forked from chinshou/bcrypt-for-delphi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Bcrypt.pas
846 lines (690 loc) · 26.6 KB
/
Bcrypt.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
unit Bcrypt;
{
Bcrypt is an algorithm designed for hashing passwords, and only passwords.
i.e. It's not a generic, high-speed, generic hashing algorithm.
It's computationally and memory expensive
It's limited to passwords of 55 bytes.
http://static.usenix.org/events/usenix99/provos/provos.pdf
It uses the Blowfish encryption algorithm, but with an "expensive key setup"
modification, contained in the function EksBlowfishSetup.
Ian Boyd 5/3/2012
Public Domain
v1.0 - Initial release
}
interface
uses
Blowfish, Types, Math, ComObj;
type
UnicodeString = WideString;
TBCrypt = class(TObject)
private
class function TryParseHashString(const hashString: AnsiString;
out version: string; out Cost: Integer; out Salt{, Hash}: TByteDynArray): Boolean;
protected
class function EksBlowfishSetup(const Cost: Integer; salt, key: array of Byte): TBlowfishData;
class procedure ExpandKey(var state: TBlowfishData; salt, key: array of Byte);
class function CryptCore(const Cost: Integer; Key: array of Byte; salt: array of Byte): TByteDynArray;
class function FormatPasswordHashForBsd(const cost: Integer; const salt: array of Byte; const hash: array of Byte): AnsiString;
class function BsdBase64Encode(const data: array of Byte; BytesToEncode: Integer): AnsiString;
class function BsdBase64Decode(const s: AnsiString): TByteDynArray;
class function WideStringToUtf8(const Source: UnicodeString): AnsiString;
class function SelfTestA: Boolean; //known test vectors
class function SelfTestB: Boolean; //BSD's base64 encoder/decoder
class function SelfTestC: Boolean; //unicode strings in UTF8
class function SelfTestD: Boolean; //different length passwords
class function SelfTestE: Boolean; //salt rng
class function GenRandomBytes(len: Integer; const data: Pointer): HRESULT;
public
//Hashes a password into the OpenBSD password-file format (non-standard base-64 encoding). Also validate that BSD style string
class function HashPassword(const password: UnicodeString): AnsiString; overload;
class function CheckPassword(const password: UnicodeString; const expectedHashString: AnsiString): Boolean; overload;
//If you want to handle the cost, salt, and encoding yourself, you can do that.
class function HashPassword(const password: UnicodeString; const salt: array of Byte; const cost: Integer): TByteDynArray; overload;
class function CheckPassword(const password: UnicodeString; const salt, hash: array of Byte; const Cost: Integer): Boolean; overload;
class function GenerateSalt: TByteDynArray;
class function SelfTest: Boolean;
end;
implementation
uses
Windows, SysUtils,
{$IFDEF UnitTests}TestFramework, {$ENDIF}
ActiveX;
const
BCRYPT_COST = 10; //cost determintes the number of rounds. 10 = 2^10 rounds (1024)
BCRYPT_SALT_LEN = 16; //bcrypt uses 128-bit (16-byte) salt (This isn't an adjustable parameter, just a name for a constant)
BsdBase64EncodeTable: array[0..63] of Char =
{ 0:} './'+
{ 2:} 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'+
{28:} 'abcdefghijklmnopqrstuvwxyz'+
{54:} '0123456789';
//the traditional base64 encode table:
//'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
//'abcdefghijklmnopqrstuvwxyz' +
//'0123456789+/';
BsdBase64DecodeTable: array[#0..#127] of Integer = (
{ 0:} -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // ________________
{ 16:} -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // ________________
{ 32:} -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, // ______________./
{ 48:} 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, -1, -1, -1, -1, -1, -1, // 0123456789______
{ 64:} -1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, // _ABCDEFGHIJKLMNO
