VirtualBox

source: vbox/trunk/src/VBox/Main/src-all/HashedPw.cpp@ 86714

Last change on this file since 86714 was 85238, checked in by vboxsync, 4 years ago

Main/HashedPw.cpp: Signedness warning. bugref:9790

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 3.4 KB
Line 
1/* $Id: HashedPw.cpp 85238 2020-07-11 16:37:56Z vboxsync $ */
2/** @file
3 * Main - Password Hashing
4 */
5
6/*
7 * Copyright (C) 2012-2020 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Header Files *
21*********************************************************************************************************************************/
22#include "HashedPw.h"
23
24#include <iprt/assert.h>
25#include <iprt/ctype.h>
26#include <iprt/sha.h>
27#include <iprt/string.h>
28
29
30/*********************************************************************************************************************************
31* Global Variables *
32*********************************************************************************************************************************/
33/**
34 * The prefix of a hashed password.
35 */
36static const char s_szHashedPwPrefix[] = "#SHA-512#";
37
38
39/**
40 * Checks if the password is a hashed one or not.
41 *
42 * Empty password are not considered hashed.
43 *
44 * @returns true if hashed, false if not.
45 * @param a_pstrPassword Password to inspect.
46 */
47bool VBoxIsPasswordHashed(RTCString const *a_pstrPassword)
48{
49 /* prefix */
50 if (!a_pstrPassword->startsWith(s_szHashedPwPrefix))
51 return false;
52
53 /* salt (optional) */
54 const char *pszSalt = a_pstrPassword->c_str() + sizeof(s_szHashedPwPrefix) - 1;
55 const char *pszSaltEnd = strchr(pszSalt, '#');
56 if (!pszSaltEnd)
57 return false;
58 while (pszSalt != pszSaltEnd)
59 {
60 if (!RT_C_IS_XDIGIT(*pszSalt))
61 return false;
62 pszSalt++;
63 }
64
65 /* hash */
66 uint8_t abHash[RTSHA512_HASH_SIZE];
67 int rc = RTSha512FromString(pszSaltEnd + 1, abHash);
68 return RT_SUCCESS(rc);
69}
70
71
72/**
73 * Hashes a plain text password.
74 *
75 * @param a_pstrPassword Plain text password to hash. This is both
76 * input and output.
77 */
78void VBoxHashPassword(RTCString *a_pstrPassword)
79{
80 AssertReturnVoid(!VBoxIsPasswordHashed(a_pstrPassword));
81
82 char szHashedPw[sizeof(s_szHashedPwPrefix) + 1 + RTSHA512_DIGEST_LEN];
83 if (a_pstrPassword->isEmpty())
84 szHashedPw[0] = '\0';
85 else
86 {
87 /* prefix */
88 char *pszHashedPw = szHashedPw;
89 strcpy(pszHashedPw, s_szHashedPwPrefix);
90 pszHashedPw += sizeof(s_szHashedPwPrefix) - 1;
91
92 /* salt */
93 *pszHashedPw++ = '#'; /* no salt yet */
94
95 /* hash */
96 uint8_t abHash[RTSHA512_HASH_SIZE];
97 RTSha512(a_pstrPassword->c_str(), a_pstrPassword->length(), abHash);
98 int rc = RTSha512ToString(abHash, pszHashedPw, sizeof(szHashedPw) - (size_t)(pszHashedPw - &szHashedPw[0]));
99 AssertReleaseRC(rc);
100 }
101
102 *a_pstrPassword = szHashedPw;
103}
104
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette