e1db85d48a
- In Go 1.21 the crypto/sha256 [got a massive improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the SHA instructions for AMD64 CPUs, which sha256-simd already was doing. The performance is now on par and I think it's preferable to use the standard library rather than a package when possible. ``` cpu: AMD Ryzen 5 3600X 6-Core Processor │ simd.txt │ go.txt │ │ sec/op │ sec/op vs base │ Hash/8Bytes-12 63.25n ± 1% 73.38n ± 1% +16.02% (p=0.002 n=6) Hash/64Bytes-12 98.73n ± 1% 105.30n ± 1% +6.65% (p=0.002 n=6) Hash/1K-12 567.2n ± 1% 572.8n ± 1% +0.99% (p=0.002 n=6) Hash/8K-12 4.062µ ± 1% 4.062µ ± 1% ~ (p=0.396 n=6) Hash/1M-12 512.1µ ± 0% 510.6µ ± 1% ~ (p=0.485 n=6) Hash/5M-12 2.556m ± 1% 2.564m ± 0% ~ (p=0.093 n=6) Hash/10M-12 5.112m ± 0% 5.127m ± 0% ~ (p=0.093 n=6) geomean 13.82µ 14.27µ +3.28% │ simd.txt │ go.txt │ │ B/s │ B/s vs base │ Hash/8Bytes-12 120.6Mi ± 1% 104.0Mi ± 1% -13.81% (p=0.002 n=6) Hash/64Bytes-12 618.2Mi ± 1% 579.8Mi ± 1% -6.22% (p=0.002 n=6) Hash/1K-12 1.682Gi ± 1% 1.665Gi ± 1% -0.98% (p=0.002 n=6) Hash/8K-12 1.878Gi ± 1% 1.878Gi ± 1% ~ (p=0.310 n=6) Hash/1M-12 1.907Gi ± 0% 1.913Gi ± 1% ~ (p=0.485 n=6) Hash/5M-12 1.911Gi ± 1% 1.904Gi ± 0% ~ (p=0.093 n=6) Hash/10M-12 1.910Gi ± 0% 1.905Gi ± 0% ~ (p=0.093 n=6) geomean 1.066Gi 1.032Gi -3.18% ``` (cherry picked from commitabd94ff5b5
) (cherry picked from commit15e81637ab
) Conflicts: go.mod https://codeberg.org/forgejo/forgejo/pulls/1581 (cherry picked from commit 5caea2d75aeac78fb306f58a3cf7809d5b70c7f2) (cherry picked from commit08da542cce
) (cherry picked from commitd71a8cc9fb
) (cherry picked from commit63c9fc2bee
)
67 lines
1.6 KiB
Go
67 lines
1.6 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package hash
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
|
|
"golang.org/x/crypto/pbkdf2"
|
|
)
|
|
|
|
func init() {
|
|
MustRegister("pbkdf2", NewPBKDF2Hasher)
|
|
}
|
|
|
|
// PBKDF2Hasher implements PasswordHasher
|
|
// and uses the PBKDF2 key derivation function.
|
|
type PBKDF2Hasher struct {
|
|
iter, keyLen int
|
|
}
|
|
|
|
// HashWithSaltBytes a provided password and salt
|
|
func (hasher *PBKDF2Hasher) HashWithSaltBytes(password string, salt []byte) string {
|
|
if hasher == nil {
|
|
return ""
|
|
}
|
|
return hex.EncodeToString(pbkdf2.Key([]byte(password), salt, hasher.iter, hasher.keyLen, sha256.New))
|
|
}
|
|
|
|
// NewPBKDF2Hasher is a factory method to create an PBKDF2Hasher
|
|
// config should be either empty or of the form:
|
|
// "<iter>$<keyLen>", where <x> is the string representation
|
|
// of an integer
|
|
func NewPBKDF2Hasher(config string) *PBKDF2Hasher {
|
|
// This default configuration uses the following parameters:
|
|
// iter=10000, keyLen=50.
|
|
// This matches the original configuration for `pbkdf2` prior to storing parameters
|
|
// in the database.
|
|
// THESE VALUES MUST NOT BE CHANGED OR BACKWARDS COMPATIBILITY WILL BREAK
|
|
hasher := &PBKDF2Hasher{
|
|
iter: 10_000,
|
|
keyLen: 50,
|
|
}
|
|
|
|
if config == "" {
|
|
return hasher
|
|
}
|
|
|
|
vals := strings.SplitN(config, "$", 2)
|
|
if len(vals) != 2 {
|
|
log.Error("invalid pbkdf2 hash spec %s", config)
|
|
return nil
|
|
}
|
|
|
|
var err error
|
|
hasher.iter, err = parseIntParam(vals[0], "iter", "pbkdf2", config, nil)
|
|
hasher.keyLen, err = parseIntParam(vals[1], "keyLen", "pbkdf2", config, err)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
return hasher
|
|
}
|