| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | package utils | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"crypto/md5" | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | 	"crypto/rand" | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	"crypto/sha256" | 
					
						
							|  |  |  | 	"crypto/sha512" | 
					
						
							|  |  |  | 	"encoding/base64" | 
					
						
							|  |  |  | 	"encoding/hex" | 
					
						
							|  |  |  | 	"io" | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | 	mt "math/rand" | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	"strconv" | 
					
						
							|  |  |  | 	"strings" | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | const ( | 
					
						
							|  |  |  | 	saltSize            = 16 | 
					
						
							|  |  |  | 	delmiter            = "$" | 
					
						
							|  |  |  | 	stretching_password = 500 | 
					
						
							|  |  |  | 	salt_local_secret   = "ahfw*&TGdsfnbi*^Wt" | 
					
						
							|  |  |  | ) | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | //加密密码 | 
					
						
							|  |  |  | func PasswordHash(pass string) (string, error) { | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	saltSecret, err := salt_secret() | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	salt, err := salt(salt_local_secret + saltSecret) | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	interation := randInt(1, 20) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	hash, err := hash(pass, saltSecret, salt, int64(interation)) | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	interationString := strconv.Itoa(interation) | 
					
						
							|  |  |  | 	password := saltSecret + delmiter + interationString + delmiter + hash + delmiter + salt | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	return password, nil | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | //校验密码是否有效 | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | func PasswordVerify(hashing string, pass string) (bool, error) { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	data := trimSaltHash(hashing) | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	interation, _ := strconv.ParseInt(data["interation_string"], 10, 64) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	has, err := hash(pass, data["salt_secret"], data["salt"], int64(interation)) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return false, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | 	if (data["salt_secret"] + delmiter + data["interation_string"] + delmiter + has + delmiter + data["salt"]) == hashing { | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 		return true, nil | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		return false, nil | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func hash(pass string, salt_secret string, salt string, interation int64) (string, error) { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	var passSalt = salt_secret + pass + salt + salt_secret + pass + salt + pass + pass + salt | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	var i int | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	hashPass := salt_local_secret | 
					
						
							|  |  |  | 	hashStart := sha512.New() | 
					
						
							|  |  |  | 	hashCenter := sha256.New() | 
					
						
							|  |  |  | 	hashOutput := sha256.New224() | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	i = 0 | 
					
						
							|  |  |  | 	for i <= stretching_password { | 
					
						
							|  |  |  | 		i = i + 1 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 		_, err := hashStart.Write([]byte(passSalt + hashPass)) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return "", err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		hashPass = hex.EncodeToString(hashStart.Sum(nil)) | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	i = 0 | 
					
						
							|  |  |  | 	for int64(i) <= interation { | 
					
						
							|  |  |  | 		i = i + 1 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 		hashPass = hashPass + hashPass | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	i = 0 | 
					
						
							|  |  |  | 	for i <= stretching_password { | 
					
						
							|  |  |  | 		i = i + 1 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 		_, err := hashCenter.Write([]byte(hashPass + salt_secret)) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return "", err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		hashPass = hex.EncodeToString(hashCenter.Sum(nil)) | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	if _,err := hashOutput.Write([]byte(hashPass + salt_local_secret)); err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	hashPass = hex.EncodeToString(hashOutput.Sum(nil)) | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | 	return hashPass, nil | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:33:48 +08:00
										 |  |  | func trimSaltHash(hash string) map[string]string { | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	str := strings.Split(hash, delmiter) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return map[string]string{ | 
					
						
							|  |  |  | 		"salt_secret":       str[0], | 
					
						
							|  |  |  | 		"interation_string": str[1], | 
					
						
							|  |  |  | 		"hash":              str[2], | 
					
						
							|  |  |  | 		"salt":              str[3], | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | func salt(secret string) (string, error) { | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | 	buf := make([]byte, saltSize, saltSize+md5.Size) | 
					
						
							| 
									
										
										
										
											2017-04-21 18:20:35 +08:00
										 |  |  | 	_, err := io.ReadFull(rand.Reader, buf) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	hash := md5.New() | 
					
						
							|  |  |  | 	hash.Write(buf) | 
					
						
							|  |  |  | 	hash.Write([]byte(secret)) | 
					
						
							|  |  |  | 	return hex.EncodeToString(hash.Sum(buf)), nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func salt_secret() (string, error) { | 
					
						
							|  |  |  | 	rb := make([]byte, randInt(10, 100)) | 
					
						
							|  |  |  | 	_, err := rand.Read(rb) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return base64.URLEncoding.EncodeToString(rb), nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func randInt(min int, max int) int { | 
					
						
							|  |  |  | 	return min + mt.Intn(max-min) | 
					
						
							| 
									
										
										
										
											2018-01-26 17:17:38 +08:00
										 |  |  | } |