Apply PBKDF2 when storing passwords

2026-01-01 05:08:05 -06:00 · 2018-11-21 15:15:51 +08:00
parent 8a6cac8338
commit 05d6a29416
14 changed files with 208 additions and 70 deletions
--- a/src/base/CMakeLists.txt
+++ b/src/base/CMakeLists.txt
@@ -54,6 +54,7 @@ utils/fs.h
 utils/gzip.h
 utils/misc.h
 utils/net.h
+utils/password.h
 utils/random.h
 utils/string.h
 utils/version.h
@@ -123,6 +124,7 @@ utils/fs.cpp
 utils/gzip.cpp
 utils/misc.cpp
 utils/net.cpp
+utils/password.cpp
 utils/random.cpp
 utils/string.cpp
 asyncfilestorage.cpp
--- a/src/base/base.pri
+++ b/src/base/base.pri
@@ -69,6 +69,7 @@ HEADERS += \
    $$PWD/utils/gzip.h \
    $$PWD/utils/misc.h \
    $$PWD/utils/net.h \
+    $$PWD/utils/password.h \
    $$PWD/utils/random.h \
    $$PWD/utils/string.h \
    $$PWD/utils/version.h
@@ -133,5 +134,6 @@ SOURCES += \
    $$PWD/utils/gzip.cpp \
    $$PWD/utils/misc.cpp \
    $$PWD/utils/net.cpp \
+    $$PWD/utils/password.cpp \
    $$PWD/utils/random.cpp \
    $$PWD/utils/string.cpp
--- a/src/base/preferences.cpp
+++ b/src/base/preferences.cpp
@@ -582,28 +582,16 @@ void Preferences::setWebUiUsername(const QString &username)
    setValue("Preferences/WebUI/Username", username);
 }

-QString Preferences::getWebUiPassword() const
+QByteArray Preferences::getWebUIPassword() const
 {
-    QString passHa1 = value("Preferences/WebUI/Password_ha1").toString();
-    if (passHa1.isEmpty()) {
-        QCryptographicHash md5(QCryptographicHash::Md5);
-        md5.addData("adminadmin");
-        passHa1 = md5.result().toHex();
-    }
-    return passHa1;
+    // default: adminadmin
+    const QByteArray defaultValue = "ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==";
+    return value("Preferences/WebUI/Password_PBKDF2", defaultValue).toByteArray();
 }

-void Preferences::setWebUiPassword(const QString &newPassword)
+void Preferences::setWebUIPassword(const QByteArray &password)
 {
-    // Do not overwrite current password with its hash
-    if (newPassword == getWebUiPassword())
-        return;
-
-    // Encode to md5 and save
-    QCryptographicHash md5(QCryptographicHash::Md5);
-    md5.addData(newPassword.toLocal8Bit());
-
-    setValue("Preferences/WebUI/Password_ha1", md5.result().toHex());
+    setValue("Preferences/WebUI/Password_PBKDF2", password);
 }

 bool Preferences::isWebUiClickjackingProtectionEnabled() const
--- a/src/base/preferences.h
+++ b/src/base/preferences.h
@@ -193,8 +193,8 @@ public:
    void setWebUiAuthSubnetWhitelist(QStringList subnets);
    QString getWebUiUsername() const;
    void setWebUiUsername(const QString &username);
-    QString getWebUiPassword() const;
-    void setWebUiPassword(const QString &newPassword);
+    QByteArray getWebUIPassword() const;
+    void setWebUIPassword(const QByteArray &password);

