X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fstorage.cpp;h=98ae96806807734f4b2481fcbd21ff79db0fa84e;hp=850eb113829697c007022c0f67ce37ad40a29427;hb=c1cf157116de7fc3da96203aa6f03c38c7ebb650;hpb=d8b10ef03c8edcec9e81ee126fd5a83e350b1571 diff --git a/src/core/storage.cpp b/src/core/storage.cpp index 850eb113..98ae9680 100644 --- a/src/core/storage.cpp +++ b/src/core/storage.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2018 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,60 +20,54 @@ #include "storage.h" +#include + #include -Storage::Storage(QObject *parent) +Storage::Storage(QObject* parent) : QObject(parent) -{ -} +{} -QString Storage::hashPassword(const QString &password) +QString Storage::hashPassword(const QString& password) { -#if QT_VERSION >= 0x050000 return hashPasswordSha2_512(password); -#else - return hashPasswordSha1(password); -#endif } -bool Storage::checkHashedPassword(const UserId user, const QString &password, const QString &hashedPassword, const Storage::HashVersion version) +bool Storage::checkHashedPassword(const UserId user, const QString& password, const QString& hashedPassword, const Storage::HashVersion version) { bool passwordCorrect = false; - + switch (version) { case Storage::HashVersion::Sha1: passwordCorrect = checkHashedPasswordSha1(password, hashedPassword); break; -#if QT_VERSION >= 0x050000 case Storage::HashVersion::Sha2_512: passwordCorrect = checkHashedPasswordSha2_512(password, hashedPassword); break; -#endif default: qWarning() << "Password hash version" << QString(version) << "is not supported, please reset password"; } - + if (passwordCorrect && version < Storage::HashVersion::Latest) { updateUser(user, password); } - + return passwordCorrect; } -QString Storage::hashPasswordSha1(const QString &password) +QString Storage::hashPasswordSha1(const QString& password) { return QString(QCryptographicHash::hash(password.toUtf8(), QCryptographicHash::Sha1).toHex()); } -bool Storage::checkHashedPasswordSha1(const QString &password, const QString &hashedPassword) +bool Storage::checkHashedPasswordSha1(const QString& password, const QString& hashedPassword) { return hashPasswordSha1(password) == hashedPassword; } -#if QT_VERSION >= 0x050000 -QString Storage::hashPasswordSha2_512(const QString &password) +QString Storage::hashPasswordSha2_512(const QString& password) { // Generate a salt of 512 bits (64 bytes) using the Mersenne Twister std::random_device seed; @@ -82,29 +76,29 @@ QString Storage::hashPasswordSha2_512(const QString &password) QByteArray saltBytes; saltBytes.resize(64); for (int i = 0; i < 64; i++) { - saltBytes[i] = (unsigned char) distribution(generator); + saltBytes[i] = (unsigned char)distribution(generator); } QString salt(saltBytes.toHex()); - // Append the salt to the password and hash it - QString passwordAndSalt(password + salt); - QString hash(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex()); - - return hash + ":" + salt; + // Append the salt to the password, hash the result, and append the salt value + return sha2_512(password + salt) + ":" + salt; } -bool Storage::checkHashedPasswordSha2_512(const QString &password, const QString &hashedPassword) +bool Storage::checkHashedPasswordSha2_512(const QString& password, const QString& hashedPassword) { QRegExp colonSplitter("\\:"); QStringList hashedPasswordAndSalt = hashedPassword.split(colonSplitter); - if (hashedPasswordAndSalt.size() == 2){ - QString passwordAndSalt(password + hashedPasswordAndSalt[1]); - return QString(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex()) == hashedPasswordAndSalt[0]; + if (hashedPasswordAndSalt.size() == 2) { + return sha2_512(password + hashedPasswordAndSalt[1]) == hashedPasswordAndSalt[0]; } else { qWarning() << "Password hash and salt were not in the correct format"; return false; } } -#endif + +QString Storage::sha2_512(const QString& input) +{ + return QString(QCryptographicHash::hash(input.toUtf8(), QCryptographicHash::Sha512).toHex()); +}