diff options
Diffstat (limited to 'botan/doc/examples/passhash.cpp')
-rw-r--r-- | botan/doc/examples/passhash.cpp | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/botan/doc/examples/passhash.cpp b/botan/doc/examples/passhash.cpp new file mode 100644 index 0000000..7f5bbc2 --- /dev/null +++ b/botan/doc/examples/passhash.cpp @@ -0,0 +1,86 @@ +#include <botan/botan.h> +#include <botan/pbkdf2.h> +#include <botan/hmac.h> +#include <botan/sha160.h> +#include <iostream> +#include <memory> + +using namespace Botan; + +std::string password_hash(const std::string& pass, + RandomNumberGenerator& rng); +bool password_hash_ok(const std::string& pass, const std::string& hash); + +int main(int argc, char* argv[]) + { + if(argc != 2 && argc != 3) + { + std::cerr << "Usage: " << argv[0] << " password\n"; + std::cerr << "Usage: " << argv[0] << " password hash\n"; + return 1; + } + + Botan::LibraryInitializer init; + + try + { + + if(argc == 2) + { + AutoSeeded_RNG rng; + + std::cout << "H('" << argv[1] << "') = " + << password_hash(argv[1], rng) << '\n'; + } + else + { + bool ok = password_hash_ok(argv[1], argv[2]); + if(ok) + std::cout << "Password and hash match\n"; + else + std::cout << "Password and hash do not match\n"; + } + } + catch(std::exception& e) + { + std::cerr << e.what() << '\n'; + return 1; + } + return 0; + } + +std::string password_hash(const std::string& pass, + RandomNumberGenerator& rng) + { + PKCS5_PBKDF2 kdf(new HMAC(new SHA_160)); + + kdf.set_iterations(10000); + kdf.new_random_salt(rng, 6); // 48 bits + + Pipe pipe(new Base64_Encoder); + pipe.start_msg(); + pipe.write(kdf.current_salt()); + pipe.write(kdf.derive_key(12, pass).bits_of()); + pipe.end_msg(); + + return pipe.read_all_as_string(); + } + +bool password_hash_ok(const std::string& pass, const std::string& hash) + { + Pipe pipe(new Base64_Decoder); + pipe.start_msg(); + pipe.write(hash); + pipe.end_msg(); + + SecureVector<byte> hash_bin = pipe.read_all(); + + PKCS5_PBKDF2 kdf(new HMAC(new SHA_160)); + + kdf.set_iterations(10000); + kdf.change_salt(hash_bin, 6); + + SecureVector<byte> cmp = kdf.derive_key(12, pass).bits_of(); + + return same_mem(cmp.begin(), hash_bin.begin() + 6, 12); + } |