2021-11-28 13:40:50 +03:00
|
|
|
module bcrypt
|
|
|
|
|
|
|
|
import encoding.base64
|
|
|
|
import crypto.rand
|
|
|
|
import crypto.blowfish
|
|
|
|
|
|
|
|
pub const (
|
|
|
|
min_cost = 4
|
|
|
|
max_cost = 31
|
|
|
|
default_cost = 10
|
2021-11-28 21:35:18 +03:00
|
|
|
salt_length = 16
|
2021-11-28 13:40:50 +03:00
|
|
|
max_crypted_hash_size = 23
|
|
|
|
encoded_salt_size = 22
|
|
|
|
encoded_hash_size = 31
|
|
|
|
min_hash_size = 59
|
|
|
|
|
|
|
|
major_version = '2'
|
|
|
|
minor_version = 'a'
|
|
|
|
)
|
|
|
|
|
|
|
|
pub struct Hashed {
|
|
|
|
mut:
|
2022-04-15 15:35:35 +03:00
|
|
|
hash []u8
|
|
|
|
salt []u8
|
2021-11-28 13:40:50 +03:00
|
|
|
cost int
|
|
|
|
major string
|
|
|
|
minor string
|
|
|
|
}
|
|
|
|
|
2023-01-16 18:30:40 +03:00
|
|
|
// free the resources taken by the Hashed `h`
|
|
|
|
[unsafe]
|
|
|
|
pub fn (mut h Hashed) free() {
|
|
|
|
$if prealloc {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
unsafe {
|
|
|
|
h.salt.free()
|
|
|
|
h.hash.free()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-15 14:58:56 +03:00
|
|
|
const magic_cipher_data = [u8(0x4f), 0x72, 0x70, 0x68, 0x65, 0x61, 0x6e, 0x42, 0x65, 0x68, 0x6f,
|
2021-11-28 16:30:13 +03:00
|
|
|
0x6c, 0x64, 0x65, 0x72, 0x53, 0x63, 0x72, 0x79, 0x44, 0x6f, 0x75, 0x62, 0x74]
|
2021-11-28 13:40:50 +03:00
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// generate_from_password return a bcrypt string from Hashed struct.
|
2023-03-02 16:49:50 +03:00
|
|
|
pub fn generate_from_password(password []u8, cost int) !string {
|
2022-11-15 16:53:13 +03:00
|
|
|
mut p := new_from_password(password, cost) or { return error('Error: ${err}') }
|
2022-04-15 14:58:56 +03:00
|
|
|
x := p.hash_u8()
|
2021-11-28 21:35:18 +03:00
|
|
|
return x.bytestr()
|
2021-11-28 13:40:50 +03:00
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// compare_hash_and_password compares a bcrypt hashed password with its possible hashed version.
|
2023-03-02 16:49:50 +03:00
|
|
|
pub fn compare_hash_and_password(password []u8, hashed_password []u8) ! {
|
2022-11-15 16:53:13 +03:00
|
|
|
mut p := new_from_hash(hashed_password) or { return error('Error: ${err}') }
|
2021-11-28 16:30:13 +03:00
|
|
|
p.salt << `=`
|
|
|
|
p.salt << `=`
|
2021-11-28 13:40:50 +03:00
|
|
|
other_hash := bcrypt(password, p.cost, p.salt) or { return error('err') }
|
|
|
|
|
|
|
|
mut other_p := Hashed{
|
|
|
|
hash: other_hash
|
|
|
|
salt: p.salt
|
|
|
|
cost: p.cost
|
|
|
|
major: p.major
|
|
|
|
minor: p.minor
|
|
|
|
}
|
|
|
|
|
2022-04-15 14:58:56 +03:00
|
|
|
if p.hash_u8() != other_p.hash_u8() {
|
2021-11-28 13:40:50 +03:00
|
|
|
return error('mismatched hash and password')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// generate_salt generate a string to be treated as a salt.
|
2021-11-28 13:40:50 +03:00
|
|
|
pub fn generate_salt() string {
|
2022-02-15 19:39:17 +03:00
|
|
|
randbytes := rand.bytes(bcrypt.salt_length) or { panic(err) }
|
2021-11-28 13:40:50 +03:00
|
|
|
return randbytes.bytestr()
|
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// new_from_password converting from password to a Hashed struct with bcrypt.
