vieter-v
/
v
2
0
Fork 0
Code Issues Pull Requests Releases Activity

crypto.bcrypt: add doc comments for public bcrypt functions (#12622)

pull/12638/head
Taillook 2021-12-01 02:41:59 +09:00 committed by GitHub
parent 6f193c4300
commit f86710dcc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
vlib/crypto/bcrypt/bcrypt.v
View File

@ -30,12 +30,14 @@ mut:
const magic_cipher_data = [byte(0x4f), 0x72, 0x70, 0x68, 0x65, 0x61, 0x6e, 0x42, 0x65, 0x68, 0x6f, const magic_cipher_data = [byte(0x4f), 0x72, 0x70, 0x68, 0x65, 0x61, 0x6e, 0x42, 0x65, 0x68, 0x6f,
0x6c, 0x64, 0x65, 0x72, 0x53, 0x63, 0x72, 0x79, 0x44, 0x6f, 0x75, 0x62, 0x74] 0x6c, 0x64, 0x65, 0x72, 0x53, 0x63, 0x72, 0x79, 0x44, 0x6f, 0x75, 0x62, 0x74]
// generate_from_password return a bcrypt string from Hashed struct.
pub fn generate_from_password(password []byte, cost int) ?string { pub fn generate_from_password(password []byte, cost int) ?string {
mut p := new_from_password(password, cost) or { return error('Error: $err') } mut p := new_from_password(password, cost) or { return error('Error: $err') }
x := p.hash_byte() x := p.hash_byte()
return x.bytestr() return x.bytestr()
} }
// compare_hash_and_password compares a bcrypt hashed password with its possible hashed version.
pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? { pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
mut p := new_from_hash(hashed_password) or { return error('Error: $err') } mut p := new_from_hash(hashed_password) or { return error('Error: $err') }
p.salt << `=` p.salt << `=`
@ -55,11 +57,13 @@ pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
} }
} }
// generate_salt generate a string to be treated as a salt.
pub fn generate_salt() string { pub fn generate_salt() string {
randbytes := rand.read(bcrypt.salt_length) or { panic(err) } randbytes := rand.read(bcrypt.salt_length) or { panic(err) }
return randbytes.bytestr() return randbytes.bytestr()
} }
// new_from_password converting from password to a Hashed struct with bcrypt.
fn new_from_password(password []byte, cost int) ?&Hashed { fn new_from_password(password []byte, cost int) ?&Hashed {
mut cost_ := cost mut cost_ := cost
if cost < bcrypt.min_cost { if cost < bcrypt.min_cost {
@ -81,6 +85,7 @@ fn new_from_password(password []byte, cost int) ?&Hashed {
return p return p
} }
// new_from_hash converting from hashed data to a Hashed struct.
fn new_from_hash(hashed_secret []byte) ?&Hashed { fn new_from_hash(hashed_secret []byte) ?&Hashed {
mut tmp := hashed_secret.clone() mut tmp := hashed_secret.clone()
if tmp.len < bcrypt.min_hash_size { if tmp.len < bcrypt.min_hash_size {
@ -100,6 +105,7 @@ fn new_from_hash(hashed_secret []byte) ?&Hashed {
return p return p
} }
// bcrypt hashing passwords.
fn bcrypt(password []byte, cost int, salt []byte) ?[]byte { fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
mut cipher_data := []byte{len: 72 - bcrypt.magic_cipher_data.len, init: 0} mut cipher_data := []byte{len: 72 - bcrypt.magic_cipher_data.len, init: 0}
cipher_data << bcrypt.magic_cipher_data cipher_data << bcrypt.magic_cipher_data
@ -112,10 +118,11 @@ fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
} }
} }
hsh := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size]) hash := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size])
return hsh.bytes() return hash.bytes()
} }
// expensive_blowfish_setup generate a Blowfish cipher, given key, cost and salt.
fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfish { fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfish {
csalt := base64.decode(salt.bytestr()) csalt := base64.decode(salt.bytestr())
@ -132,6 +139,7 @@ fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfi
return &bf return &bf
} }
// hash_byte converts the hash value to a byte array.
fn (mut h Hashed) hash_byte() []byte { fn (mut h Hashed) hash_byte() []byte {
mut arr := []byte{len: 65, init: 0} mut arr := []byte{len: 65, init: 0}
arr[0] = `$` arr[0] = `$`
@ -155,6 +163,7 @@ fn (mut h Hashed) hash_byte() []byte {
return res return res
} }
// decode_version decode bcrypt version.
fn (mut h Hashed) decode_version(sbytes []byte) ?int { fn (mut h Hashed) decode_version(sbytes []byte) ?int {
if sbytes[0] != `$` { if sbytes[0] != `$` {
return error("bcrypt hashes must start with '$'") return error("bcrypt hashes must start with '$'")
@ -171,6 +180,7 @@ fn (mut h Hashed) decode_version(sbytes []byte) ?int {
return n return n
} }
// decode_cost extracts the value of cost and returns the next index in the array.
fn (mut h Hashed) decode_cost(sbytes []byte) ?int { fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
cost := sbytes[0..2].bytestr().int() cost := sbytes[0..2].bytestr().int()
check_cost(cost) or { return err } check_cost(cost) or { return err }
@ -178,6 +188,7 @@ fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
return 3 return 3
} }
// check_cost check for reasonable quantities.
fn check_cost(cost int) ? { fn check_cost(cost int) ? {
if cost < bcrypt.min_cost || cost > bcrypt.max_cost { if cost < bcrypt.min_cost || cost > bcrypt.max_cost {
return error('invalid cost') return error('invalid cost')