Timerix/tcp-chat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changed password hashing

Browse Source
This commit is contained in:
Timerix 2025-11-09 18:39:37 +05:00
parent e03c651cef
commit b662a85348
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/client/ClientCredentials.c
View File

@ -1,5 +1,5 @@
#include "client.h" #include "client.h"
#include "tlibc/string/StringBuilder.h" #include "tlibc/collections/List.h"
void ClientCredentials_destroy(ClientCredentials* cred){ void ClientCredentials_destroy(ClientCredentials* cred){
if(!cred) if(!cred)
@ -22,18 +22,19 @@ Result(void) ClientCredentials_tryConstruct(ClientCredentials* cred,
cred->username = str_copy(username); cred->username = str_copy(username);
// concat password and username // concat password and username
StringBuilder sb = StringBuilder_alloc(username.size + password.size + 1); List(u8) data_to_hash = List_alloc_size(password.size + username.size + PASSWORD_HASH_SIZE);
Defer(StringBuilder_destroy(&sb)); Defer(free(data_to_hash.data));
StringBuilder_append_str(&sb, password); List_push_size(&data_to_hash, password.data, password.size);
StringBuilder_append_str(&sb, username); List_push_size(&data_to_hash, username.data, username.size);
Array(u8) password_and_username = str_castTo_Array(StringBuilder_getStr(&sb));
// lvl 1 hash - is used as AES key for user data // lvl 1 hash - is used as AES key for user data
cred->user_data_key = Array_alloc(u8, PASSWORD_HASH_SIZE); cred->user_data_key = Array_alloc(u8, PASSWORD_HASH_SIZE);
hash_password(password_and_username, cred->user_data_key.data, __PASSWORD_HASH_LVL_ITERATIONS); hash_password(List_castTo_Array(data_to_hash), cred->user_data_key.data, __PASSWORD_HASH_LVL_ROUNDS);
// concat lvl 1 hash to data_to_hash
List_push_size(&data_to_hash, cred->user_data_key.data, cred->user_data_key.size);
// lvl 2 hash - is used for authentification // lvl 2 hash - is used for authentification
cred->token = Array_alloc(u8, PASSWORD_HASH_SIZE); cred->token = Array_alloc(u8, PASSWORD_HASH_SIZE);
hash_password(cred->user_data_key, cred->token.data, __PASSWORD_HASH_LVL_ITERATIONS); hash_password(List_castTo_Array(data_to_hash), cred->token.data, __PASSWORD_HASH_LVL_ROUNDS);
AESBlockEncryptor_construct(&cred->user_data_aes_enc, cred->user_data_key, AESBlockEncryptor_DEFAULT_CLASS); AESBlockEncryptor_construct(&cred->user_data_aes_enc, cred->user_data_key, AESBlockEncryptor_DEFAULT_CLASS);
AESBlockDecryptor_construct(&cred->user_data_aes_dec, cred->user_data_key, AESBlockDecryptor_DEFAULT_CLASS); AESBlockDecryptor_construct(&cred->user_data_aes_dec, cred->user_data_key, AESBlockDecryptor_DEFAULT_CLASS);

7
src/cryptography/cryptography.h
View File

@ -12,11 +12,10 @@
/// @brief hashes password multiple times using its own hash as salt /// @brief hashes password multiple times using its own hash as salt
/// @param password some byte array /// @param password some byte array
/// @param out_buffer u8[PASSWORD_HASH_SIZE] /// @param out_buffer u8[PASSWORD_HASH_SIZE]
/// @param iterations number of iterations /// @param rounds number of rounds
void hash_password(Array(u8) password, u8* out_buffer, i32 iterations); void hash_password(Array(u8) password, u8* out_buffer, i32 rounds);
#define PASSWORD_HASH_SIZE 32 #define PASSWORD_HASH_SIZE 32
#define PASSWORD_HASH_LVL_ROUNDS 1e5
#define __PASSWORD_HASH_LVL_ITERATIONS 1e5
////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////
// // // //