aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/passhash/passhash9
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-01-10 03:41:59 +0000
committerlloyd <[email protected]>2014-01-10 03:41:59 +0000
commit6894dca64c04936d07048c0e8cbf7e25858548c3 (patch)
tree5d572bfde9fe667dab14e3f04b5285a85d8acd95 /src/lib/passhash/passhash9
parent9efa3be92442afb3d0b69890a36c7f122df18eda (diff)
Move lib into src
Diffstat (limited to 'src/lib/passhash/passhash9')
-rw-r--r--src/lib/passhash/passhash9/info.txt9
-rw-r--r--src/lib/passhash/passhash9/passhash9.cpp149
-rw-r--r--src/lib/passhash/passhash9/passhash9.h43
3 files changed, 201 insertions, 0 deletions
diff --git a/src/lib/passhash/passhash9/info.txt b/src/lib/passhash/passhash9/info.txt
new file mode 100644
index 000000000..f4af7fe0b
--- /dev/null
+++ b/src/lib/passhash/passhash9/info.txt
@@ -0,0 +1,9 @@
+define PASSHASH9 20131128
+
+<requires>
+libstate
+pbkdf2
+rng
+base64
+</requires>
+
diff --git a/src/lib/passhash/passhash9/passhash9.cpp b/src/lib/passhash/passhash9/passhash9.cpp
new file mode 100644
index 000000000..027ceeb76
--- /dev/null
+++ b/src/lib/passhash/passhash9/passhash9.cpp
@@ -0,0 +1,149 @@
+/*
+* Passhash9 Password Hashing
+* (C) 2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/passhash9.h>
+#include <botan/loadstor.h>
+#include <botan/libstate.h>
+#include <botan/pbkdf2.h>
+#include <botan/b64_filt.h>
+#include <botan/pipe.h>
+
+namespace Botan {
+
+namespace {
+
+const std::string MAGIC_PREFIX = "$9$";
+
+const size_t WORKFACTOR_BYTES = 2;
+const size_t ALGID_BYTES = 1;
+const size_t SALT_BYTES = 12; // 96 bits of salt
+const size_t PASSHASH9_PBKDF_OUTPUT_LEN = 24; // 192 bits output
+
+const size_t WORK_FACTOR_SCALE = 10000;
+
+MessageAuthenticationCode* get_pbkdf_prf(byte alg_id)
+ {
+ Algorithm_Factory& af = global_state().algorithm_factory();
+
+ try
+ {
+ if(alg_id == 0)
+ return af.make_mac("HMAC(SHA-1)");
+ else if(alg_id == 1)
+ return af.make_mac("HMAC(SHA-256)");
+ else if(alg_id == 2)
+ return af.make_mac("CMAC(Blowfish)");
+ else if(alg_id == 3)
+ return af.make_mac("HMAC(SHA-384)");
+ else if(alg_id == 4)
+ return af.make_mac("HMAC(SHA-512)");
+ }
+ catch(Algorithm_Not_Found) {}
+
+ return nullptr;
+ }
+
+}
+
+std::string generate_passhash9(const std::string& pass,
+ RandomNumberGenerator& rng,
+ u16bit work_factor,
+ byte alg_id)
+ {
+ MessageAuthenticationCode* prf = get_pbkdf_prf(alg_id);
+
+ if(!prf)
+ throw Invalid_Argument("Passhash9: Algorithm id " +
+ std::to_string(alg_id) +
+ " is not defined");
+
+ PKCS5_PBKDF2 kdf(prf); // takes ownership of pointer
+
+ secure_vector<byte> salt(SALT_BYTES);
+ rng.randomize(&salt[0], salt.size());
+
+ const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
+
+ secure_vector<byte> pbkdf2_output =
+ kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN,
+ pass,
+ &salt[0], salt.size(),
+ kdf_iterations).bits_of();
+
+ Pipe pipe(new Base64_Encoder);
+ pipe.start_msg();
+ pipe.write(alg_id);
+ pipe.write(get_byte(0, work_factor));
+ pipe.write(get_byte(1, work_factor));
+ pipe.write(salt);
+ pipe.write(pbkdf2_output);
+ pipe.end_msg();
+
+ return MAGIC_PREFIX + pipe.read_all_as_string();
+ }
+
+bool check_passhash9(const std::string& pass, const std::string& hash)
+ {
+ const size_t BINARY_LENGTH =
+ ALGID_BYTES +
+ WORKFACTOR_BYTES +
+ PASSHASH9_PBKDF_OUTPUT_LEN +
+ SALT_BYTES;
+
+ const size_t BASE64_LENGTH =
+ MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6;
+
+ if(hash.size() != BASE64_LENGTH)
+ return false;
+
+ for(size_t i = 0; i != MAGIC_PREFIX.size(); ++i)
+ if(hash[i] != MAGIC_PREFIX[i])
+ return false;
+
+ Pipe pipe(new Base64_Decoder);
+ pipe.start_msg();
+ pipe.write(hash.c_str() + MAGIC_PREFIX.size());
+ pipe.end_msg();
+
+ secure_vector<byte> bin = pipe.read_all();
+
+ if(bin.size() != BINARY_LENGTH)
+ return false;
+
+ byte alg_id = bin[0];
+
+ const size_t work_factor = load_be<u16bit>(&bin[ALGID_BYTES], 0);
+
+ // Bug in the format, bad states shouldn't be representable, but are...
+ if(work_factor == 0)
+ return false;
+
+ if(work_factor > 512)
+ throw std::invalid_argument("Requested Bcrypt work factor " +
+ std::to_string(work_factor) + " too large");
+
+ const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
+
+ MessageAuthenticationCode* pbkdf_prf = get_pbkdf_prf(alg_id);
+
+ if(!pbkdf_prf)
+ return false; // unknown algorithm, reject
+
+ PKCS5_PBKDF2 kdf(pbkdf_prf); // takes ownership of pointer
+
+ secure_vector<byte> cmp = kdf.derive_key(
+ PASSHASH9_PBKDF_OUTPUT_LEN,
+ pass,
+ &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES,
+ kdf_iterations).bits_of();
+
+ return same_mem(&cmp[0],
+ &bin[ALGID_BYTES + WORKFACTOR_BYTES + SALT_BYTES],
+ PASSHASH9_PBKDF_OUTPUT_LEN);
+ }
+
+}
diff --git a/src/lib/passhash/passhash9/passhash9.h b/src/lib/passhash/passhash9/passhash9.h
new file mode 100644
index 000000000..5fd0a1bf8
--- /dev/null
+++ b/src/lib/passhash/passhash9/passhash9.h
@@ -0,0 +1,43 @@
+/*
+* Passhash9 Password Hashing
+* (C) 2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_PASSHASH9_H__
+#define BOTAN_PASSHASH9_H__
+
+#include <botan/rng.h>
+
+namespace Botan {
+
+/**
+* Create a password hash using PBKDF2
+* @param password the password
+* @param rng a random number generator
+* @param work_factor how much work to do to slow down guessing attacks
+* @param alg_id specifies which PRF to use with PBKDF2
+* 0 is HMAC(SHA-1)
+* 1 is HMAC(SHA-256)
+* 2 is CMAC(Blowfish)
+* 3 is HMAC(SHA-384)
+* 4 is HMAC(SHA-512)
+* all other values are currently undefined
+*/
+std::string BOTAN_DLL generate_passhash9(const std::string& password,
+ RandomNumberGenerator& rng,
+ u16bit work_factor = 10,
+ byte alg_id = 1);
+
+/**
+* Check a previously created password hash
+* @param password the password to check against
+* @param hash the stored hash to check against
+*/
+bool BOTAN_DLL check_passhash9(const std::string& password,
+ const std::string& hash);
+
+}
+
+#endif