CppSecurity/password__hashing__pbkdf2_8cpp_source.html

#include "security/password_hashing_pbkdf2.h"


#include <openssl/evp.h>


namespace CppSecurity {


std::string PBKDF2PasswordHashing::_name = "PBKDF2";


PBKDF2PasswordHashing::PBKDF2PasswordHashing(size_t hash_length, size_t salt_length, PBKDF2 algorithm, size_t iterations)

    : PasswordHashing(hash_length, salt_length),

      _algorithm(algorithm),

      _iterations(iterations)

{

}


std::string PBKDF2PasswordHashing::GenerateHash(std::string_view password, std::string_view salt) const

{

    // Generate the strong password hash

    const EVP_MD* md = nullptr;

    std::string hash(hash_length(), 0);

    switch (algorithm())

    {

        case PBKDF2::HMAC_SHA1:

            md = EVP_sha1();

            break;

        case PBKDF2::HMAC_SHA256:

            md = EVP_sha256();

            break;

        case PBKDF2::HMAC_SHA512:

            md = EVP_sha512();

            break;

    }

    if (PKCS5_PBKDF2_HMAC((const char*)password.data(), (int)password.size(), (const uint8_t*)salt.data(), (int)salt.size(), (int)iterations(), md, (int)hash.size(), (uint8_t*)hash.data()) == 0)

        throwex CppCommon::SecurityException("Cannot generate 'PBKDF2' hash!");

    return hash;

}


bool PBKDF2PasswordHashing::Validate(std::string_view password, std::string_view hash, std::string_view salt) const

{

    // Calculate the digest for the given password and salt

    const EVP_MD* md = nullptr;

    std::string digest(hash.size(), 0);

    switch (algorithm())

    {

        case PBKDF2::HMAC_SHA1:

            md = EVP_sha1();

            break;

        case PBKDF2::HMAC_SHA256:

            md = EVP_sha256();

            break;

        case PBKDF2::HMAC_SHA512:

            md = EVP_sha512();

            break;

    }

    if (PKCS5_PBKDF2_HMAC((const char*)password.data(), (int)password.size(), (const uint8_t*)salt.data(), (int)salt.size(), (int)iterations(), md, (int)digest.size(), (uint8_t*)digest.data()) == 0)

        throwex CppCommon::SecurityException("Cannot calculate 'PBKDF2' hash!");


    // Compare the digest with the given hash

    return (digest == hash);

}


} // namespace CppSecurity

CppSecurity::PBKDF2PasswordHashing::PBKDF2PasswordHashing
PBKDF2PasswordHashing(size_t hash_length=32, size_t salt_length=32, PBKDF2 algorithm=PBKDF2::HMAC_SHA512, size_t iterations=1000)
Initialize 'PBKDF2' password hashing with required parameters.
Definition password_hashing_pbkdf2.cpp:17

CppSecurity::PBKDF2PasswordHashing::iterations
size_t iterations() const noexcept
Get the count of 'PBKDF2' iterations.
Definition password_hashing_pbkdf2.h:68

CppSecurity::PBKDF2PasswordHashing::algorithm
PBKDF2 algorithm() const noexcept
Get the 'PBKDF2' algorithm.
Definition password_hashing_pbkdf2.h:66

CppSecurity::PBKDF2PasswordHashing::GenerateHash
std::string GenerateHash(std::string_view password, std::string_view salt) const override
Generate the strong password hash for the given user password and unique salt.
Definition password_hashing_pbkdf2.cpp:24

CppSecurity::PBKDF2PasswordHashing::Validate
bool Validate(std::string_view password, std::string_view hash, std::string_view salt) const override
Validate the user password over the given strong password hash and unique salt.
Definition password_hashing_pbkdf2.cpp:46

CppSecurity::PasswordHashing
Password hashing interface.
Definition password_hashing.h:27

CppSecurity::PasswordHashing::hash_length
size_t hash_length() const noexcept
Get the strong password hash length.
Definition password_hashing.h:43

CppSecurity
Definition cipher.h:18

CppSecurity::PBKDF2
PBKDF2
'PBKDF2' algorithm
Definition password_hashing_pbkdf2.h:18

CppSecurity::PBKDF2::HMAC_SHA1
@ HMAC_SHA1
HMAC-SHA1.

CppSecurity::PBKDF2::HMAC_SHA256
@ HMAC_SHA256
HMAC-SHA256.

CppSecurity::PBKDF2::HMAC_SHA512
@ HMAC_SHA512
HMAC-SHA512.

password_hashing_pbkdf2.h
'PBKDF2' password hashing algorithm definition