package hasher import ( "crypto/rand" "crypto/subtle" "encoding/base64" "fmt" "os" "strings" "golang.org/x/crypto/argon2" "golang.org/x/crypto/bcrypt" ) var enabled = true type params struct { memory uint32 iterations uint32 parallelism uint8 saltLength uint32 keyLength uint32 } var p = ¶ms{ memory: 64 * 1024, iterations: 3, parallelism: 2, saltLength: 16, keyLength: 32, } func init() { // nolint: gochecknoinits disableHas := os.Getenv("UNSAFE_DISABLE_PASSWORD_PROJECTION") == "yes_i_am_sure" if disableHas { fmt.Println("WARNING: Password protection is disabled. This is unsafe in production.") enabled = false } } func GenerateRandomBytes(n uint32) ([]byte, error) { b := make([]byte, n) _, err := rand.Read(b) if err != nil { return nil, err } return b, nil } func HashPassword(password string) (string, error) { if !enabled { return password, nil } salt, err := GenerateRandomBytes(p.saltLength) if err != nil { return "", err } hash := argon2.IDKey([]byte(password), salt, p.iterations, p.memory, p.parallelism, p.keyLength) b64Salt := base64.RawStdEncoding.EncodeToString(salt) b64Hash := base64.RawStdEncoding.EncodeToString(hash) encodedHash := fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s", argon2.Version, 64*1024, 3, 2, b64Salt, b64Hash) return encodedHash, err } // CheckPasswordHash checks if the provided password matches the hash. // Additionally, it returns a boolean indicating whether the password should be rehashed. func CheckPasswordHash(password, hash string) (bool, bool) { if !enabled { return password == hash, false } // Compare Argon2id hash first match, err := comparePasswordAndHash(password, hash) if err != nil || !match { // If argon2id hash fails or doesn't match, try bcrypt err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) if err == nil { // If bcrypt hash matches, return true and indicate rehashing return true, true } else { // If both fail, return false and indicate no rehashing return false, false } } return match, false } func comparePasswordAndHash(password, encodedHash string) (match bool, err error) { // Extract the parameters, salt and derived key from the encoded password // hash. p, salt, hash, err := decodeHash(encodedHash) if err != nil { return false, err } // Derive the key from the other password using the same parameters. otherHash := argon2.IDKey([]byte(password), salt, p.iterations, p.memory, p.parallelism, p.keyLength) // Check that the contents of the hashed passwords are identical. Note // that we are using the subtle.ConstantTimeCompare() function for this // to help prevent timing attacks. if subtle.ConstantTimeCompare(hash, otherHash) == 1 { return true, nil } return false, nil } func decodeHash(encodedHash string) (p *params, salt, hash []byte, err error) { vals := strings.Split(encodedHash, "$") if len(vals) != 6 { return nil, nil, nil, fmt.Errorf("invalid hash format") } var version int _, err = fmt.Sscanf(vals[2], "v=%d", &version) if err != nil { return nil, nil, nil, err } if version != argon2.Version { return nil, nil, nil, fmt.Errorf("unsupported argon2 version: %d", version) } p = ¶ms{} _, err = fmt.Sscanf(vals[3], "m=%d,t=%d,p=%d", &p.memory, &p.iterations, &p.parallelism) if err != nil { return nil, nil, nil, err } salt, err = base64.RawStdEncoding.Strict().DecodeString(vals[4]) if err != nil { return nil, nil, nil, err } p.saltLength = uint32(len(salt)) hash, err = base64.RawStdEncoding.Strict().DecodeString(vals[5]) if err != nil { return nil, nil, nil, err } p.keyLength = uint32(len(hash)) return p, salt, hash, nil }