{ 80:} 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, -1, -1, -1, -1, // PQRSTUVWXYZ_____
{ 96:} -1, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, // _abcdefghijklmno
{113:} 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, -1, -1, -1, -1, -1); // pqrstuvwxyz_____
TestVectors: array[1..20, 1..3] of string = (
('', '$2a$06$DCq7YPn5Rq63x1Lad4cll.', '$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s.'),
('', '$2a$08$HqWuK6/Ng6sg9gQzbLrgb.', '$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye'),
('', '$2a$10$k1wbIrmNyFAPwPVPSVa/ze', '$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW'),
('', '$2a$12$k42ZFHFWqBp3vWli.nIn8u', '$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO'),
('a', '$2a$06$m0CrhHm10qJ3lXRY.5zDGO', '$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe'),
('a', '$2a$08$cfcvVd2aQ8CMvoMpP2EBfe', '$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V.'),
('a', '$2a$10$k87L/MF28Q673VKh8/cPi.', '$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u'),
('a', '$2a$12$8NJH3LsPrANStV6XtBakCe', '$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS'),
('abc', '$2a$06$If6bvum7DFjUnE9p2uDeDu', '$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i'),
('abc', '$2a$08$Ro0CUfOqk6cXEKf3dyaM7O', '$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm'),
('abc', '$2a$10$WvvTPHKwdBJ3uk0Z37EMR.', '$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi'),
('abc', '$2a$12$EXRkfkdmXn2gzds2SSitu.', '$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q'),
('abcdefghijklmnopqrstuvwxyz', '$2a$06$.rCVZVOThsIa97pEDOxvGu', '$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC'),
('abcdefghijklmnopqrstuvwxyz', '$2a$08$aTsUwsyowQuzRrDqFflhge', '$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz.'),
('abcdefghijklmnopqrstuvwxyz', '$2a$10$fVH8e28OQRj9tqiDXs1e1u', '$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq'),
('abcdefghijklmnopqrstuvwxyz', '$2a$12$D4G5f18o7aMMfwasBL7Gpu', '$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG'),
('~!@#$%^&*() ~!@#$%^&*()PNBFRD', '$2a$06$fPIsBO8qRqkjj273rfaOI.', '$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO'),
('~!@#$%^&*() ~!@#$%^&*()PNBFRD', '$2a$08$Eq2r4G/76Wv39MzSX262hu', '$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW'),
('~!@#$%^&*() ~!@#$%^&*()PNBFRD', '$2a$10$LgfYWkbzEvQ4JakH7rOvHe', '$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS'),
('~!@#$%^&*() ~!@#$%^&*()PNBFRD', '$2a$12$WApznUOJfkEGSmYRfnkrPO', '$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC')
);
{$IFDEF UnitTests}
type
TBCryptTests = class(TTestCase)
public
procedure SelfTest;
//These are just too darn slow (as they should be) for continuous testing
procedure SelfTestA_KnownTestVectors;
procedure SelfTestC_UnicodeStrings;
procedure SelfTestD_VariableLengthPasswords;
published
procedure SelfTestB_Base64EncoderDecoder;
end;
{$ENDIF}
const
advapi32 = 'advapi32.dll';
function CryptAcquireContextW(out phProv: THandle; pszContainer: PWideChar; pszProvider: PWideChar; dwProvType: DWORD; dwFlags: DWORD): BOOL; stdcall; external advapi32;
function CryptReleaseContext(hProv: THandle; dwFlags: DWORD): BOOL; stdcall; external advapi32;
function CryptGenRandom(hProv: THandle; dwLen: DWORD; pbBuffer: Pointer): BOOL; stdcall; external advapi32;
{ TBCrypt }
class function TBCrypt.HashPassword(const password: UnicodeString): AnsiString;
var
cost: Integer;
salt: TByteDynArray;
hash: TByteDynArray;
begin
{ bcrypt was designed for OpenBSD, where hashes in the password file have a
certain format.
The convention used in BSD when generating password hash strings is to format it as:
$version$salt$hash
MD5 hash uses version "1":
"$"+"1"+"$"+salt+hash
bcrypt uses version "2a", but also encodes the cost
"$"+"2a"+"$"+rounds+"$"+salt+hash
e.g.
