mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-10-23 18:42:26 +00:00
81412571f8(cherry picked from commit3ea0b287d7) (cherry picked from commitdb8392a8ac) (cherry picked from commitbd2a5fa292) (cherry picked from commit2436acb3d9) (cherry picked from commit62f50e1c52) (cherry picked from commitdba1892521) (cherry picked from commit4b58e3b6d4) (cherry picked from commit1247056856) (cherry picked from commitafbaea7009) (cherry picked from commitdcd4813d96) (cherry picked from commitb51dc963d1) (cherry picked from commit611e895efd) (cherry picked from commitfd492a03f5) (cherry picked from commit2c99991f44) (cherry picked from commit7426c1edb4) (cherry picked from commit373244f8b2) (cherry picked from commit4f6efecdb9) (cherry picked from commit61d500808e) (cherry picked from commit65f8384b63) (cherry picked from commit12ed28e734) (cherry picked from commitec6cdc9e1a) (cherry picked from commit08653ba051) (cherry picked from commitd5847c87cb) (cherry picked from commit640a96e19b) (cherry picked from commit46177814a9) (cherry picked from commitb0098f5a80) (cherry picked from commitce5ddeeca9) (cherry picked from commit5736fa1025) (cherry picked from commitc43ca210fc) (cherry picked from commit7f92906bf3) (cherry picked from commitf726525d2d) (cherry picked from commitdb86c93b0b) (cherry picked from commit6751bd93c3) (cherry picked from commit74bb523ac9) (cherry picked from commit94f9045a81) (cherry picked from commit5297eac42d) (cherry picked from commit57e3c57c51) (cherry picked from commitc5cacfee51) (cherry picked from commitdfa31ee004) (cherry picked from commitd7d10a76b4) (cherry picked from commit62bd4edd46) (cherry picked from commit798c211f86) (cherry picked from commit1f645aecea) (cherry picked from commit8a8b62e10e) (cherry picked from commitd3ff4e1fdf)
76 lines
2.7 KiB
Go
76 lines
2.7 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package hash
|
|
|
|
// DefaultHashAlgorithmName represents the default value of PASSWORD_HASH_ALGO
|
|
// configured in app.ini.
|
|
//
|
|
// It is NOT the same and does NOT map to the defaultEmptyHashAlgorithmSpecification.
|
|
//
|
|
// It will be dealiased as per aliasAlgorithmNames whereas
|
|
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
|
|
const DefaultHashAlgorithmName = "pbkdf2_hi"
|
|
|
|
var DefaultHashAlgorithm *PasswordHashAlgorithm
|
|
|
|
// aliasAlgorithNames provides a mapping between the value of PASSWORD_HASH_ALGO
|
|
// configured in the app.ini and the parameters used within the hashers internally.
|
|
//
|
|
// If it is necessary to change the default parameters for any hasher in future you
|
|
// should change these values and not those in argon2.go etc.
|
|
var aliasAlgorithmNames = map[string]string{
|
|
"argon2": "argon2$2$65536$8$50",
|
|
"bcrypt": "bcrypt$10",
|
|
"scrypt": "scrypt$65536$16$2$50",
|
|
"pbkdf2": "pbkdf2_v2", // pbkdf2 should default to pbkdf2_v2
|
|
"pbkdf2_v1": "pbkdf2$10000$50",
|
|
// The latest PBKDF2 password algorithm is used as the default since it doesn't
|
|
// use a lot of memory and is safer to use on less powerful devices.
|
|
"pbkdf2_v2": "pbkdf2$50000$50",
|
|
// The pbkdf2_hi password algorithm is offered as a stronger alternative to the
|
|
// slightly improved pbkdf2_v2 algorithm
|
|
"pbkdf2_hi": "pbkdf2$320000$50",
|
|
}
|
|
|
|
var RecommendedHashAlgorithms = []string{
|
|
"pbkdf2",
|
|
"argon2",
|
|
"bcrypt",
|
|
"scrypt",
|
|
"pbkdf2_hi",
|
|
}
|
|
|
|
// hashAlgorithmToSpec converts an algorithm name or a specification to a full algorithm specification
|
|
func hashAlgorithmToSpec(algorithmName string) string {
|
|
if algorithmName == "" {
|
|
algorithmName = DefaultHashAlgorithmName
|
|
}
|
|
alias, has := aliasAlgorithmNames[algorithmName]
|
|
for has {
|
|
algorithmName = alias
|
|
alias, has = aliasAlgorithmNames[algorithmName]
|
|
}
|
|
return algorithmName
|
|
}
|
|
|
|
// SetDefaultPasswordHashAlgorithm will take a provided algorithmName and de-alias it to
|
|
// a complete algorithm specification.
|
|
func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHashAlgorithm) {
|
|
algoSpec := hashAlgorithmToSpec(algorithmName)
|
|
// now we get a full specification, e.g. pbkdf2$50000$50 rather than pbdkf2
|
|
DefaultHashAlgorithm = Parse(algoSpec)
|
|
return algoSpec, DefaultHashAlgorithm
|
|
}
|
|
|
|
// ConfigHashAlgorithm will try to find a "recommended algorithm name" defined by RecommendedHashAlgorithms for config
|
|
// This function is not fast and is only used for the installation page
|
|
func ConfigHashAlgorithm(algorithm string) string {
|
|
algorithm = hashAlgorithmToSpec(algorithm)
|
|
for _, recommAlgo := range RecommendedHashAlgorithms {
|
|
if algorithm == hashAlgorithmToSpec(recommAlgo) {
|
|
return recommAlgo
|
|
}
|
|
}
|
|
return algorithm
|
|
}
|