Use Argon2 hash function

2020-02-15 10:29:46 +01:00 · 2020-02-15 10:29:46 +01:00 · e1b5980f27
commit e1b5980f27
parent 193e28cf00
5 changed files with 14 additions and 9 deletions
--- a/go.mod
+++ b/go.mod
@ -10,4 +10,5 @@ require (
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/sessions v1.2.0
 	github.com/sirupsen/logrus v1.4.2
+	golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6
 )
--- a/go.sum
+++ b/go.sum
@ -23,5 +23,12 @@ github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6 h1:Sy5bstxEqwwbYs6n0/pBuxKENqOeZUgD45Gp3Q3pqLg=
+golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
--- a/guichet.hcl.example
+++ b/guichet.hcl.example
@ -12,7 +12,7 @@ job "guichet" {
    task "server" {
      driver = "docker"
      config {
-        image = "lxpz/guichet_amd64:9"
+        image = "lxpz/guichet_amd64:10"
        readonly_rootfs = true
        port_map {
          web_port = 9991
--- a/invite.go
+++ b/invite.go
@ -3,7 +3,6 @@ package main
 import (
 	"bytes"
 	"crypto/rand"
-	"crypto/sha256"
 	"encoding/binary"
 	"encoding/hex"
 	"fmt"
@ -17,6 +16,7 @@ import (
 	"github.com/emersion/go-smtp"
 	"github.com/go-ldap/ldap/v3"
 	"github.com/gorilla/mux"
+	"golang.org/x/crypto/argon2"
 )

 var EMAIL_REGEXP = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
@ -332,8 +332,8 @@ func readCode(code string) (code_id string, code_pw string) {
 		}
 	}

-	id_hash := sha256.Sum256([]byte("Guichet ID " + code_digits))
-	pw_hash := sha256.Sum256([]byte("Guichet PW " + code_digits))
+	id_hash := argon2.IDKey([]byte(code_digits), []byte("Guichet ID"), 2, 64*1024, 4, 32)
+	pw_hash := argon2.IDKey([]byte(code_digits), []byte("Guichet PW"), 2, 64*1024, 4, 32)

 	code_id = hex.EncodeToString(id_hash[:8])
 	code_pw = hex.EncodeToString(pw_hash[:16])
--- a/templates/invite_send_code.html
+++ b/templates/invite_send_code.html
@ -17,12 +17,9 @@
        Un code d'invitation a bien été envoyé à <code>{{ .CodeSentTo }}</code>.
      {{end}}
      {{if .CodeDisplay}}
-        Le code généré est le suivant:
+        Lien d'invitation :

-        <p style="text-align: center; font-size: 1.6em;" class="mt-4 mb-4">
-          {{ .CodeDisplay }}
-        </p>
-        <p style="text-align: center" class="mt-4 mb-4">
+        <p style="text-align: center; font-size: 1.4em" class="mt-4 mb-4">
          <a href="{{.WebBaseAddress}}/invitation/{{ .CodeDisplay }}">{{.WebBaseAddress}}/invitation/{{.CodeDisplay}}</a>
        </p>
      {{end}}