$2a$10$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm
$==$==$======================-------------------------------
The benfit of this scheme is:
- the number of rounds
- the salt used
This means that stored hashes are backwards and forwards compatible with
changing the number of rounds
}
salt := GenerateSalt();
cost := BCRYPT_COST;
//utf8 := TBCrypt.WideStringToUtf8(password);
hash := TBCrypt.HashPassword(password, salt, cost);
Result := FormatPasswordHashForBsd(cost, salt, hash);
end;
class function TBCrypt.GenerateSalt: TByteDynArray;
var
type4Uuid: TGUID;
salt: TByteDynArray;
begin
//Salt is a 128-bit (16 byte) random value
SetLength(salt, BCRYPT_SALT_LEN);
//Type 4 UUID (RFC 4122) is a handy source of (almost) 128-bits of random data (actually 120 bits)
//But the security doesn't come from the salt being secret, it comes from the salt being different each time
OleCheck(CoCreateGUID(Type4Uuid));
Move(type4Uuid.D1, salt[0], BCRYPT_SALT_LEN); //16 bytes
Result := salt;
end;
class function TBCrypt.HashPassword(const password: UnicodeString; const salt: array of Byte; const cost: Integer): TByteDynArray;
var
key: TByteDynArray;
len: Integer;
utf8Password: AnsiString;
begin
//pseudo-standard dictates that unicode strings are converted to UTF8 (rather than UTF16, UTF32, UTF16LE, etc)
utf8Password := TBCrypt.WideStringToUtf8(password);
//key is 56 bytes.
//bcrypt version 2a defines that we include the null terminator
//this leaves us with 55 characters we can include
len := Length(utf8Password);
if len > 55 then
len := 55;
SetLength(key, len+1); //+1 for the null terminator
if Length(utf8Password) > 0 then
Move(utf8Password[1], key[0], len);
//set the final null terminator
key[len] := 0;
Result := TBCrypt.CryptCore(cost, key, salt);
end;
class function TBCrypt.CryptCore(const Cost: Integer; key, salt: array of Byte): TByteDynArray;
var
state: TBlowfishData;
i: Integer;
plainText: array[0..23] of Byte;
cipherText: array[0..23] of Byte;
const
magicText: AnsiString = 'OrpheanBeholderScryDoubt'; //the 24-byte data we will be encrypting 64 times
begin
state := TBCrypt.EksBlowfishSetup(cost, salt, key);
//Conceptually we are encrypting "OrpheanBeholderScryDoubt" 64 times
Move(magicText[1], plainText[0], 24);
for i := 1 to 64 do
begin
//The painful thing is that the plaintext is 24 bytes long; this is three 8-byte blocks.
//Which means we have to do the EBC encryption on 3 separate sections.
BlowfishEncryptECB(state, Pointer(@plainText[ 0]), Pointer(@cipherText[ 0]));
BlowfishEncryptECB(state, Pointer(@plainText[ 8]), Pointer(@cipherText[ 8]));
BlowfishEncryptECB(state, Pointer(@plainText[16]), Pointer(@cipherText[16]));
Move(cipherText[0], plainText[0], 24);
end;
SetLength(Result, 24);
Move(cipherText[0], Result[0], 24);
end;
class function TBCrypt.EksBlowfishSetup(const Cost: Integer; salt, key: array of Byte): TBlowfishData;
var
rounds: Cardinal; //rounds = 2^cost
i: Integer;
Len: Integer;
const
zero: array[0..15] of Byte = (0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0);
begin
//Expensive key setup
if (cost < 4) or (cost > 31) then
raise Exception.Create('Blowfish: Cost ('+IntToStr(Cost)+') must be between 4..31');
Len := Length(key);
if (Len > 56) then
raise Exception.Create('Blowfish: Key must be between 1 and 56 bytes long');
if Length(salt) <> BCRYPT_SALT_LEN then
raise Exception.Create('Blowfish: salt must be 16 bytes');
//Copy S and P boxes into local state
BlowfishInitState(Result);
Self.ExpandKey(Result, salt, key);
//rounds = 2^cost
rounds := 1 shl cost;
for i := 1 to rounds do
begin
Self.ExpandKey(Result, zero, key);
Self.ExpandKey(Result, zero, salt);
end;
//Result := what it is
end;
class procedure TBCrypt.ExpandKey(var State: TBlowfishData; salt, key: array of Byte);
var
i, j, k: Integer;
A: DWord;
KeyB: PByteArray;
Block: array[0..7] of Byte;
Len: Integer;
saltHalf: Integer;
begin
//ExpandKey phase of the Expensive key setup
Len := Length(key);
if (Len > 56) then
raise Exception.Create('Blowfish: Key must be between 1 and 56 bytes long');
{
XOR all the subkeys in the P-array with the encryption key
The first 32 bits of the key are XORed with P1, the next 32 bits with P2, and so on.
