server/src/util/password.c

#ifdef _MSC_VER
#include <platform.h>
#endif
#include "password.h"

#include "crypto/crypto.h"

#include <assert.h>
#include <string.h>
#include <stdio.h>

int bcrypt_workfactor = 8;

bool password_is_implemented(cryptalgo_t algo) {
    if (algo == PASSWORD_BCRYPT) return true;
    return algo == PASSWORD_PLAINTEXT;
}

const char * password_hash(const char * passwd, cryptalgo_t algo) {
    if (algo == PASSWORD_BCRYPT && bcrypt_workfactor != 0) {
        char salt[BCRYPT_HASHSIZE];
        static char hash[BCRYPT_HASHSIZE];
        int ret;
        bcrypt_gensalt(bcrypt_workfactor, salt);
        ret = bcrypt_hashpw(passwd, salt, hash);
        assert(ret == 0);
        return hash;
    }
    return passwd;
}

int password_verify(const char * pwhash, const char * passwd) {
    if (pwhash[0] == '$') {
        if (pwhash[1] == '2') {
            if (bcrypt_workfactor > 0) {
                int ret = bcrypt_checkpw(passwd, pwhash);
                assert(ret != -1);
                return (ret == 0) ? VERIFY_OK : VERIFY_FAIL;
            }
            return VERIFY_OK;
        }
    }
    return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;
}

void password_generate(char *password, size_t length) {
    char salt[BCRYPT_HASHSIZE];

    assert(BCRYPT_HASHSIZE - 7 > length);
    bcrypt_gensalt(4, salt);
    memcpy(password, salt + 7, length);
    password[length] = 0;
}
fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00			`#ifdef _MSC_VER`
add a new password module start adding password hashing logic (WIP) does not yet pass all tests 2016-01-12 23:52:30 +01:00			`#include <platform.h>`
fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00			`#endif`
add a new password module start adding password hashing logic (WIP) does not yet pass all tests 2016-01-12 23:52:30 +01:00			`#include "password.h"`

More WIN32 adaptations, configurable work factor. 2018-09-26 19:05:49 +02:00			`#include "crypto/crypto.h"`
fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00
add a new password module start adding password hashing logic (WIP) does not yet pass all tests 2016-01-12 23:52:30 +01:00			`#include <assert.h>`
			`#include <string.h>`
			`#include <stdio.h>`
implement md5 password hashing (untested) disable test for case-insensitive password test fix faction/checkpasswd test 2016-01-13 14:41:09 +01:00
More WIN32 adaptations, configurable work factor. 2018-09-26 19:05:49 +02:00			`int bcrypt_workfactor = 8;`

fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00			`bool password_is_implemented(cryptalgo_t algo) {`
			`if (algo == PASSWORD_BCRYPT) return true;`
remove all password hashing code 2016-07-13 19:10:22 +02:00			`return algo == PASSWORD_PLAINTEXT;`
add a new password module start adding password hashing logic (WIP) does not yet pass all tests 2016-01-12 23:52:30 +01:00			`}`

rename password functions to match PHP. 2018-09-26 21:06:56 +02:00			`const char * password_hash(const char * passwd, cryptalgo_t algo) {`
simpler hack, um den brypt workfactor einzustellen (oder passwort-checks abzuschalten), weil man manchmal halt keine Zeit hat. 2018-11-27 20:16:27 +01:00			`if (algo == PASSWORD_BCRYPT && bcrypt_workfactor != 0) {`
fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00			`char salt[BCRYPT_HASHSIZE];`
			`static char hash[BCRYPT_HASHSIZE];`
			`int ret;`
More WIN32 adaptations, configurable work factor. 2018-09-26 19:05:49 +02:00			`bcrypt_gensalt(bcrypt_workfactor, salt);`
fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00			`ret = bcrypt_hashpw(passwd, salt, hash);`
			`assert(ret == 0);`
			`return hash;`
			`}`
remove all password hashing code 2016-07-13 19:10:22 +02:00			`return passwd;`
implement md5 password hashing (untested) disable test for case-insensitive password test fix faction/checkpasswd test 2016-01-13 14:41:09 +01:00			`}`

			`int password_verify(const char * pwhash, const char * passwd) {`
fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00			`if (pwhash[0] == '$') {`
			`if (pwhash[1] == '2') {`
simpler hack, um den brypt workfactor einzustellen (oder passwort-checks abzuschalten), weil man manchmal halt keine Zeit hat. 2018-11-27 20:16:27 +01:00			`if (bcrypt_workfactor > 0) {`
			`int ret = bcrypt_checkpw(passwd, pwhash);`
			`assert(ret != -1);`
			`return (ret == 0) ? VERIFY_OK : VERIFY_FAIL;`
			`}`
			`return VERIFY_OK;`
fix bcrypt library, add to password.c (works on mac) 2018-09-26 17:09:29 +02:00			`}`
			`}`
remove all password hashing code 2016-07-13 19:10:22 +02:00			`return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;`
add a new password module start adding password hashing logic (WIP) does not yet pass all tests 2016-01-12 23:52:30 +01:00			`}`
write a warning in the template about password replacement. for new factions, put the generated password into the template. normalize and secure password generation. 2019-01-12 21:26:48 +01:00
			`void password_generate(char *password, size_t length) {`
			`char salt[BCRYPT_HASHSIZE];`

			`assert(BCRYPT_HASHSIZE - 7 > length);`
			`bcrypt_gensalt(4, salt);`
			`memcpy(password, salt + 7, length);`
			`password[length] = 0;`
			`}`