X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fstorage.cpp;h=ee599b0f452a93e2d71b349b28edd3194c1d1cbc;hp=4a84e9bb35ea623e2878a23b4f8e1e92b3bac15c;hb=1f21c1f9613031ae263eeed0c4883bfcd5488343;hpb=5924533c6d0f9777d38c01ed7e1510a55db2b876 diff --git a/src/core/storage.cpp b/src/core/storage.cpp index 4a84e9bb..ee599b0f 100644 --- a/src/core/storage.cpp +++ b/src/core/storage.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2019 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,44 +20,85 @@ #include "storage.h" +#include + #include -Storage::Storage(QObject *parent) +Storage::Storage(QObject* parent) : QObject(parent) -{ -} +{} -QString Storage::hashPassword(const QString &password) +QString Storage::hashPassword(const QString& password) { - return hashPasswordSha1(password); + return hashPasswordSha2_512(password); } -bool Storage::checkHashedPassword(const UserId user, const QString &password, const QString &hashedPassword, const Storage::HashVersion version) +bool Storage::checkHashedPassword(const UserId user, const QString& password, const QString& hashedPassword, const Storage::HashVersion version) { bool passwordCorrect = false; - + switch (version) { - case Storage::HashVersion::sha1: + case Storage::HashVersion::Sha1: passwordCorrect = checkHashedPasswordSha1(password, hashedPassword); break; + case Storage::HashVersion::Sha2_512: + passwordCorrect = checkHashedPasswordSha2_512(password, hashedPassword); + break; + default: qWarning() << "Password hash version" << QString(version) << "is not supported, please reset password"; } - - if (passwordCorrect && version < Storage::HashVersion::latest) { + + if (passwordCorrect && version < Storage::HashVersion::Latest) { updateUser(user, password); } - + return passwordCorrect; } -QString Storage::hashPasswordSha1(const QString &password) +QString Storage::hashPasswordSha1(const QString& password) { return QString(QCryptographicHash::hash(password.toUtf8(), QCryptographicHash::Sha1).toHex()); } -bool Storage::checkHashedPasswordSha1(const QString &password, const QString &hashedPassword) +bool Storage::checkHashedPasswordSha1(const QString& password, const QString& hashedPassword) { return hashPasswordSha1(password) == hashedPassword; } + +QString Storage::hashPasswordSha2_512(const QString& password) +{ + // Generate a salt of 512 bits (64 bytes) using the Mersenne Twister + std::random_device seed; + std::mt19937 generator(seed()); + std::uniform_int_distribution distribution(0, 255); + QByteArray saltBytes; + saltBytes.resize(64); + for (int i = 0; i < 64; i++) { + saltBytes[i] = (unsigned char)distribution(generator); + } + QString salt(saltBytes.toHex()); + + // Append the salt to the password, hash the result, and append the salt value + return sha2_512(password + salt) + ":" + salt; +} + +bool Storage::checkHashedPasswordSha2_512(const QString& password, const QString& hashedPassword) +{ + QRegExp colonSplitter("\\:"); + QStringList hashedPasswordAndSalt = hashedPassword.split(colonSplitter); + + if (hashedPasswordAndSalt.size() == 2) { + return sha2_512(password + hashedPasswordAndSalt[1]) == hashedPasswordAndSalt[0]; + } + else { + qWarning() << "Password hash and salt were not in the correct format"; + return false; + } +} + +QString Storage::sha2_512(const QString& input) +{ + return QString(QCryptographicHash::hash(input.toUtf8(), QCryptographicHash::Sha512).toHex()); +}