The key is viewed as being cyclic; when the process reaches the end of the key,
it starts reusing bits from the beginning to XOR with subkeys.
}
if len > 0 then
begin
KeyB := PByteArray(@key[0]);
k := 0;
for i := 0 to 17 do
begin
A := KeyB[(k+3) mod Len];
A := A + (KeyB[(k+2) mod Len] shl 8);
A := A + (KeyB[(k+1) mod Len] shl 16);
A := A + (KeyB[k] shl 24);
State.PBoxM[i] := State.PBoxM[i] xor A;
k := (k+4) mod Len;
end;
end;
//Blowfsh-encrypt the first 64 bits of its salt argument using the current state of the key schedule.
BlowfishEncryptECB(State, @salt[0], @Block);
//The resulting ciphertext replaces subkeys P1 and P2.
State.PBoxM[0] := Block[3] + (Block[2] shl 8) + (Block[1] shl 16) + (Block[0] shl 24);
State.PBoxM[1] := Block[7] + (Block[6] shl 8) + (Block[5] shl 16) + (Block[4] shl 24);
saltHalf := 1;
for i := 1 to 8 do
begin
//That same ciphertext is also XORed with the second 64-bits of salt
for k := 0 to 7 do
block[k] := block[k] xor salt[(saltHalf*8)+k]; //Salt is 0..15 (0..7 is first block, 8..15 is second block)
saltHalf := saltHalf xor 1;
//and the result encrypted with the new state of the key schedule
BlowfishEncryptECB(State, @Block, @Block);
// The output of the second encryption replaces subkeys P3 and P4. (P[2] and P[3])
State.PBoxM[i*2] := Block[3] + (Block[2] shl 8) + (Block[1] shl 16) + (Block[0] shl 24);
State.PBoxM[i*2+1] := Block[7] + (Block[6] shl 8) + (Block[5] shl 16) + (Block[4] shl 24);
end;
//When ExpandKey finishes replacing entries in the P-Array, it continues on replacing S-box entries two at a time.
for j := 0 to 3 do
begin
for i := 0 to 127 do
begin
//That same ciphertext is also XORed with the second 64-bits of salt
for k := 0 to 7 do
block[k] := block[k] xor salt[(saltHalf*8 mod 16)+k]; //Salt is 0..15 (0..7 is first block, 8..15 is second block)
saltHalf := saltHalf xor 1;
//and the result encrypted with the new state of the key schedule
BlowfishEncryptECB(State, @Block, @Block);
// The output of the second encryption replaces subkeys S1 and P2. (S[0] and S[1])
State.SBoxM[j, i*2] := Block[3] + (Block[2] shl 8) + (Block[1] shl 16) + (Block[0] shl 24);
State.SBoxM[j, i*2+1] := Block[7] + (Block[6] shl 8) + (Block[5] shl 16) + (Block[4] shl 24);
end;
end;
end;
class function TBCrypt.CheckPassword(const password: UnicodeString; const salt, hash: array of Byte; const Cost: Integer): Boolean;
var
candidateHash: TByteDynArray;
len: Integer;
begin
Result := False;
candidateHash := TBCrypt.HashPassword(password, salt, cost);
len := Length(hash);
if Length(candidateHash) <> len then
Exit;
Result := CompareMem(@candidateHash[0], @hash[0], len);
end;
class function TBCrypt.TryParseHashString(const hashString: AnsiString;
out version: string; out Cost: Integer; out Salt: TByteDynArray{; out Hash: TByteDynArray}): Boolean;
var
work: AnsiString;
s: AnsiString;
begin
Result := False;
{
Pick apart our specially formatted hash string
$2a$nn$(22 character salt, b64 encoded)(32 character hash, b64 encoded)
We also need to accept version 2, the original version
}
if Length(hashString) < 28 then
Exit;
//get the version prefix (we support "2a" and the older "2", since they are the same thing)
if AnsiSameText(Copy(hashString, 1, 4), '$2a$') then
begin
version := Copy(hashString, 2, 2);
work := Copy(hashString, 5, 25);
end
else if AnsiSameText(Copy(hashString, 1, 3), '$2$') then
begin
version := Copy(hashString, 2, 1);
