vlib/crypto/bcrypt: Add bcrypt (#12595)

pull/12602/head
Taillook 2021-11-28 19:40:50 +09:00 committed by GitHub
parent f72d001db5
commit 783aba4552
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 1437 additions and 0 deletions

View File

@ -0,0 +1,182 @@
module bcrypt
import encoding.base64
import crypto.rand
import crypto.blowfish
pub const (
min_cost = 4
max_cost = 31
default_cost = 10
solt_length = 16
max_crypted_hash_size = 23
encoded_salt_size = 22
encoded_hash_size = 31
min_hash_size = 59
major_version = '2'
minor_version = 'a'
)
pub struct Hashed {
mut:
hash []byte
salt []byte
cost int
major string
minor string
}
const magic_cipher_data = [byte(0x4f727068), 0x65616e42, 0x65686f6c, 0x64657253, 0x63727944,
0x6f756274]
pub fn generate_from_password(password []byte, cost int) ?string {
mut p := new_from_password(password, cost) or { return error('Error: $err') }
return string(p.hash_byte())
}
pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
mut p := new_from_hash(hashed_password) or { return error('Error: $err') }
p.salt << '=='.bytes()
other_hash := bcrypt(password, p.cost, p.salt) or { return error('err') }
mut other_p := Hashed{
hash: other_hash
salt: p.salt
cost: p.cost
major: p.major
minor: p.minor
}
if string(p.hash_byte()) != string(other_p.hash_byte()) {
return error('mismatched hash and password')
}
}
pub fn generate_salt() string {
randbytes := rand.read(bcrypt.solt_length) or { panic(err) }
return randbytes.bytestr()
}
fn new_from_password(password []byte, cost int) ?&Hashed {
mut cost_ := cost
if cost < bcrypt.min_cost {
cost_ = bcrypt.default_cost
}
mut p := Hashed{}
p.major = bcrypt.major_version
p.minor = bcrypt.minor_version
if cost_ < bcrypt.min_cost || cost_ > bcrypt.max_cost {
return error('invalid cost')
}
p.cost = cost_
p.salt = base64.encode(generate_salt().bytes()).bytes()
hash := bcrypt(password, p.cost, p.salt) or { return err }
p.hash = hash
return &p
}
fn new_from_hash(hashed_secret []byte) ?&Hashed {
mut tmp := hashed_secret.clone()
if tmp.len < bcrypt.min_hash_size {
return error('hash to short')
}
mut p := Hashed{}
mut n := p.decode_version(tmp) or { return err }
tmp = tmp[n..]
n = p.decode_cost(tmp) or { return err }
tmp = tmp[n..]
p.salt = tmp[..bcrypt.encoded_salt_size].clone()
p.hash = tmp[bcrypt.encoded_salt_size..].clone()
return &p
}
fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
mut cipher_data := []byte{len: 72 - bcrypt.magic_cipher_data.len, init: 0}
cipher_data << bcrypt.magic_cipher_data
mut bf := expensive_blowfish_setup(password, u32(cost), salt) or { return err }
for i := 0; i < 24; i += 8 {
for j := 0; j < 64; j++ {
bf.encrypt(mut cipher_data[i..i + 8], cipher_data[i..i + 8])
}
}
hsh := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size])
return hsh.bytes()
}
fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfish {
csalt := base64.decode(salt.bytestr())
mut bf := blowfish.new_salted_cipher(key, csalt) or { return err }
mut i := u64(0)
mut rounds := u64(0)
rounds = 1 << cost
for i = 0; i < rounds; i++ {
blowfish.expand_key(key, mut bf)
blowfish.expand_key(csalt, mut bf)
}
return &bf
}
fn (mut h Hashed) hash_byte() []byte {
mut arr := []byte{len: 60, init: 0}
arr[0] = '$'.bytes()[0]
arr[1] = h.major.bytes()[0]
mut n := 2
if h.minor != '0' {
arr[2] = h.minor.bytes()[0]
n = 3
}
arr[n] = '$'.bytes()[0]
n++
copy(arr[n..], '${int(h.cost):02}'.bytes())
n += 2
arr[n] = '$'.bytes()[0]
n++
copy(arr[n..], h.salt)
n += bcrypt.encoded_salt_size
copy(arr[n..], h.hash)
n += bcrypt.encoded_hash_size
return arr[..n]
}
fn (mut h Hashed) decode_version(sbytes []byte) ?int {
if sbytes[0] != '$'.bytes()[0] {
return error("bcrypt hashes must start with '$'")
}
if sbytes[1] != bcrypt.major_version.bytes()[0] {
return error('bcrypt algorithm version $bcrypt.major_version')
}
h.major = sbytes[1].ascii_str()
mut n := 3
if sbytes[2] != '$'.bytes()[0] {
h.minor = sbytes[2].ascii_str()
n++
}
return n
}
fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
cost := string(sbytes[0..2]).int()
check_cost(cost) or { return err }
h.cost = cost
return 3
}
fn check_cost(cost int) ? {
if cost < bcrypt.min_cost || cost > bcrypt.max_cost {
return error('invalid cost')
}
}

