8#include <botan/bcrypt.h>
10#include <botan/blowfish.h>
11#include <botan/base64.h>
12#include <botan/parsing.h>
18std::string bcrypt_base64_encode(
const uint8_t input[],
size_t length)
21 const uint8_t OPENBSD_BASE64_SUB[256] = {
22 0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
23 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
24 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
25 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x38, 0x80, 0x80, 0x80, 0x39,
26 0x79, 0x7A, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x80, 0x80,
27 0x80, 0x80, 0x80, 0x80, 0x80, 0x2E, 0x2F, 0x41, 0x42, 0x43, 0x44, 0x45,
28 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51,
29 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x80, 0x80, 0x80, 0x80, 0x80,
30 0x80, 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69,
31 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
32 0x76, 0x77, 0x78, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
33 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
34 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
35 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
36 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
37 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
38 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
39 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
40 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
41 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
42 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
43 0x80, 0x80, 0x80, 0x80
48 while(b64.size() && b64[b64.size()-1] ==
'=')
49 b64 = b64.substr(0, b64.size() - 1);
51 for(
size_t i = 0; i != b64.size(); ++i)
52 b64[i] = OPENBSD_BASE64_SUB[
static_cast<uint8_t
>(b64[i])];
57std::vector<uint8_t> bcrypt_base64_decode(std::string input)
59 const uint8_t OPENBSD_BASE64_SUB[256] = {
60 0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
61 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
62 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
63 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x41, 0x42,
64 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x2B, 0x2F, 0x80, 0x80,
65 0x80, 0x80, 0x80, 0x80, 0x80, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49,
66 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55,
67 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 0x80, 0x80, 0x80, 0x80, 0x80,
68 0x80, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D,
69 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79,
70 0x7A, 0x30, 0x31, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
71 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
72 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
73 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
74 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
75 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
76 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
77 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
78 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
79 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
80 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
81 0x80, 0x80, 0x80, 0x80
84 for(
size_t i = 0; i != input.size(); ++i)
85 input[i] = OPENBSD_BASE64_SUB[
static_cast<uint8_t
>(input[i])];
90std::string make_bcrypt(
const std::string& pass,
91 const std::vector<uint8_t>& salt,
102 "Invalid bcrypt work factor");
104 static const uint8_t BCRYPT_MAGIC[8*3] = {
105 0x4F, 0x72, 0x70, 0x68, 0x65, 0x61, 0x6E, 0x42,
106 0x65, 0x68, 0x6F, 0x6C, 0x64, 0x65, 0x72, 0x53,
107 0x63, 0x72, 0x79, 0x44, 0x6F, 0x75, 0x62, 0x74
119 std::vector<uint8_t> ctext(BCRYPT_MAGIC, BCRYPT_MAGIC + 8*3);
121 for(
size_t i = 0; i != 64; ++i)
122 blowfish.encrypt_n(ctext.data(), ctext.data(), 3);
124 std::string salt_b64 = bcrypt_base64_encode(salt.data(), salt.size());
126 std::string work_factor_str = std::to_string(work_factor);
127 if(work_factor_str.length() == 1)
128 work_factor_str =
"0" + work_factor_str;
130 return "$2" + std::string(1, version) +
"$" + work_factor_str +
131 "$" + salt_b64.substr(0, 22) +
132 bcrypt_base64_encode(ctext.data(), ctext.size() - 1);
139 uint16_t work_factor,
147 if(version !=
'a' && version !=
'b' && version !=
'y')
148 throw Invalid_Argument(
"Unknown bcrypt version '" + std::string(1, version) +
"'");
150 std::vector<uint8_t> salt;
152 return make_bcrypt(pass, salt, work_factor, version);
157 if(
hash.size() != 60 ||
163 const char bcrypt_version =
hash[2];
165 if(bcrypt_version !=
'a' && bcrypt_version !=
'b' && bcrypt_version !=
'y')
172 const std::vector<uint8_t> salt = bcrypt_base64_decode(
hash.substr(7, 22));
173 if(salt.size() != 16)
176 const std::string compare = make_bcrypt(pass, salt, workfactor, bcrypt_version);
178 return same_mem(
hash.data(), compare.data(), compare.size());
#define BOTAN_ARG_CHECK(expr, msg)
secure_vector< uint8_t > random_vec(size_t bytes)
std::string generate_bcrypt(const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, char version)
uint16_t to_uint16(const std::string &str)
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
std::vector< T > unlock(const secure_vector< T > &in)
bool check_bcrypt(const std::string &pass, const std::string &hash)
bool same_mem(const T *p1, const T *p2, size_t n)
const uint8_t * cast_char_ptr_to_uint8(const char *s)