work := Copy(hashString, 4, 25);
end
else
Exit;
//Next two characters must be a length
s := Copy(work, 1, 2);
cost := StrToIntDef(s, -1);
if cost < 0 then
Exit;
//Next is a separator
if work[3] <> '$' then
Exit;
//Next 22 are the salt
s := Copy(work, 4, 22);
Salt := BsdBase64Decode(s); //salt is always 16 bytes
{ //next 32 is hash
s := Copy(work, 26, 32);
SetLength(Hash, 24); //hash is always 24 bytes}
Result := True;
end;
class function TBCrypt.CheckPassword(const password: UnicodeString; const expectedHashString: AnsiString): Boolean;
var
version: string;
cost: Integer;
salt: TByteDynArray;
hash: TByteDynArray;
actualHashString: string;
begin
if not TryParseHashString(expectedHashString,
{out}version, {out}cost, {out}salt) then
raise Exception.Create('Invalid hash string');
hash := TBCrypt.HashPassword(password, salt, cost);
actualHashString := FormatPasswordHashForBsd(cost, salt, hash);
Result := (actualHashString = expectedHashString);
end;
class function TBCrypt.BsdBase64Encode(const data: array of Byte; BytesToEncode: Integer): AnsiString;
function EncodePacket(b1, b2, b3: Byte; Len: Integer): AnsiString;
begin
Result := '';
Result := Result + BsdBase64EncodeTable[b1 shr 2];
Result := Result + BsdBase64EncodeTable[((b1 and $03) shl 4) or (b2 shr 4)];
if Len < 2 then Exit;
Result := Result + BsdBase64EncodeTable[((b2 and $0f) shl 2) or (b3 shr 6)];
if Len < 3 then Exit;
Result := Result + BsdBase64EncodeTable[b3 and $3f];
end;
var
i: Integer;
len: Integer;
b1, b2: Integer;
begin
Result := '';
len := BytesToEncode;
if len = 0 then
Exit;
if len > Length(data) then
raise Exception.Create('Invalid length');
//encode whole 3-byte chunks TV4S 6ytw fsfv kgY8 jIuc Drjc 8deX 1s.
i := Low(data);
while len >= 3 do
begin
Result := Result+EncodePacket(data[i], data[i+1], data[i+2], 3);
Inc(i, 3);
Dec(len, 3);
end;
if len = 0 then
Exit;
//encode partial final chunk
Assert(len < 3);
if len >= 1 then
b1 := data[i]
else
b1 := 0;
if len >= 2 then
b2 := data[i+1]
else
b2 := 0;
Result := Result+EncodePacket(b1, b2, 0, len);
end;
class function TBCrypt.SelfTest: Boolean;
begin
Result :=
SelfTestA and //known test vectors
SelfTestB and //the base64 encoder/decoder
SelfTestC and //unicode strings
SelfTestD; //different length passwords
end;
class function TBCrypt.FormatPasswordHashForBsd(const cost: Integer; const salt, hash: array of Byte): AnsiString;
var
saltString: AnsiString;
hashString: AnsiString;
begin
saltString := BsdBase64Encode(salt, Length(salt));
hashString := BsdBase64Encode(hash, Length(hash)-1); //Yes, everything except the last byte
//OpenBSD, in the pseudo-base64 implementation, doesn't include the last byte of the hash
//Nobody knows why, but that's what all exists tests do - so it's what i do
Result := Format('$2a$%.2d$%s%s', [cost, saltString, hashString]);
end;
class function TBCrypt.BsdBase64Decode(const s: AnsiString): TByteDynArray;
function Char64(character: AnsiChar): Integer;
begin
if (Ord(character) > Length(BsdBase64DecodeTable)) then
begin
Result := -1;
Exit;
end;
Result := BsdBase64DecodeTable[character];
end;
procedure Append(value: Byte);
var
i: Integer;
begin
i := Length(Result);
SetLength(Result, i+1);
Result[i] := value;
end;
var
i: Integer;
len: Integer;
c1, c2, c3, c4: Integer;
begin
SetLength(Result, 0);
len := Length(s);
i := 1;
while i <= len do
begin
// We'll need to have at least 2 character to form one byte.
