aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-04-04 14:31:10 +0000
committerlloyd <[email protected]>2013-04-04 14:31:10 +0000
commit1f1b5ac0d8bf3646c72bd2cb0616fd1c06e21320 (patch)
treef222099208c9c7e371c5826ea0d131f73a53fd06
parent6f4719d43374213a5057ea8689b4c95b5c6ad4ca (diff)
Make SHA-256 the default instead of SHA-1 in passhash9 - it's been
supported since 1.8.10, so shouldn't be any problems there. Add support for SHA-384 and SHA-512. Check for work factors over 512 and reject for now as too large.
-rw-r--r--src/passhash/passhash9/passhash9.cpp16
-rw-r--r--src/passhash/passhash9/passhash9.h4
2 files changed, 16 insertions, 4 deletions
diff --git a/src/passhash/passhash9/passhash9.cpp b/src/passhash/passhash9/passhash9.cpp
index af7ed761b..eeebb58d4 100644
--- a/src/passhash/passhash9/passhash9.cpp
+++ b/src/passhash/passhash9/passhash9.cpp
@@ -37,6 +37,10 @@ MessageAuthenticationCode* get_pbkdf_prf(byte alg_id)
return af.make_mac("HMAC(SHA-256)");
else if(alg_id == 2)
return af.make_mac("CMAC(Blowfish)");
+ else if(alg_id == 3)
+ return af.make_mac("CMAC(SHA-384)");
+ else if(alg_id == 4)
+ return af.make_mac("CMAC(SHA-512)");
}
catch(Algorithm_Not_Found) {}
@@ -112,12 +116,18 @@ bool check_passhash9(const std::string& pass, const std::string& hash)
byte alg_id = bin[0];
- const size_t kdf_iterations =
- WORK_FACTOR_SCALE * load_be<u16bit>(&bin[ALGID_BYTES], 0);
+ const size_t work_factor = load_be<u16bit>(&bin[ALGID_BYTES], 0);
- if(kdf_iterations == 0)
+ // Bug in the format, bad states shouldn't be representable, but are...
+ if(work_factor == 0)
return false;
+ if(work_factor > 512)
+ throw std::invalid_argument("Requested Bcrypt work factor " +
+ std::to_string(work_factor) + " too large");
+
+ const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
+
MessageAuthenticationCode* pbkdf_prf = get_pbkdf_prf(alg_id);
if(!pbkdf_prf)
diff --git a/src/passhash/passhash9/passhash9.h b/src/passhash/passhash9/passhash9.h
index 3c0a4be51..5fd0a1bf8 100644
--- a/src/passhash/passhash9/passhash9.h
+++ b/src/passhash/passhash9/passhash9.h
@@ -21,12 +21,14 @@ namespace Botan {
* 0 is HMAC(SHA-1)
* 1 is HMAC(SHA-256)
* 2 is CMAC(Blowfish)
+* 3 is HMAC(SHA-384)
+* 4 is HMAC(SHA-512)
* all other values are currently undefined
*/
std::string BOTAN_DLL generate_passhash9(const std::string& password,
RandomNumberGenerator& rng,
u16bit work_factor = 10,
- byte alg_id = 0);
+ byte alg_id = 1);
/**
* Check a previously created password hash