1 | /* $Id: HashedPw.cpp 69500 2017-10-28 15:14:05Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * Main - Password Hashing
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2012-2017 Oracle Corporation
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox Open Source Edition (OSE), as
|
---|
10 | * available from http://www.virtualbox.org. This file is free software;
|
---|
11 | * you can redistribute it and/or modify it under the terms of the GNU
|
---|
12 | * General Public License (GPL) as published by the Free Software
|
---|
13 | * Foundation, in version 2 as it comes in the "COPYING" file of the
|
---|
14 | * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
|
---|
15 | * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
|
---|
16 | */
|
---|
17 |
|
---|
18 |
|
---|
19 | /*********************************************************************************************************************************
|
---|
20 | * Header Files *
|
---|
21 | *********************************************************************************************************************************/
|
---|
22 | #include "HashedPw.h"
|
---|
23 |
|
---|
24 | #include <iprt/assert.h>
|
---|
25 | #include <iprt/ctype.h>
|
---|
26 | #include <iprt/sha.h>
|
---|
27 | #include <iprt/string.h>
|
---|
28 |
|
---|
29 |
|
---|
30 | /*********************************************************************************************************************************
|
---|
31 | * Global Variables *
|
---|
32 | *********************************************************************************************************************************/
|
---|
33 | /**
|
---|
34 | * The prefix of a hashed password.
|
---|
35 | */
|
---|
36 | static const char s_szHashedPwPrefix[] = "#SHA-512#";
|
---|
37 |
|
---|
38 |
|
---|
39 | /**
|
---|
40 | * Checks if the password is a hashed one or not.
|
---|
41 | *
|
---|
42 | * Empty password are not considered hashed.
|
---|
43 | *
|
---|
44 | * @returns true if hashed, false if not.
|
---|
45 | * @param a_pstrPassword Password to inspect.
|
---|
46 | */
|
---|
47 | bool VBoxIsPasswordHashed(RTCString const *a_pstrPassword)
|
---|
48 | {
|
---|
49 | /* prefix */
|
---|
50 | if (!a_pstrPassword->startsWith(s_szHashedPwPrefix))
|
---|
51 | return false;
|
---|
52 |
|
---|
53 | /* salt (optional) */
|
---|
54 | const char *pszSalt = a_pstrPassword->c_str() + sizeof(s_szHashedPwPrefix) - 1;
|
---|
55 | const char *pszSaltEnd = strchr(pszSalt, '#');
|
---|
56 | if (!pszSaltEnd)
|
---|
57 | return false;
|
---|
58 | while (pszSalt != pszSaltEnd)
|
---|
59 | {
|
---|
60 | if (!RT_C_IS_XDIGIT(*pszSalt))
|
---|
61 | return false;
|
---|
62 | pszSalt++;
|
---|
63 | }
|
---|
64 |
|
---|
65 | /* hash */
|
---|
66 | uint8_t abHash[RTSHA512_HASH_SIZE];
|
---|
67 | int rc = RTSha512FromString(pszSaltEnd + 1, abHash);
|
---|
68 | return RT_SUCCESS(rc);
|
---|
69 | }
|
---|
70 |
|
---|
71 |
|
---|
72 | /**
|
---|
73 | * Hashes a plain text password.
|
---|
74 | *
|
---|
75 | * @param a_pstrPassword Plain text password to hash. This is both
|
---|
76 | * input and output.
|
---|
77 | */
|
---|
78 | void VBoxHashPassword(RTCString *a_pstrPassword)
|
---|
79 | {
|
---|
80 | AssertReturnVoid(!VBoxIsPasswordHashed(a_pstrPassword));
|
---|
81 |
|
---|
82 | char szHashedPw[sizeof(s_szHashedPwPrefix) + 1 + RTSHA512_DIGEST_LEN];
|
---|
83 | if (a_pstrPassword->isEmpty())
|
---|
84 | szHashedPw[0] = '\0';
|
---|
85 | else
|
---|
86 | {
|
---|
87 | /* prefix */
|
---|
88 | char *pszHashedPw = szHashedPw;
|
---|
89 | strcpy(pszHashedPw, s_szHashedPwPrefix);
|
---|
90 | pszHashedPw += sizeof(s_szHashedPwPrefix) - 1;
|
---|
91 |
|
---|
92 | /* salt */
|
---|
93 | *pszHashedPw++ = '#'; /* no salt yet */
|
---|
94 |
|
---|
95 | /* hash */
|
---|
96 | uint8_t abHash[RTSHA512_HASH_SIZE];
|
---|
97 | RTSha512(a_pstrPassword->c_str(), a_pstrPassword->length(), abHash);
|
---|
98 | int rc = RTSha512ToString(abHash, pszHashedPw, sizeof(szHashedPw) - (pszHashedPw - &szHashedPw[0]));
|
---|
99 | AssertReleaseRC(rc);
|
---|
100 | }
|
---|
101 |
|
---|
102 | *a_pstrPassword = szHashedPw;
|
---|
103 | }
|
---|
104 |
|
---|