// Anything less is invalid
if (i+1) > len then
begin
raise Exception.Create('Invalid base64 hash string');
// Break;
end;
c1 := Char64(s[i]);
Inc(i);
c2 := Char64(s[i]);
Inc(i);
if (c1 = -1) or (c2 = -1) then
begin
raise Exception.Create('Invalid base64 hash string');
// Break;
end;
//Now we have at least one byte in c1|c2
// c1 = ..111111
// c2 = ..112222
Append( ((c1 and $3f) shl 2) or (c2 shr 4) );
//If there's a 3rd character, then we can use c2|c3 to form the second byte
if (i > len) then
Break;
c3 := Char64(s[i]);
Inc(i);
if (c3 = -1) then
begin
raise Exception.Create('Invalid base64 hash string');
// Break;
end;
//Now we have the next byte in c2|c3
// c2 = ..112222
// c3 = ..222233
Append( ((c2 and $0f) shl 4) or (c3 shr 2) );
//If there's a 4th caracter, then we can use c3|c4 to form the third byte
if i > len then
Break;
c4 := Char64(s[i]);
Inc(i);
if (c4 = -1) then
begin
raise Exception.Create('Invalid base64 hash string');
// Break;
end;
//Now we have the next byte in c3|c4
// c3 = ..222233
// c4 = ..333333
Append( ((c3 and $03) shl 6) or c4 );
end;
end;
class function TBCrypt.WideStringToUtf8(const Source: UnicodeString): AnsiString;
var
cpStr: AnsiString;
strLen: Integer;
dw: DWORD;
const
CodePage = CP_UTF8;
begin
if Length(Source) = 0 then
begin
Result := '';
Exit;
end;
// Determine real size of destination string, in bytes
strLen := WideCharToMultiByte(CodePage, 0,
PWideChar(Source), Length(Source), //Source
nil, 0, //Destination
nil, nil);
if strLen = 0 then
begin
dw := GetLastError;
raise EConvertError.Create('[WideStringToUtf8] Could not get length of destination string. Error '+IntToStr(dw)+' ('+SysErrorMessage(dw)+')');
end;
// Allocate memory for destination string
SetLength(cpStr, strLen);
// Convert source UTF-16 string (WideString) to the destination using the code-page
strLen := WideCharToMultiByte(CodePage, 0,
PWideChar(Source), Length(Source), //Source
PChar(cpStr), strLen, //Destination
nil, nil);
if strLen = 0 then
begin
dw := GetLastError;
raise EConvertError.Create('[WideStringToUtf8] Could not convert utf16 to utf8 string. Error '+IntToStr(dw)+' ('+SysErrorMessage(dw)+')');
end;
Result := cpStr
end;
class function TBCrypt.SelfTestB: Boolean;
var
i: Integer;
salt: AnsiString;
encoded: AnsiString;
data: TByteDynArray;
recoded: AnsiString;
begin
for i := Low(TestVectors) to High(TestVectors) do
begin
salt := TestVectors[i,2];
encoded := Copy(salt, 8, 22); //salt is always 22 characters
data := TBCrypt.BsdBase64Decode(encoded);
recoded := TBCrypt.BsdBase64Encode(data, Length(data));
if (recoded <> encoded) then
raise Exception.Create('BSDBase64 encoder self-test failed');
end;
Result := True;
end;
class function TBCrypt.SelfTestA: Boolean;
var
i: Integer;
procedure t(const password: AnsiString; const HashSalt: AnsiString; const ExpectedHashString: AnsiString);
var
version: string;
cost: Integer;
salt: TByteDynArray;
hash: TByteDynArray;
actualHashString: AnsiString;
begin
//Extract "$2a$06$If6bvum7DFjUnE9p2uDeDu" rounds and base64 salt from the HashSalt
if not TBCrypt.TryParseHashString(HashSalt, {out}version, {out}cost, {out}salt) then
raise Exception.Create('bcrypt self-test failed: invalid versionsalt "'+HashSalt+'"');
hash := TBCrypt.HashPassword(password, salt, cost);
actualHashString := TBCrypt.FormatPasswordHashForBsd(cost, salt, hash);
if actualHashString <> ExpectedHashString then
raise Exception.CreateFmt('bcrypt self-test failed. actual hash "%s" did not match expected hash "%s"', [actualHashString, ExpectedHashString]);
end;
begin
for i := Low(TestVectors) to High(TestVectors) do
begin
t(TestVectors[i,1], TestVectors[i,2], TestVectors[i,3] );
end;
Result := True;
end;
class function TBCrypt.SelfTestC: Boolean;
var
s: UnicodeString;
hash: AnsiString;
const
n: UnicodeString=''; //n=nothing.
