aboutsummaryrefslogtreecommitdiff
path: root/src/user/secret.go
blob: b6382fef4c137b0491f1decb4dcf36c66a7b9e46 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

package user

import (
	"crypto/rand"
	"encoding/base64"
	"fmt"

	"golang.org/x/crypto/argon2"
)

func HashSecret(secret string) (string, error) {
	hashconf := &struct {
		memory      uint32
		iterations  uint32
		parallelism uint8
		keyLength   uint32
		saltLength  uint32
	}{64 * 1024, 3, 2, 12, 16}
	salt := make([]byte, hashconf.saltLength)
	_, err := rand.Read(salt)
	if err != nil {
		return "", err
	}

	hash := argon2.IDKey(
		[]byte(secret),
		salt,
		hashconf.iterations,
		hashconf.memory,
		hashconf.parallelism,
		hashconf.keyLength,
	)
	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
	encodedHash := fmt.Sprintf(
		"$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
		argon2.Version,
		hashconf.memory,
		hashconf.iterations,
		hashconf.parallelism,
		b64Salt,
		b64Hash,
	)

	return encodedHash, nil
}
generated by cgit v1.2.3 (git 2.51.0) at 2026-01-10 04:25:39 +0000