "golang.org/x/crypto/bcrypt"
import "gopkg.in/hlandau/passlib.v1/abstract"
import "fmt"

// An implementation of Scheme implementing bcrypt.
//
// Uses RecommendedCost.
var Crypter abstract.Scheme

// The recommended cost for bcrypt. This may change with subsequent releases.
const RecommendedCost = 12

// bcrypt.DefaultCost is a bit low (10), so use 12 instead.

func init() {
	Crypter = New(RecommendedCost)
}

// Create a new scheme implementing bcrypt. The recommended cost is RecommendedCost.
func New(cost int) abstract.Scheme {
	return &scheme{
		Cost: cost,
	}
}

type scheme struct {
	Cost int
}

func (s *scheme) SupportsStub(stub string) bool {
	return len(stub) >= 3 && stub[0] == '$' && stub[1] == '2' &&
		(stub[2] == '$' || (len(stub) >= 4 && stub[3] == '$' &&
			(stub[2] == 'a' || stub[2] == 'b' || stub[2] == 'y')))
}

func (s *scheme) Hash(password string) (string, error) {
	h, err := bcrypt.GenerateFromPassword([]byte(password), s.Cost)
	if err != nil {
		return "", err
	}

	return string(h), nil
}

func (s *scheme) Verify(password, hash string) error {
	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
	if err == bcrypt.ErrMismatchedHashAndPassword {
		err = abstract.ErrInvalidPassword
	}

	return err
}

func (s *scheme) NeedsUpdate(stub string) bool {
	cost, err := bcrypt.Cost([]byte(stub))
	if err != nil {
		return false
	}

	return cost < s.Cost
}

func (s *scheme) String() string {
	return fmt.Sprintf("bcrypt(%d)", s.Cost)
}
1/3 Updated Makefile to allow VENDOR flag (adds -vendor to version string) 2/3 Added vendor/ dir to lock down dependent pkg versions. The author of git.schwanenlied.me/yawning/{chacha20,newhope,kyber}.git has copied their repos to gitlab.com/yawning/ but some imports of chacha20 from newhope still inconsistently refer to git.schwanenlied.me/, breaking build. Licenses for chacha20 also changed from CC0 to AGPL, which may or may not be an issue. Until the two aforementioned issues are resolved, locking to last-good versions is probably the best way forward for now. To build with vendored deps, use make VENDOR=1 clean all 3/3 Moved body of CI push script into bacillus/ 2020-01-29 21:25:14 +00:00			`// Package bcrypt implements the bcrypt password hashing mechanism.`
			`//`
			`// Please note that bcrypt truncates passwords to 72 characters in length. Consider using`
			`// a more modern hashing scheme such as scrypt or sha-crypt. If you must use bcrypt,`
			`// consider using bcrypt-sha256 instead.`
			`package bcrypt`

			`import "golang.org/x/crypto/bcrypt"`
			`import "gopkg.in/hlandau/passlib.v1/abstract"`
			`import "fmt"`

			`// An implementation of Scheme implementing bcrypt.`
			`//`
			`// Uses RecommendedCost.`
			`var Crypter abstract.Scheme`

			`// The recommended cost for bcrypt. This may change with subsequent releases.`
			`const RecommendedCost = 12`

			`// bcrypt.DefaultCost is a bit low (10), so use 12 instead.`

			`func init() {`
			`Crypter = New(RecommendedCost)`
			`}`

			`// Create a new scheme implementing bcrypt. The recommended cost is RecommendedCost.`
			`func New(cost int) abstract.Scheme {`
			`return &scheme{`
			`Cost: cost,`
			`}`
			`}`

			`type scheme struct {`
			`Cost int`
			`}`

			`func (s *scheme) SupportsStub(stub string) bool {`
			`return len(stub) >= 3 && stub[0] == '$' && stub[1] == '2' &&`
			`(stub[2] == '$' \|\| (len(stub) >= 4 && stub[3] == '$' &&`
			`(stub[2] == 'a' \|\| stub[2] == 'b' \|\| stub[2] == 'y')))`
			`}`

			`func (s *scheme) Hash(password string) (string, error) {`
			`h, err := bcrypt.GenerateFromPassword([]byte(password), s.Cost)`
			`if err != nil {`
			`return "", err`
			`}`

			`return string(h), nil`
			`}`

			`func (s *scheme) Verify(password, hash string) error {`
			`err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))`
			`if err == bcrypt.ErrMismatchedHashAndPassword {`
			`err = abstract.ErrInvalidPassword`
			`}`

			`return err`
			`}`

			`func (s *scheme) NeedsUpdate(stub string) bool {`
			`cost, err := bcrypt.Cost([]byte(stub))`
			`if err != nil {`
			`return false`
			`}`

			`return cost < s.Cost`
			`}`

			`func (s *scheme) String() string {`
			`return fmt.Sprintf("bcrypt(%d)", s.Cost)`
			`}`