//Work around bug in Delphi compiler when building widestrings
//http://stackoverflow.com/a/7031942/12597
begin
{
We test that the it doesn't choke on international characters
This was a bug in a version of bcrypt somewhere, that we do not intend to duplicate
}
s := n+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0; //U+03C0: Greek Small Letter Pi
hash := TBCrypt.HashPassword(s);
if not TBCrypt.CheckPassword(s, hash) then
raise Exception.Create('Failed to validate unicode string "'+s+'"');
s := n+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0+#$03C0; //U+03C0: Greek Small Letter Pi
hash := TBCrypt.HashPassword(s);
if not TBCrypt.CheckPassword(s, hash) then
raise Exception.Create('Failed to validate unicode string "'+s+'"');
Result := True;
end;
{ TBCryptTests }
{$IFDEF UnitTests}
procedure TBCryptTests.SelfTest;
begin
CheckTrue(TBCrypt.SelfTest);
end;
{$ENDIF}
class function TBCrypt.SelfTestD: Boolean;
var
i: Integer;
password: string;
hash: string;
begin
for i := 0 to 56 do
begin
password := Copy('The quick brown fox jumped over the lazy dog then sat on a log', 1, i);
hash := TBCrypt.HashPassword(password);
if (hash = '') then
raise Exception.Create('hash creation failed');
end;
Result := True;
end;
{$IFDEF UnitTests}
procedure TBCryptTests.SelfTestA_KnownTestVectors;
begin
CheckTrue(TBCrypt.SelfTestA);
end;
procedure TBCryptTests.SelfTestB_Base64EncoderDecoder;
begin
CheckTrue(TBCrypt.SelfTestB);
end;
procedure TBCryptTests.SelfTestC_UnicodeStrings;
begin
CheckTrue(TBCrypt.SelfTestC);
end;
procedure TBCryptTests.SelfTestD_VariableLengthPasswords;
begin
CheckTrue(TBCrypt.SelfTestD);
end;
{$ENDIF}
class function TBCrypt.GenRandomBytes(len: Integer; const data: Pointer): HRESULT;
var
hProv: THandle;
const
PROV_RSA_FULL = 1;
CRYPT_VERIFYCONTEXT = DWORD($F0000000);
CRYPT_SILENT = $00000040;
begin
if not CryptAcquireContextW(hPRov, nil, nil, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT or CRYPT_SILENT) then
begin
Result := HResultFromWin32(GetLastError);
Exit;
end;
try
if not CryptGenRandom(hProv, len, data) then
begin
Result := HResultFromWin32(GetLastError);
Exit;
end;
finally
CryptReleaseContext(hProv, 0);
end;
Result := S_OK;
end;
class function TBCrypt.SelfTestE: Boolean;
var
salt: TByteDynArray;
begin
salt := TBCrypt.GenerateSalt;
if Length(salt) <> BCRYPT_SALT_LEN then
raise Exception.Create('BCrypt selftest failed; invalid salt length');
Result := True;
end;
initialization
{$IFDEF UnitTests}
RegisterTest('Library', TBCryptTests.Suite);
{$ENDIF}
end.