    // WebUI security
    bool isWebUiClickjackingProtectionEnabled() const;
--- a/src/base/utils/password.cpp
+++ b/src/base/utils/password.cpp
@@ -0,0 +1,120 @@
+/*
+ * Bittorrent Client using Qt and libtorrent.
+ * Copyright (C) 2018  Mike Tzou (Chocobo1)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * In addition, as a special exception, the copyright holders give permission to
+ * link this program with the OpenSSL project's "OpenSSL" library (or with
+ * modified versions of it that use the same license as the "OpenSSL" library),
+ * and distribute the linked executables. You must obey the GNU General Public
+ * License in all respects for all of the code used other than "OpenSSL".  If you
+ * modify file(s), you may extend this exception to your version of the file(s),
+ * but you are not obligated to do so. If you do not wish to do so, delete this
+ * exception statement from your version.
+ */
+
+#include "password.h"
+
+#include <array>
+
+#include <openssl/evp.h>
+
+#include <QByteArray>
+#include <QList>
+#include <QString>
+
+#include "bytearray.h"
+#include "random.h"
+#include "string.h"
+
+namespace Utils
+{
+    namespace Password
+    {
+        namespace PBKDF2
+        {
+            const int hashIterations = 100000;
+            const auto hashMethod = EVP_sha512();
+        }
+    }
+}
+
+// Implements constant-time comparison to protect against timing attacks
+// Taken from https://crackstation.net/hashing-security.htm
+bool Utils::Password::slowEquals(const QByteArray &a, const QByteArray &b)
+{
+    const int lengthA = a.length();
+    const int lengthB = b.length();
+
+    int diff = lengthA ^ lengthB;
+    for (int i = 0; (i < lengthA) && (i < lengthB); ++i)
+        diff |= a[i] ^ b[i];
+
+    return (diff == 0);
+}
+
+QByteArray Utils::Password::PBKDF2::generate(const QString &password)
+{
+    return generate(password.toUtf8());
+}
+
+QByteArray Utils::Password::PBKDF2::generate(const QByteArray &password)
+{
+    const std::array<uint32_t, 4> salt {{Random::rand(), Random::rand()
+        , Random::rand(), Random::rand()}};
+
+    std::array<unsigned char, 64> outBuf {};
+    const int hmacResult = PKCS5_PBKDF2_HMAC(password.constData(), password.size()
+        , reinterpret_cast<const unsigned char *>(salt.data()), (sizeof(salt[0]) * salt.size())
+        , hashIterations, hashMethod
+        , outBuf.size(), outBuf.data());
+    if (hmacResult != 1)
+        return {};
+
+    const QByteArray saltView = QByteArray::fromRawData(
+        reinterpret_cast<const char *>(salt.data()), (sizeof(salt[0]) * salt.size()));
+    const QByteArray outBufView = QByteArray::fromRawData(
+        reinterpret_cast<const char *>(outBuf.data()), outBuf.size());
+
+    return (saltView.toBase64() + ':' + outBufView.toBase64());
+}
+
+bool Utils::Password::PBKDF2::verify(const QByteArray &secret, const QString &password)
+{
+    return verify(secret, password.toUtf8());
+}
+
+bool Utils::Password::PBKDF2::verify(const QByteArray &secret, const QByteArray &password)
+{
+    const QList<QByteArray> list = ByteArray::splitToViews(secret, ":", QString::SkipEmptyParts);
+    if (list.size() != 2)
+        return false;
+
+    const QByteArray salt = QByteArray::fromBase64(list[0]);
+    const QByteArray key = QByteArray::fromBase64(list[1]);
+
+    std::array<unsigned char, 64> outBuf {};
+    const int hmacResult = PKCS5_PBKDF2_HMAC(password.constData(), password.size()
+        , reinterpret_cast<const unsigned char *>(salt.constData()), salt.size()
+        , hashIterations, hashMethod
+        , outBuf.size(), outBuf.data());
+    if (hmacResult != 1)
+        return false;
+
+    const QByteArray outBufView = QByteArray::fromRawData(
+        reinterpret_cast<const char *>(outBuf.data()), outBuf.size());
+    return slowEquals(key, outBufView);
+}
--- a/src/base/utils/password.h
+++ b/src/base/utils/password.h
@@ -0,0 +1,51 @@
+/*
+ * Bittorrent Client using Qt and libtorrent.
+ * Copyright (C) 2018  Mike Tzou (Chocobo1)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * In addition, as a special exception, the copyright holders give permission to
+ * link this program with the OpenSSL project's "OpenSSL" library (or with
+ * modified versions of it that use the same license as the "OpenSSL" library),
+ * and distribute the linked executables. You must obey the GNU General Public
+ * License in all respects for all of the code used other than "OpenSSL".  If you
+ * modify file(s), you may extend this exception to your version of the file(s),
+ * but you are not obligated to do so. If you do not wish to do so, delete this
+ * exception statement from your version.
+ */
+
+#pragma once
+
+class QByteArray;
+class QString;
+
+namespace Utils
+{
+    namespace Password
+    {
+        // Implements constant-time comparison to protect against timing attacks
+        // Taken from https://crackstation.net/hashing-security.htm
+        bool slowEquals(const QByteArray &a, const QByteArray &b);
+
+        namespace PBKDF2
+        {
+            QByteArray generate(const QString &password);
+            QByteArray generate(const QByteArray &password);
+
+            bool verify(const QByteArray &secret, const QString &password);
+            bool verify(const QByteArray &secret, const QByteArray &password);
+        }
+    }
+}
--- a/src/base/utils/string.cpp
+++ b/src/base/utils/string.cpp
@@ -31,7 +31,6 @@

 #include <cmath>

-#include <QByteArray>
 #include <QCollator>
 #include <QLocale>
 #include <QRegExp>
@@ -164,20 +163,6 @@ QString Utils::String::fromDouble(double n, int precision)
    return QLocale::system().toString(std::floor(n * prec) / prec, 'f', precision);
 }

-// Implements constant-time comparison to protect against timing attacks
-// Taken from https://crackstation.net/hashing-security.htm
-bool Utils::String::slowEquals(const QByteArray &a, const QByteArray &b)
-{
-    int lengthA = a.length();
-    int lengthB = b.length();
-
-    int diff = lengthA ^ lengthB;
-    for (int i = 0; (i < lengthA) && (i < lengthB); ++i)
-        diff |= a[i] ^ b[i];
-
-    return (diff == 0);
-}
-
 // This is marked as internal in QRegExp.cpp, but is exported. The alternative would be to
 // copy the code from QRegExp::wc2rx().
 QString qt_regexp_toCanonical(const QString &pattern, QRegExp::PatternSyntax patternSyntax);
--- a/src/base/utils/string.h
+++ b/src/base/utils/string.h
@@ -30,10 +30,9 @@
 #ifndef UTILS_STRING_H
 #define UTILS_STRING_H

+#include <QLatin1String>
 #include <QString>

-class QByteArray;
-class QLatin1String;
 class TriStateBool;

 namespace Utils
@@ -42,10 +41,6 @@ namespace Utils
    {
        QString fromDouble(double n, int precision);

-        // Implements constant-time comparison to protect against timing attacks
-        // Taken from https://crackstation.net/hashing-security.htm
-        bool slowEquals(const QByteArray &a, const QByteArray &b);
-
        int naturalCompare(const QString &left, const QString &right, const Qt::CaseSensitivity caseSensitivity);
        template <Qt::CaseSensitivity caseSensitivity>
        bool naturalLessThan(const QString &left, const QString &right)