View File

@ -0,0 +1,11 @@
import crypto.bcrypt
fn test_crypto_bcrypt() {
hash := bcrypt.generate_from_password('password'.bytes(), 10) or { panic(err) }
bcrypt.compare_hash_and_password('password'.bytes(), hash.bytes()) or { panic(err) }
bcrypt.compare_hash_and_password('password2'.bytes(), hash.bytes()) or {
assert err == error('mismatched hash and password')
}
}

View File

@ -0,0 +1,142 @@
module blowfish
pub fn expand_key(key []byte, mut bf Blowfish) {
mut j := 0
for i := 0; i < 18; i++ {
mut d := u32(0)
for k := 0; k < 4; k++ {
d = d << 8 | u32(key[j])
j++
if j >= key.len {
j = 0
}
}
bf.p[i] ^= d
}
mut l := u32(0)
mut r := u32(0)
for i := 0; i < 18; i += 2 {
arr := encrypt_block(l, r, mut bf)
bf.p[i], bf.p[i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
arr := encrypt_block(l, r, mut bf)
bf.s[0][i], bf.s[0][i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
arr := encrypt_block(l, r, mut bf)
bf.s[1][i], bf.s[1][i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
arr := encrypt_block(l, r, mut bf)
bf.s[2][i], bf.s[2][i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
arr := encrypt_block(l, r, mut bf)
bf.s[3][i], bf.s[3][i + 1] = arr[0], arr[1]
}
}
pub fn expand_key_with_salt(key []byte, salt []byte, mut bf Blowfish) {
mut j := 0
for i := 0; i < 18; i++ {
bf.p[i] ^= get_next_word(key, &j)
}
j = 0
mut l := u32(0)
mut r := u32(0)
for i := 0; i < 18; i += 2 {
l ^= get_next_word(key, &j)
r ^= get_next_word(key, &j)
arr := encrypt_block(l, r, mut bf)
bf.p[i], bf.p[i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
l ^= get_next_word(key, &j)
r ^= get_next_word(key, &j)
arr := encrypt_block(l, r, mut bf)
bf.s[0][i], bf.s[0][i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
l ^= get_next_word(key, &j)
r ^= get_next_word(key, &j)
arr := encrypt_block(l, r, mut bf)
bf.s[1][i], bf.s[1][i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
l ^= get_next_word(key, &j)
r ^= get_next_word(key, &j)
arr := encrypt_block(l, r, mut bf)
bf.s[2][i], bf.s[2][i + 1] = arr[0], arr[1]
}
for i := 0; i < 256; i += 2 {
l ^= get_next_word(key, &j)
r ^= get_next_word(key, &j)
arr := encrypt_block(l, r, mut bf)
bf.s[3][i], bf.s[3][i + 1] = arr[0], arr[1]
}
}
fn encrypt_block(l u32, r u32, mut bf Blowfish) []u32 {
mut xl := l
mut xr := r
xl ^= bf.p[0]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[1]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[2]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[3]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[4]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[5]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[6]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[7]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[8]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[9]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[10]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[11]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[12]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[13]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[14]
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
bf.s[3][byte(xl)] ^ bf.p[15]
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
bf.s[3][byte(xr)] ^ bf.p[16]
xr ^= bf.p[17]
return [xl, xr]
}
fn get_next_word(b []byte, pos &int) u32 {
mut w := u32(0)
mut j := 0
unsafe {
j = *pos
}
for i := 0; i < 4; i++ {
w = w << 8 | u32(b[j])
j++
if j >= b.len {
j = 0
}
}
unsafe {
*pos = j
}
return w
}

View File

@ -0,0 +1,37 @@
module blowfish
pub struct Blowfish {
pub mut:
p [18]u32
s [4][256]u32
}
pub fn new_cipher(key []byte) ?Blowfish {
mut bf := Blowfish{p, s}
if key.len < 1 || key.len > 56 {
return error('invalid key')
}
expand_key(key, mut bf)
return bf
}
pub fn new_salted_cipher(key []byte, salt []byte) ?Blowfish {
if salt.len == 0 {
return new_cipher(key)
}
mut bf := Blowfish{p, s}
if key.len < 1 {
return error('invalid key')
}
expand_key_with_salt(key, salt, mut bf)
return bf
}
pub fn (mut bf Blowfish) encrypt(mut dst []byte, src []byte) {
l := u32(src[0]) << 24 | u32(src[1]) << 16 | u32(src[2]) << 8 | u32(src[3])
r := u32(src[4]) << 24 | u32(src[5]) << 16 | u32(src[6]) << 8 | u32(src[7])
arr := encrypt_block(l, r, mut bf)
dst[0], dst[1], dst[2], dst[3] = byte(arr[0] >> 24), byte(arr[0] >> 16), byte(arr[0] >> 8), byte(arr[0])
dst[4], dst[5], dst[6], dst[7] = byte(arr[1] >> 24), byte(arr[1] >> 16), byte(arr[1] >> 8), byte(arr[1])
}

View File

@ -0,0 +1,8 @@
import crypto.blowfish
import encoding.base64
fn test_crypto_blowfish() {
key := 'password'.bytes()
csalt := base64.decode('an2da3dn')
bf := blowfish.new_salted_cipher(key, csalt) or { panic(err) }
}

File diff suppressed because it is too large Load Diff