-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathhash.cpp
More file actions
222 lines (188 loc) · 4.78 KB
/
hash.cpp
File metadata and controls
222 lines (188 loc) · 4.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
//
// Copyright (c) 2025 Vinnie Falco (vinnie.falco@gmail.com)
//
// Distributed under the Boost Software License, Version 1.0. (See accompanying
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
//
// Official repository: https://github.com/cppalliance/http
//
#include <boost/http/bcrypt.hpp>
#include <boost/http/detail/except.hpp>
#include "base64.hpp"
#include "crypt.hpp"
namespace boost {
namespace http {
namespace bcrypt {
result
gen_salt(
unsigned rounds,
version ver)
{
// Validate preconditions
if (rounds < 4 || rounds > 31)
http::detail::throw_invalid_argument("bcrypt rounds must be 4-31");
// Generate random salt
std::uint8_t salt_bytes[detail::BCRYPT_SALT_LEN];
detail::generate_salt_bytes(salt_bytes);
// Format salt string
result r;
std::size_t len = detail::format_salt(
r.buf(),
salt_bytes,
rounds,
ver);
r.set_size(static_cast<unsigned char>(len));
return r;
}
result
hash(
core::string_view password,
unsigned rounds,
version ver)
{
// Validate preconditions
if (rounds < 4 || rounds > 31)
http::detail::throw_invalid_argument("bcrypt rounds must be 4-31");
// Generate random salt
std::uint8_t salt_bytes[detail::BCRYPT_SALT_LEN];
detail::generate_salt_bytes(salt_bytes);
// Hash password
std::uint8_t hash_bytes[detail::BCRYPT_HASH_LEN];
detail::bcrypt_hash(
password.data(),
password.size(),
salt_bytes,
rounds,
hash_bytes);
// Format output
result r;
std::size_t len = detail::format_hash(
r.buf(),
salt_bytes,
hash_bytes,
rounds,
ver);
r.set_size(static_cast<unsigned char>(len));
return r;
}
result
hash(
core::string_view password,
core::string_view salt,
system::error_code& ec)
{
ec = {};
// Parse salt
version ver;
unsigned rounds;
std::uint8_t salt_bytes[detail::BCRYPT_SALT_LEN];
if (!detail::parse_salt(salt, ver, rounds, salt_bytes))
{
ec = make_error_code(error::invalid_salt);
return result{};
}
// Hash password
std::uint8_t hash_bytes[detail::BCRYPT_HASH_LEN];
detail::bcrypt_hash(
password.data(),
password.size(),
salt_bytes,
rounds,
hash_bytes);
// Format output
result r;
std::size_t len = detail::format_hash(
r.buf(),
salt_bytes,
hash_bytes,
rounds,
ver);
r.set_size(static_cast<unsigned char>(len));
return r;
}
bool
compare(
core::string_view password,
core::string_view hash_str,
system::error_code& ec)
{
ec = {};
// Parse hash to extract salt
version ver;
unsigned rounds;
std::uint8_t salt_bytes[detail::BCRYPT_SALT_LEN];
if (!detail::parse_salt(hash_str, ver, rounds, salt_bytes))
{
ec = make_error_code(error::invalid_hash);
return false;
}
// Validate hash length
if (hash_str.size() != detail::BCRYPT_HASH_OUTPUT_LEN)
{
ec = make_error_code(error::invalid_hash);
return false;
}
// Decode stored hash (31 base64 chars starting at position 29)
std::uint8_t stored_hash[detail::BCRYPT_HASH_LEN];
int decoded = detail::base64_decode(
stored_hash,
hash_str.data() + 29,
31);
if (decoded < 0)
{
ec = make_error_code(error::invalid_hash);
return false;
}
// Compute hash of provided password
std::uint8_t computed_hash[detail::BCRYPT_HASH_LEN];
detail::bcrypt_hash(
password.data(),
password.size(),
salt_bytes,
rounds,
computed_hash);
// Constant-time comparison (only first 23 bytes are used)
return detail::secure_compare(stored_hash, computed_hash, 23);
}
unsigned
get_rounds(
core::string_view hash_str,
system::error_code& ec)
{
ec = {};
// Minimum length check
if (hash_str.size() < 7)
{
ec = make_error_code(error::invalid_hash);
return 0;
}
char const* s = hash_str.data();
// Check prefix
if (s[0] != '$' || s[1] != '2')
{
ec = make_error_code(error::invalid_hash);
return 0;
}
// Check version character
if ((s[2] != 'a' && s[2] != 'b' && s[2] != 'y') || s[3] != '$')
{
ec = make_error_code(error::invalid_hash);
return 0;
}
// Parse rounds
if (s[4] < '0' || s[4] > '9' || s[5] < '0' || s[5] > '9')
{
ec = make_error_code(error::invalid_hash);
return 0;
}
unsigned rounds = static_cast<unsigned>((s[4] - '0') * 10 + (s[5] - '0'));
if (rounds < 4 || rounds > 31)
{
ec = make_error_code(error::invalid_hash);
return 0;
}
return rounds;
}
} // bcrypt
} // http
} // boost