VirtualBox

source: vbox/trunk/src/VBox/Main/src-all/HashedPw.cpp@ 49498

Last change on this file since 49498 was 40066, checked in by vboxsync, 13 years ago

hash the teleporter token.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 3.1 KB
Line 
1/* $Id: HashedPw.cpp 40066 2012-02-10 14:52:47Z vboxsync $ */
2/** @file
3 * Main - Password Hashing
4 */
5
6/*
7 * Copyright (C) 2012 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Header Files *
20*******************************************************************************/
21#include "HashedPw.h"
22
23#include <iprt/assert.h>
24#include <iprt/ctype.h>
25#include <iprt/sha.h>
26#include <iprt/string.h>
27
28
29/*******************************************************************************
30* Global Variables *
31*******************************************************************************/
32/**
33 * The prefix of a hashed password.
34 */
35static const char s_szHashedPwPrefix[] = "#SHA-512#";
36
37
38/**
39 * Checks if the password is a hashed one or not.
40 *
41 * Empty password are not considered hashed.
42 *
43 * @returns true if hashed, false if not.
44 * @param a_pstrPassword Password to inspect.
45 */
46bool VBoxIsPasswordHashed(RTCString const *a_pstrPassword)
47{
48 /* prefix */
49 if (!a_pstrPassword->startsWith(s_szHashedPwPrefix))
50 return false;
51
52 /* salt (optional) */
53 const char *pszSalt = a_pstrPassword->c_str() + sizeof(s_szHashedPwPrefix) - 1;
54 const char *pszSaltEnd = strchr(pszSalt, '#');
55 if (!pszSaltEnd)
56 return false;
57 while (pszSalt != pszSaltEnd)
58 {
59 if (!RT_C_IS_XDIGIT(*pszSalt))
60 return false;
61 pszSalt++;
62 }
63
64 /* hash */
65 uint8_t abHash[RTSHA512_HASH_SIZE];
66 int rc = RTSha512FromString(pszSaltEnd + 1, abHash);
67 return RT_SUCCESS(rc);
68}
69
70
71/**
72 * Hashes a plain text password.
73 *
74 * @param a_pstrPassword Plain text password to hash. This is both
75 * input and output.
76 */
77void VBoxHashPassword(RTCString *a_pstrPassword)
78{
79 AssertReturnVoid(!VBoxIsPasswordHashed(a_pstrPassword));
80
81 char szHashedPw[sizeof(s_szHashedPwPrefix) + 1 + RTSHA512_DIGEST_LEN];
82 if (a_pstrPassword->isEmpty())
83 szHashedPw[0] = '\0';
84 else
85 {
86 /* prefix */
87 char *pszHashedPw = szHashedPw;
88 strcpy(pszHashedPw, s_szHashedPwPrefix);
89 pszHashedPw += sizeof(s_szHashedPwPrefix) - 1;
90
91 /* salt */
92 *pszHashedPw++ = '#'; /* no salt yet */
93
94 /* hash */
95 uint8_t abHash[RTSHA512_HASH_SIZE];
96 RTSha512(a_pstrPassword->c_str(), a_pstrPassword->length(), abHash);
97 int rc = RTSha512ToString(abHash, pszHashedPw, sizeof(szHashedPw) - (pszHashedPw - &szHashedPw[0]));
98 AssertReleaseRC(rc);
99 }
100
101 *a_pstrPassword = szHashedPw;
102}
103
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette