diff options
Diffstat (limited to 'src/constructs/bcrypt/bcrypt.cpp')
| -rw-r--r-- | src/constructs/bcrypt/bcrypt.cpp | 154 |
1 files changed, 0 insertions, 154 deletions
diff --git a/src/constructs/bcrypt/bcrypt.cpp b/src/constructs/bcrypt/bcrypt.cpp deleted file mode 100644 index b2152a0a7..000000000 --- a/src/constructs/bcrypt/bcrypt.cpp +++ /dev/null @@ -1,154 +0,0 @@ -/* -* Bcrypt Password Hashing -* (C) 2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/bcrypt.h> -#include <botan/loadstor.h> -#include <botan/libstate.h> -#include <botan/blowfish.h> -#include <botan/base64.h> - -#include <botan/pipe.h> -#include <botan/b64_filt.h> -#include <iostream> -#include <stdio.h> - -namespace Botan { - -namespace { - -std::string bcrypt_base64_encode(const byte input[], size_t length) - { - // Bcrypt uses a non-standard base64 alphabet - const byte OPENBSD_BASE64_SUB[256] = { - 0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x38, 0x80, 0x80, 0x80, 0x39, - 0x79, 0x7A, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x2E, 0x2F, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, - 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, - 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, - 0x76, 0x77, 0x78, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80 - }; - - std::string b64 = base64_encode(input, length); - - while(b64.size() && b64[b64.size()-1] == '=') - b64 = b64.substr(0, b64.size() - 1); - - for(size_t i = 0; i != b64.size(); ++i) - b64[i] = OPENBSD_BASE64_SUB[static_cast<byte>(b64[i])]; - - return b64; - } - -MemoryVector<byte> bcrypt_base64_decode(std::string input) - { - const byte OPENBSD_BASE64_SUB[256] = { - 0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x41, 0x42, - 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x2B, 0x2F, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, - 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, - 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, - 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, - 0x7A, 0x30, 0x31, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, - 0x80, 0x80, 0x80, 0x80 - }; - - for(size_t i = 0; i != input.size(); ++i) - input[i] = OPENBSD_BASE64_SUB[static_cast<byte>(input[i])]; - - //return base64_decode(input); - Pipe pipe(new Base64_Decoder); - pipe.process_msg(input); - return pipe.read_all(); - } - -std::string make_bcrypt(const std::string& pass, - const MemoryRegion<byte>& salt, - u16bit work_factor) - { - const byte magic[24] = { - 0x4F, 0x72, 0x70, 0x68, 0x65, 0x61, 0x6E, 0x42, - 0x65, 0x68, 0x6F, 0x6C, 0x64, 0x65, 0x72, 0x53, - 0x63, 0x72, 0x79, 0x44, 0x6F, 0x75, 0x62, 0x74 - }; - - MemoryVector<byte> ctext(magic, 24); - - Blowfish blowfish; - - // Include the trailing NULL byte - blowfish.eks_key_schedule(reinterpret_cast<const byte*>(pass.c_str()), - pass.length() + 1, - salt, - work_factor); - - for(size_t i = 0; i != 64; ++i) - blowfish.encrypt_n(&ctext[0], &ctext[0], 3); - - std::string salt_b64 = bcrypt_base64_encode(&salt[0], salt.size()); - - return "$2a$" + to_string(work_factor, 2) + "$" + salt_b64.substr(0, 22) + - bcrypt_base64_encode(&ctext[0], ctext.size() - 1); - } - -} - -std::string generate_bcrypt(const std::string& pass, - RandomNumberGenerator& rng, - u16bit work_factor) - { - return make_bcrypt(pass, rng.random_vec(16), work_factor); - } - -bool check_bcrypt(const std::string& pass, const std::string& hash) - { - if(hash.size() != 60 || - hash[0] != '$' || hash[1] != '2' || hash[2] != 'a' || - hash[3] != '$' || hash[6] != '$') - { - return false; - } - - const size_t workfactor = to_u32bit(hash.substr(4, 2)); - - MemoryVector<byte> salt = bcrypt_base64_decode(hash.substr(7, 22)); - - const std::string compare = make_bcrypt(pass, salt, workfactor); - - return (hash == compare); - } - -} |