crypto.bcrypt: add doc comments for public bcrypt functions (#12622)
parent
6f193c4300
commit
f86710dcc7
|
@ -30,12 +30,14 @@ mut:
|
||||||
const magic_cipher_data = [byte(0x4f), 0x72, 0x70, 0x68, 0x65, 0x61, 0x6e, 0x42, 0x65, 0x68, 0x6f,
|
const magic_cipher_data = [byte(0x4f), 0x72, 0x70, 0x68, 0x65, 0x61, 0x6e, 0x42, 0x65, 0x68, 0x6f,
|
||||||
0x6c, 0x64, 0x65, 0x72, 0x53, 0x63, 0x72, 0x79, 0x44, 0x6f, 0x75, 0x62, 0x74]
|
0x6c, 0x64, 0x65, 0x72, 0x53, 0x63, 0x72, 0x79, 0x44, 0x6f, 0x75, 0x62, 0x74]
|
||||||
|
|
||||||
|
// generate_from_password return a bcrypt string from Hashed struct.
|
||||||
pub fn generate_from_password(password []byte, cost int) ?string {
|
pub fn generate_from_password(password []byte, cost int) ?string {
|
||||||
mut p := new_from_password(password, cost) or { return error('Error: $err') }
|
mut p := new_from_password(password, cost) or { return error('Error: $err') }
|
||||||
x := p.hash_byte()
|
x := p.hash_byte()
|
||||||
return x.bytestr()
|
return x.bytestr()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// compare_hash_and_password compares a bcrypt hashed password with its possible hashed version.
|
||||||
pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
|
pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
|
||||||
mut p := new_from_hash(hashed_password) or { return error('Error: $err') }
|
mut p := new_from_hash(hashed_password) or { return error('Error: $err') }
|
||||||
p.salt << `=`
|
p.salt << `=`
|
||||||
|
@ -55,11 +57,13 @@ pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// generate_salt generate a string to be treated as a salt.
|
||||||
pub fn generate_salt() string {
|
pub fn generate_salt() string {
|
||||||
randbytes := rand.read(bcrypt.salt_length) or { panic(err) }
|
randbytes := rand.read(bcrypt.salt_length) or { panic(err) }
|
||||||
return randbytes.bytestr()
|
return randbytes.bytestr()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// new_from_password converting from password to a Hashed struct with bcrypt.
|
||||||
fn new_from_password(password []byte, cost int) ?&Hashed {
|
fn new_from_password(password []byte, cost int) ?&Hashed {
|
||||||
mut cost_ := cost
|
mut cost_ := cost
|
||||||
if cost < bcrypt.min_cost {
|
if cost < bcrypt.min_cost {
|
||||||
|
@ -81,6 +85,7 @@ fn new_from_password(password []byte, cost int) ?&Hashed {
|
||||||
return p
|
return p
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// new_from_hash converting from hashed data to a Hashed struct.
|
||||||
fn new_from_hash(hashed_secret []byte) ?&Hashed {
|
fn new_from_hash(hashed_secret []byte) ?&Hashed {
|
||||||
mut tmp := hashed_secret.clone()
|
mut tmp := hashed_secret.clone()
|
||||||
if tmp.len < bcrypt.min_hash_size {
|
if tmp.len < bcrypt.min_hash_size {
|
||||||
|
@ -100,6 +105,7 @@ fn new_from_hash(hashed_secret []byte) ?&Hashed {
|
||||||
return p
|
return p
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// bcrypt hashing passwords.
|
||||||
fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
|
fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
|
||||||
mut cipher_data := []byte{len: 72 - bcrypt.magic_cipher_data.len, init: 0}
|
mut cipher_data := []byte{len: 72 - bcrypt.magic_cipher_data.len, init: 0}
|
||||||
cipher_data << bcrypt.magic_cipher_data
|
cipher_data << bcrypt.magic_cipher_data
|
||||||
|
@ -112,10 +118,11 @@ fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
hsh := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size])
|
hash := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size])
|
||||||
return hsh.bytes()
|
return hash.bytes()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// expensive_blowfish_setup generate a Blowfish cipher, given key, cost and salt.
|
||||||
fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfish {
|
fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfish {
|
||||||
csalt := base64.decode(salt.bytestr())
|
csalt := base64.decode(salt.bytestr())
|
||||||
|
|
||||||
|
@ -132,6 +139,7 @@ fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfi
|
||||||
return &bf
|
return &bf
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// hash_byte converts the hash value to a byte array.
|
||||||
fn (mut h Hashed) hash_byte() []byte {
|
fn (mut h Hashed) hash_byte() []byte {
|
||||||
mut arr := []byte{len: 65, init: 0}
|
mut arr := []byte{len: 65, init: 0}
|
||||||
arr[0] = `$`
|
arr[0] = `$`
|
||||||
|
@ -155,6 +163,7 @@ fn (mut h Hashed) hash_byte() []byte {
|
||||||
return res
|
return res
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// decode_version decode bcrypt version.
|
||||||
fn (mut h Hashed) decode_version(sbytes []byte) ?int {
|
fn (mut h Hashed) decode_version(sbytes []byte) ?int {
|
||||||
if sbytes[0] != `$` {
|
if sbytes[0] != `$` {
|
||||||
return error("bcrypt hashes must start with '$'")
|
return error("bcrypt hashes must start with '$'")
|
||||||
|
@ -171,6 +180,7 @@ fn (mut h Hashed) decode_version(sbytes []byte) ?int {
|
||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// decode_cost extracts the value of cost and returns the next index in the array.
|
||||||
fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
|
fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
|
||||||
cost := sbytes[0..2].bytestr().int()
|
cost := sbytes[0..2].bytestr().int()
|
||||||
check_cost(cost) or { return err }
|
check_cost(cost) or { return err }
|
||||||
|
@ -178,6 +188,7 @@ fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
|
||||||
return 3
|
return 3
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check_cost check for reasonable quantities.
|
||||||
fn check_cost(cost int) ? {
|
fn check_cost(cost int) ? {
|
||||||
if cost < bcrypt.min_cost || cost > bcrypt.max_cost {
|
if cost < bcrypt.min_cost || cost > bcrypt.max_cost {
|
||||||
return error('invalid cost')
|
return error('invalid cost')
|
||||||
|
|
Loading…
Reference in New Issue