int main()
{
clock_t before;
clock_t after;
char salt[BCRYPT_HASHSIZE];
char hash[BCRYPT_HASHSIZE];
const char pass[] = "hi,mom";
const char hash1[] = "$2a$10$VEVmGHy4F4XQMJ3eOZJAUeb.MedU0W10pTPCuf53eHdKJPiSE8sMK";
const char hash2[] = "$2a$10$3F0BVk5t8/aoS.3ddaB3l.fxg5qvafQ9NybxcpXLzMeAt.nVWn.NO";
assert(bcrypt_gensalt(12, salt) == 0);
printf("Generated salt: %s\n", salt);
before = clock();
assert(bcrypt_hashpw("testtesttest", salt, hash) == 0);
after = clock();
printf("Hashed password: %s\n", hash);
printf("Time taken: %f seconds\n",
(float)(after - before) / CLOCKS_PER_SEC);
assert(bcrypt_hashpw(pass, hash1, hash) == 0);
printf("First hash check: %s\n", (strcmp(hash1, hash) == 0)?"OK":"FAIL");
assert(bcrypt_hashpw(pass, hash2, hash) == 0);
printf("Second hash check: %s\n", (strcmp(hash2, hash) == 0)?"OK":"FAIL");
return 0;
}
void textadventure::bcrypt::performHash(
uvpp::Loop& loop,
std::string plaintext,
std::string salt,
std::function<void (std::string)> callback
) {
loop.doWork(
[plaintext, salt]() {
auto hash = new char[BCRYPT_HASHSIZE];
char csalt[BCRYPT_HASHSIZE];
auto csaltLength = salt.copy(csalt, salt.length(), 0);
csalt[csaltLength] = '\0';
auto cplaintext = plaintext.c_str();
bcrypt_hashpw(cplaintext, csalt, hash);
auto str = new std::string(hash);
delete hash;
return str;
},
[callback](void* result) {
auto str = std::unique_ptr<std::string>(
reinterpret_cast<std::string*>(result)
);
callback(*str);
}
);
}
int store_password(char *password, FILE *output) {
if (NULL != output) {
char salt[BCRYPT_HASHSIZE];
char hash[BCRYPT_HASHSIZE];
bcrypt_gensalt(12, salt);
bcrypt_hashpw(password, salt, hash);
output_to_stream(hash, output);
// unsigned char hash[crypto_hash_BYTES];
// // Invoke NaCl hash function (based on sha512) to hash the pw securely
// crypto_hash(hash, (unsigned char *) password, strlen(password));
//
// // Determine how long the hashed version is
// // and how long the base 64 version will be
// size_t hash_length = strlen((char *) hash);
// int encoded_length = Base64encode_len(hash_length);
//
// // Allocate a buffer large enough for the Base 64 version of the hash
// char *encoded_hash = (char *) calloc(encoded_length, sizeof(char));
// Base64encode(encoded_hash, (char *) hash, hash_length);
//
// output_to_stream(encoded_hash, output);
return 0;
}
return 1;
}
/*
* This function expects a password and a hash to verify the password against.
* The internal implementation is tuned to avoid timing attacks.
*
* The return value will be -1 in case of errors, zero if the provided password
* matches the given hash and greater than zero if no errors are found and the
* passwords don't match.