|
2023-03-02 16:49:50 +03:00
|
|
|
fn new_from_password(password []u8, cost int) !&Hashed {
|
2021-11-28 13:40:50 +03:00
|
|
|
mut cost_ := cost
|
|
|
|
if cost < bcrypt.min_cost {
|
|
|
|
cost_ = bcrypt.default_cost
|
|
|
|
}
|
2021-11-28 21:35:18 +03:00
|
|
|
mut p := &Hashed{}
|
2021-11-28 13:40:50 +03:00
|
|
|
p.major = bcrypt.major_version
|
|
|
|
p.minor = bcrypt.minor_version
|
|
|
|
|
|
|
|
if cost_ < bcrypt.min_cost || cost_ > bcrypt.max_cost {
|
|
|
|
return error('invalid cost')
|
|
|
|
}
|
|
|
|
p.cost = cost_
|
|
|
|
|
2021-11-28 21:35:18 +03:00
|
|
|
salt := generate_salt().bytes()
|
|
|
|
p.salt = base64.encode(salt).bytes()
|
2021-11-28 13:40:50 +03:00
|
|
|
hash := bcrypt(password, p.cost, p.salt) or { return err }
|
|
|
|
p.hash = hash
|
2021-11-28 21:35:18 +03:00
|
|
|
return p
|
2021-11-28 13:40:50 +03:00
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// new_from_hash converting from hashed data to a Hashed struct.
|
2023-03-02 16:49:50 +03:00
|
|
|
fn new_from_hash(hashed_secret []u8) !&Hashed {
|
2021-11-28 13:40:50 +03:00
|
|
|
mut tmp := hashed_secret.clone()
|
|
|
|
if tmp.len < bcrypt.min_hash_size {
|
|
|
|
return error('hash to short')
|
|
|
|
}
|
|
|
|
|
2021-11-28 21:35:18 +03:00
|
|
|
mut p := &Hashed{}
|
2021-11-28 13:40:50 +03:00
|
|
|
mut n := p.decode_version(tmp) or { return err }
|
2021-11-28 21:35:18 +03:00
|
|
|
tmp = tmp[n..].clone()
|
2021-11-28 13:40:50 +03:00
|
|
|
|
|
|
|
n = p.decode_cost(tmp) or { return err }
|
2021-11-28 21:35:18 +03:00
|
|
|
tmp = tmp[n..].clone()
|
2021-11-28 13:40:50 +03:00
|
|
|
|
|
|
|
p.salt = tmp[..bcrypt.encoded_salt_size].clone()
|
|
|
|
p.hash = tmp[bcrypt.encoded_salt_size..].clone()
|
|
|
|
|
2021-11-28 21:35:18 +03:00
|
|
|
return p
|
2021-11-28 13:40:50 +03:00
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// bcrypt hashing passwords.
|
2023-03-02 16:49:50 +03:00
|
|
|
fn bcrypt(password []u8, cost int, salt []u8) ![]u8 {
|
2022-04-15 15:35:35 +03:00
|
|
|
mut cipher_data := []u8{len: 72 - bcrypt.magic_cipher_data.len, init: 0}
|
2021-11-28 13:40:50 +03:00
|
|
|
cipher_data << bcrypt.magic_cipher_data
|
|
|
|
|
|
|
|
mut bf := expensive_blowfish_setup(password, u32(cost), salt) or { return err }
|
|
|
|
|
|
|
|
for i := 0; i < 24; i += 8 {
|
|
|
|
for j := 0; j < 64; j++ {
|
|
|
|
bf.encrypt(mut cipher_data[i..i + 8], cipher_data[i..i + 8])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
hash := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size])
|
|
|
|
return hash.bytes()
|
2021-11-28 13:40:50 +03:00
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// expensive_blowfish_setup generate a Blowfish cipher, given key, cost and salt.
|
2023-03-02 16:49:50 +03:00
|
|
|
fn expensive_blowfish_setup(key []u8, cost u32, salt []u8) !&blowfish.Blowfish {
|
2021-11-28 13:40:50 +03:00
|
|
|
csalt := base64.decode(salt.bytestr())
|
2022-12-31 18:18:43 +03:00
|
|
|
// Bug compatibility with C bcrypt implementations, which use the trailing NULL in the key string during expansion.
