// Copyright 2023 The Gitea Authors. All rights reserved. // SPDX-License-Identifier: MIT package hash import ( "golang.org/x/crypto/bcrypt" ) func init() { MustRegister("bcrypt", NewBcryptHasher) } // BcryptHasher implements PasswordHasher // and uses the bcrypt password hash function. type BcryptHasher struct { cost int } // HashWithSaltBytes a provided password and salt func (hasher *BcryptHasher) HashWithSaltBytes(password string, salt []byte) string { if hasher == nil { return "" } hashedPassword, _ := bcrypt.GenerateFromPassword([]byte(password), hasher.cost) return string(hashedPassword) } func (hasher *BcryptHasher) VerifyPassword(password, hashedPassword, salt string) bool { return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) == nil } // NewBcryptHasher is a factory method to create an BcryptHasher // The provided config should be either empty or the string representation of the "<cost>" // as an integer func NewBcryptHasher(config string) *BcryptHasher { // This matches the original configuration for `bcrypt` prior to storing hash parameters // in the database. // THESE VALUES MUST NOT BE CHANGED OR BACKWARDS COMPATIBILITY WILL BREAK hasher := &BcryptHasher{ cost: 10, // cost=10. i.e. 2^10 rounds of key expansion. } if config == "" { return hasher } var err error hasher.cost, err = parseIntParam(config, "cost", "bcrypt", config, nil) if err != nil { return nil } return hasher }