afan
/
gitea
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
gitea源码
2 Commity
2 Gałęzie
Drzewo: f5d5e77162
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'f5d5e77162'
${ noResults }
gitea/modules/auth/password/hash/setting.go

setting.go 2.7KB
Historia Czysty

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. // Copyright 2023 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package hash

  5. 

  6. // DefaultHashAlgorithmName represents the default value of PASSWORD_HASH_ALGO

  7. // configured in app.ini.

  8. //

  9. // It is NOT the same and does NOT map to the defaultEmptyHashAlgorithmSpecification.

  10. //

  11. // It will be dealiased as per aliasAlgorithmNames whereas

  12. // defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.

  13. const DefaultHashAlgorithmName = "pbkdf2"

  14. 

  15. var DefaultHashAlgorithm *PasswordHashAlgorithm

  16. 

  17. // aliasAlgorithNames provides a mapping between the value of PASSWORD_HASH_ALGO

  18. // configured in the app.ini and the parameters used within the hashers internally.

  19. //

  20. // If it is necessary to change the default parameters for any hasher in future you

  21. // should change these values and not those in argon2.go etc.

  22. var aliasAlgorithmNames = map[string]string{

  23. 	"argon2":    "argon2$2$65536$8$50",

  24. 	"bcrypt":    "bcrypt$10",

  25. 	"scrypt":    "scrypt$65536$16$2$50",

  26. 	"pbkdf2":    "pbkdf2_v2", // pbkdf2 should default to pbkdf2_v2

  27. 	"pbkdf2_v1": "pbkdf2$10000$50",

  28. 	// The latest PBKDF2 password algorithm is used as the default since it doesn't

  29. 	// use a lot of  memory and is safer to use on less powerful devices.

  30. 	"pbkdf2_v2": "pbkdf2$50000$50",

  31. 	// The pbkdf2_hi password algorithm is offered as a stronger alternative to the

  32. 	// slightly improved pbkdf2_v2 algorithm

  33. 	"pbkdf2_hi": "pbkdf2$320000$50",

  34. }

  35. 

  36. var RecommendedHashAlgorithms = []string{

  37. 	"pbkdf2",

  38. 	"argon2",

  39. 	"bcrypt",

  40. 	"scrypt",

  41. 	"pbkdf2_hi",

  42. }

  43. 

  44. // hashAlgorithmToSpec converts an algorithm name or a specification to a full algorithm specification

  45. func hashAlgorithmToSpec(algorithmName string) string {

  46. 	if algorithmName == "" {

  47. 		algorithmName = DefaultHashAlgorithmName

  48. 	}

  49. 	alias, has := aliasAlgorithmNames[algorithmName]

  50. 	for has {

  51. 		algorithmName = alias

  52. 		alias, has = aliasAlgorithmNames[algorithmName]

  53. 	}

  54. 	return algorithmName

  55. }

  56. 

  57. // SetDefaultPasswordHashAlgorithm will take a provided algorithmName and de-alias it to

  58. // a complete algorithm specification.

  59. func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHashAlgorithm) {

  60. 	algoSpec := hashAlgorithmToSpec(algorithmName)

  61. 	// now we get a full specification, e.g. pbkdf2$50000$50 rather than pbdkf2

  62. 	DefaultHashAlgorithm = Parse(algoSpec)

  63. 	return algoSpec, DefaultHashAlgorithm

  64. }

  65. 

  66. // ConfigHashAlgorithm will try to find a "recommended algorithm name" defined by RecommendedHashAlgorithms for config

  67. // This function is not fast and is only used for the installation page

  68. func ConfigHashAlgorithm(algorithm string) string {

  69. 	algorithm = hashAlgorithmToSpec(algorithm)

  70. 	for _, recommAlgo := range RecommendedHashAlgorithms {

  71. 		if algorithm == hashAlgorithmToSpec(recommAlgo) {

  72. 			return recommAlgo

  73. 		}

  74. 	}

  75. 	return algorithm

  76. }