1 /***************************************************************************
2 * Copyright (C) 2005-2015 by the Quassel Project *
3 * devel@quassel-irc.org *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) version 3. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
19 ***************************************************************************/
23 #include <QCryptographicHash>
25 Storage::Storage(QObject *parent)
30 QString Storage::hashPassword(const QString &password)
32 #if QT_VERSION >= 0x050000
33 return hashPasswordSha2_512(password);
35 return hashPasswordSha1(password);
39 bool Storage::checkHashedPassword(const UserId user, const QString &password, const QString &hashedPassword, const Storage::HashVersion version)
41 bool passwordCorrect = false;
44 case Storage::HashVersion::sha1:
45 passwordCorrect = checkHashedPasswordSha1(password, hashedPassword);
48 #if QT_VERSION >= 0x050000
49 case Storage::HashVersion::sha2_512:
50 passwordCorrect = checkHashedPasswordSha2_512(password, hashedPassword);
55 qWarning() << "Password hash version" << QString(version) << "is not supported, please reset password";
58 if (passwordCorrect && version < Storage::HashVersion::latest) {
59 updateUser(user, password);
62 return passwordCorrect;
65 QString Storage::hashPasswordSha1(const QString &password)
67 return QString(QCryptographicHash::hash(password.toUtf8(), QCryptographicHash::Sha1).toHex());
70 bool Storage::checkHashedPasswordSha1(const QString &password, const QString &hashedPassword)
72 return hashPasswordSha1(password) == hashedPassword;
75 #if QT_VERSION >= 0x050000
76 QString Storage::hashPasswordSha2_512(const QString &password)
78 // Generate a salt of 512 bits (64 bytes) using the Mersenne Twister
79 std::random_device seed;
80 std::mt19937 generator(seed());
81 std::uniform_int_distribution<int> distribution(0, 255);
84 for (int i = 0; i < 64; i++) {
85 saltBytes[i] = (unsigned char) distribution(generator);
87 QString salt(saltBytes.toHex());
89 // Append the salt to the password and hash it
90 QString passwordAndSalt(password + salt);
91 QString hash(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex());
93 return hash + ":" + salt;
96 bool Storage::checkHashedPasswordSha2_512(const QString &password, const QString &hashedPassword)
98 QRegExp colonSplitter("\\:");
99 QStringList hashedPasswordAndSalt = hashedPassword.split(colonSplitter);
101 if (hashedPasswordAndSalt.size() == 2){
102 QString passwordAndSalt(password + hashedPasswordAndSalt[1]);
103 return QString(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex()) == hashedPasswordAndSalt[0];
106 qWarning() << "Password hash and salt were not in the correct format";