VirtualBox

source: vbox/trunk/src/VBox/Main/src-all/HashedPw.cpp@ 98694

Last change on this file since 98694 was 98103, checked in by vboxsync, 2 years ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 3.6 KB
Line 
1/* $Id: HashedPw.cpp 98103 2023-01-17 14:15:46Z vboxsync $ */
2/** @file
3 * Main - Password Hashing
4 */
5
6/*
7 * Copyright (C) 2012-2023 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * SPDX-License-Identifier: GPL-3.0-only
26 */
27
28
29/*********************************************************************************************************************************
30* Header Files *
31*********************************************************************************************************************************/
32#include "HashedPw.h"
33
34#include <iprt/assert.h>
35#include <iprt/ctype.h>
36#include <iprt/sha.h>
37#include <iprt/string.h>
38
39
40/*********************************************************************************************************************************
41* Global Variables *
42*********************************************************************************************************************************/
43/**
44 * The prefix of a hashed password.
45 */
46static const char s_szHashedPwPrefix[] = "#SHA-512#";
47
48
49/**
50 * Checks if the password is a hashed one or not.
51 *
52 * Empty password are not considered hashed.
53 *
54 * @returns true if hashed, false if not.
55 * @param a_pstrPassword Password to inspect.
56 */
57bool VBoxIsPasswordHashed(RTCString const *a_pstrPassword)
58{
59 /* prefix */
60 if (!a_pstrPassword->startsWith(s_szHashedPwPrefix))
61 return false;
62
63 /* salt (optional) */
64 const char *pszSalt = a_pstrPassword->c_str() + sizeof(s_szHashedPwPrefix) - 1;
65 const char *pszSaltEnd = strchr(pszSalt, '#');
66 if (!pszSaltEnd)
67 return false;
68 while (pszSalt != pszSaltEnd)
69 {
70 if (!RT_C_IS_XDIGIT(*pszSalt))
71 return false;
72 pszSalt++;
73 }
74
75 /* hash */
76 uint8_t abHash[RTSHA512_HASH_SIZE];
77 int vrc = RTSha512FromString(pszSaltEnd + 1, abHash);
78 return RT_SUCCESS(vrc);
79}
80
81
82/**
83 * Hashes a plain text password.
84 *
85 * @param a_pstrPassword Plain text password to hash. This is both
86 * input and output.
87 */
88void VBoxHashPassword(RTCString *a_pstrPassword)
89{
90 AssertReturnVoid(!VBoxIsPasswordHashed(a_pstrPassword));
91
92 char szHashedPw[sizeof(s_szHashedPwPrefix) + 1 + RTSHA512_DIGEST_LEN];
93 if (a_pstrPassword->isEmpty())
94 szHashedPw[0] = '\0';
95 else
96 {
97 /* prefix */
98 char *pszHashedPw = szHashedPw;
99 strcpy(pszHashedPw, s_szHashedPwPrefix);
100 pszHashedPw += sizeof(s_szHashedPwPrefix) - 1;
101
102 /* salt */
103 *pszHashedPw++ = '#'; /* no salt yet */
104
105 /* hash */
106 uint8_t abHash[RTSHA512_HASH_SIZE];
107 RTSha512(a_pstrPassword->c_str(), a_pstrPassword->length(), abHash);
108 int vrc = RTSha512ToString(abHash, pszHashedPw, sizeof(szHashedPw) - (size_t)(pszHashedPw - &szHashedPw[0]));
109 AssertReleaseRC(vrc);
110 }
111
112 *a_pstrPassword = szHashedPw;
113}
114
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette