-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathcrypt.cpp
More file actions
206 lines (169 loc) · 4.74 KB
/
crypt.cpp
File metadata and controls
206 lines (169 loc) · 4.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
//
// Copyright (c) 2025 Vinnie Falco (vinnie.falco@gmail.com)
//
// Distributed under the Boost Software License, Version 1.0. (See accompanying
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
//
// Official repository: https://github.com/cppalliance/http
//
#include "crypt.hpp"
#include "base64.hpp"
#include "blowfish.hpp"
#include "random.hpp"
#include <cstring>
#include <algorithm>
namespace boost {
namespace http {
namespace bcrypt {
namespace detail {
namespace {
// "OrpheanBeholderScryDoubt" - magic string for bcrypt
constexpr std::uint8_t magic_text[24] = {
'O', 'r', 'p', 'h', 'e', 'a', 'n', 'B',
'e', 'h', 'o', 'l', 'd', 'e', 'r', 'S',
'c', 'r', 'y', 'D', 'o', 'u', 'b', 't'
};
char const* version_prefix(version ver)
{
switch (ver)
{
case version::v2a: return "$2a$";
case version::v2b: return "$2b$";
default: return "$2b$";
}
}
} // namespace
void generate_salt_bytes(std::uint8_t* salt)
{
fill_random(salt, BCRYPT_SALT_LEN);
}
std::size_t format_salt(
char* output,
std::uint8_t const* salt_bytes,
unsigned rounds,
version ver)
{
char* p = output;
// Version prefix
char const* prefix = version_prefix(ver);
std::size_t prefix_len = 4;
std::memcpy(p, prefix, prefix_len);
p += prefix_len;
// Rounds (2 digits, zero-padded)
*p++ = static_cast<char>('0' + (rounds / 10));
*p++ = static_cast<char>('0' + (rounds % 10));
*p++ = '$';
// Salt (22 base64 characters)
std::size_t encoded = base64_encode(p, salt_bytes, BCRYPT_SALT_LEN);
p += encoded;
return static_cast<std::size_t>(p - output);
}
bool parse_salt(
core::string_view salt_str,
version& ver,
unsigned& rounds,
std::uint8_t* salt_bytes)
{
// Minimum: "$2a$XX$" + 22 chars = 29
if (salt_str.size() < 29)
return false;
char const* s = salt_str.data();
// Check prefix
if (s[0] != '$' || s[1] != '2')
return false;
// Parse version
if (s[2] == 'a' && s[3] == '$')
ver = version::v2a;
else if (s[2] == 'b' && s[3] == '$')
ver = version::v2b;
else if (s[2] == 'y' && s[3] == '$')
ver = version::v2b; // treat $2y$ as $2b$
else
return false;
// Parse rounds
if (s[4] < '0' || s[4] > '9')
return false;
if (s[5] < '0' || s[5] > '9')
return false;
rounds = static_cast<unsigned>((s[4] - '0') * 10 + (s[5] - '0'));
if (rounds < 4 || rounds > 31)
return false;
if (s[6] != '$')
return false;
// Decode salt (22 base64 chars -> 16 bytes)
int decoded = base64_decode(salt_bytes, s + 7, 22);
if (decoded != 16)
return false;
return true;
}
void bcrypt_hash(
char const* password,
std::size_t password_len,
std::uint8_t const* salt,
unsigned rounds,
std::uint8_t* hash)
{
blowfish_ctx ctx;
// Truncate password to 72 bytes (bcrypt limit)
// Include null terminator in hash
std::size_t key_len = std::min(password_len, std::size_t(72));
// Create key with null terminator
std::uint8_t key[73];
std::memcpy(key, password, key_len);
key[key_len] = 0;
key_len++;
// Initialize with default P and S boxes
blowfish_init(ctx);
// Expensive key setup (eksblowfish)
blowfish_expand_key_salt(ctx, key, key_len, salt, BCRYPT_SALT_LEN);
// 2^rounds iterations
std::uint64_t iterations = 1ULL << rounds;
for (std::uint64_t i = 0; i < iterations; ++i)
{
blowfish_expand_key(ctx, key, key_len);
blowfish_expand_key(ctx, salt, BCRYPT_SALT_LEN);
}
// Encrypt magic text 64 times
std::uint8_t ctext[24];
std::memcpy(ctext, magic_text, 24);
for (int i = 0; i < 64; ++i)
{
blowfish_encrypt_ecb(ctx, ctext, 24);
}
// Copy result (only 23 bytes are used in the final encoding)
std::memcpy(hash, ctext, 24);
// Clear sensitive data
std::memset(&ctx, 0, sizeof(ctx));
std::memset(key, 0, sizeof(key));
}
std::size_t format_hash(
char* output,
std::uint8_t const* salt_bytes,
std::uint8_t const* hash_bytes,
unsigned rounds,
version ver)
{
char* p = output;
// Format salt portion (29 chars)
p += format_salt(p, salt_bytes, rounds, ver);
// Encode hash (23 bytes -> 31 base64 chars)
// Note: bcrypt only uses 23 of the 24 hash bytes
p += base64_encode(p, hash_bytes, 23);
return static_cast<std::size_t>(p - output);
}
bool secure_compare(
std::uint8_t const* a,
std::uint8_t const* b,
std::size_t len)
{
volatile std::uint8_t result = 0;
for (std::size_t i = 0; i < len; ++i)
{
result = static_cast<std::uint8_t>(result | (a[i] ^ b[i]));
}
return result == 0;
}
} // detail
} // bcrypt
} // http
} // boost