*
*/
int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE])
{
int ret;
char outhash[BCRYPT_HASHSIZE];
ret = bcrypt_hashpw(passwd, hash, outhash);
if (ret != 0)
return -1;
return timing_safe_strcmp(hash, outhash);
}
static int bcrypt_encrypt(
const struct berval *scheme,
const struct berval *passwd,
struct berval *msg,
const char **text)
{
char salt[BCRYPT_HASHSIZE] = {0};
char hash[BCRYPT_HASHSIZE] = {0};
int rc;
int i = 0;
rc = bcrypt_gensalt(BCRYPT_ITERATION, salt);
#ifdef SLAPD_BCRYPT_DEBUG
printf("DEBUG bcrypt_encrypt()\n");
if(rc != 0) {
printf("bcrypt_gensalt error %d\n", rc);
} else {
printf("bcrypt_gensalt OK %d\n", rc);
}
printf("Salt: ");
for(; i < BCRYPT_HASHSIZE; i++) {
printf("%c", salt[i]);
}
printf("\n");
#endif
if(rc != 0) return LUTIL_PASSWD_ERR;
rc = bcrypt_hashpw(passwd->bv_val, salt, hash);
#ifdef SLAPD_BCRYPT_DEBUG
if(rc != 0) {
printf("bcrypt_hashpw error %d\n", rc);
} else {
printf("bcrypt_hashpw OK %d\n", rc);
}
#endif
if(rc != 0) return LUTIL_PASSWD_ERR;
msg->bv_len = asprintf(&msg->bv_val, "%s%s", scheme->bv_val, hash);
#ifdef SLAPD_BCRYPT_DEBUG
printf("bcrypt_encrypt() result: ");
printf("%s%s\n", scheme->bv_val, hash);
#endif
if(msg->bv_len < 0){
return LUTIL_PASSWD_ERR;
}
return LUTIL_PASSWD_OK;
}
int main(int argc, char *argv[])
{
char salt[BCRYPT_HASHSIZE];
char hash[BCRYPT_HASHSIZE];
int log_rounds = 12;
if (argc != 2 && argc != 3)
{
fprintf(stderr, "usage: %s <plaintext> [<rounds>|<hash>]\n", argv[0]);
exit(EXIT_FAILURE);
}
if (argc == 2 || sscanf(argv[2], "%d", &log_rounds) == 1)
{
bcrypt_gensalt(log_rounds, salt);
bcrypt_hashpw(argv[1], salt, hash);
printf("%s\n", hash);
}
else
{
bcrypt_hashpw(argv[1], argv[2], hash);
printf("Expected: %s\n", argv[2]);
printf(" Actual: %s\n", hash);
if (strcmp(argv[2], hash) == 0)
{
printf("The password matches\n");
}
else
{
printf("The password does NOT match\n");
}
}
return 0;
}
CSString CBCrypt::HashBCrypt(const char* password, int iPrefixCode, int iCost) // static
{
char salt[BCRYPT_HASHSIZE];
char hash[BCRYPT_HASHSIZE];
const char *pcPrefix;
switch (iPrefixCode)
{
default:
case 0: pcPrefix = "$2a$"; break;
case 1: pcPrefix = "$2b$"; break;
case 2: pcPrefix = "$2y$"; break;
case 3: pcPrefix = "$1$"; break;
case 4: pcPrefix = "_"; break;
}
if (bcrypt_gensalt(pcPrefix, iCost, salt) != 0)
return CSString();
if (bcrypt_hashpw(password, salt, hash) != 0)
return CSString();
return CSString(hash);
}
static int bcrypt_check(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred,
const char **text)
{
int rc;
int i = 0;
#ifdef SLAPD_BCRYPT_DEBUG
printf("DEBUG bcrypt_check()\n");
printf(" Stored Value:\t%s\n", passwd->bv_val);
printf(" Input Cred:\t%s\n", cred->bv_val);
#endif
char hash[BCRYPT_HASHSIZE] = {0};
rc = bcrypt_hashpw(cred->bv_val, passwd->bv_val, hash);
#ifdef SLAPD_BCRYPT_DEBUG
if(rc != 0) {
printf("bcrypt_hashpw error %d\n", rc);
} else {
printf("bcrypt_hashpw OK %d\n", rc);
}
#endif
if(rc != 0) return LUTIL_PASSWD_ERR;
#ifdef SLAPD_BCRYPT_DEBUG
printf(" Hash:\t%s\n", hash);
#endif
if (strcmp(passwd->bv_val, hash) == 0) {
return LUTIL_PASSWD_OK;
} else {
return LUTIL_PASSWD_ERR;
}
}