|
|
|
|
// See https://cs.opensource.google/go/x/crypto/+/master:bcrypt/bcrypt.go;l=226
|
|
|
|
mut ckey := key.clone()
|
|
|
|
ckey << 0
|
2021-11-28 13:40:50 +03:00
|
|
|
|
2022-12-31 18:18:43 +03:00
|
|
|
mut bf := blowfish.new_salted_cipher(ckey, csalt) or { return err }
|
2021-11-28 13:40:50 +03:00
|
|
|
|
|
|
|
mut i := u64(0)
|
|
|
|
mut rounds := u64(0)
|
|
|
|
rounds = 1 << cost
|
|
|
|
for i = 0; i < rounds; i++ {
|
2022-12-31 18:18:43 +03:00
|
|
|
blowfish.expand_key(ckey, mut bf)
|
2021-11-28 13:40:50 +03:00
|
|
|
blowfish.expand_key(csalt, mut bf)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &bf
|
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// hash_byte converts the hash value to a byte array.
|
2022-04-15 15:35:35 +03:00
|
|
|
fn (mut h Hashed) hash_u8() []u8 {
|
|
|
|
mut arr := []u8{len: 65, init: 0}
|
2021-11-28 16:30:13 +03:00
|
|
|
arr[0] = `$`
|
|
|
|
arr[1] = h.major[0]
|
2021-11-28 13:40:50 +03:00
|
|
|
mut n := 2
|
|
|
|
if h.minor != '0' {
|
2021-11-28 16:30:13 +03:00
|
|
|
arr[2] = h.minor[0]
|
2021-11-28 13:40:50 +03:00
|
|
|
n = 3
|
|
|
|
}
|
2021-11-28 16:30:13 +03:00
|
|
|
arr[n] = `$`
|
2021-11-28 13:40:50 +03:00
|
|
|
n++
|
2022-03-09 21:26:00 +03:00
|
|
|
copy(mut arr[n..], '${int(h.cost):02}'.bytes())
|
2021-11-28 13:40:50 +03:00
|
|
|
n += 2
|
2021-11-28 16:30:13 +03:00
|
|
|
arr[n] = `$`
|
2021-11-28 13:40:50 +03:00
|
|
|
n++
|
2022-03-09 21:26:00 +03:00
|
|
|
copy(mut arr[n..], h.salt)
|
2021-11-28 13:40:50 +03:00
|
|
|
n += bcrypt.encoded_salt_size
|
2022-03-09 21:26:00 +03:00
|
|
|
copy(mut arr[n..], h.hash)
|
2021-11-28 13:40:50 +03:00
|
|
|
n += bcrypt.encoded_hash_size
|
2021-11-28 21:35:18 +03:00
|
|
|
res := arr[..n].clone()
|
|
|
|
return res
|
2021-11-28 13:40:50 +03:00
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// decode_version decode bcrypt version.
|
2023-03-02 16:49:50 +03:00
|
|
|
fn (mut h Hashed) decode_version(sbytes []u8) !int {
|
2021-11-28 16:30:13 +03:00
|
|
|
if sbytes[0] != `$` {
|
2021-11-28 13:40:50 +03:00
|
|
|
return error("bcrypt hashes must start with '$'")
|
|
|
|
}
|
2021-11-28 16:30:13 +03:00
|
|
|
if sbytes[1] != bcrypt.major_version[0] {
|
2022-11-15 16:53:13 +03:00
|
|
|
return error('bcrypt algorithm version ${bcrypt.major_version}')
|
2021-11-28 13:40:50 +03:00
|
|
|
}
|
|
|
|
h.major = sbytes[1].ascii_str()
|
|
|
|
mut n := 3
|
2021-11-28 16:30:13 +03:00
|
|
|
if sbytes[2] != `$` {
|
2021-11-28 13:40:50 +03:00
|
|
|
h.minor = sbytes[2].ascii_str()
|
|
|
|
n++
|
|
|
|
}
|
|
|
|
return n
|
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// decode_cost extracts the value of cost and returns the next index in the array.
|
2023-03-02 16:49:50 +03:00
|
|
|
fn (mut h Hashed) decode_cost(sbytes []u8) !int {
|
2021-11-28 16:30:13 +03:00
|
|
|
cost := sbytes[0..2].bytestr().int()
|
2021-11-28 13:40:50 +03:00
|
|
|
check_cost(cost) or { return err }
|
|
|
|
h.cost = cost
|
|
|
|
return 3
|
|
|
|
}
|
|
|
|
|
2021-11-30 20:41:59 +03:00
|
|
|
// check_cost check for reasonable quantities.
|
2023-03-02 16:49:50 +03:00
|
|
|
fn check_cost(cost int) ! {
|
2021-11-28 13:40:50 +03:00
|
|
|
if cost < bcrypt.min_cost || cost > bcrypt.max_cost {
|
|
|
|
return error('invalid cost')
|
|
|
|
}
|
|
|
|
}
|