1 #ifndef BCRYPT_H_
2 #define BCRYPT_H_
3 /*
4  * bcrypt wrapper library
5  *
6  * Written in 2011, 2013, 2014, 2015 by Ricardo Garcia <r@rg3.name>
7  *
8  * To the extent possible under law, the author(s) have dedicated all copyright
9  * and related and neighboring rights to this software to the public domain
10  * worldwide. This software is distributed without any warranty.
11  *
12  * You should have received a copy of the CC0 Public Domain Dedication along
13  * with this software. If not, see
14  * <http://creativecommons.org/publicdomain/zero/1.0/>.
15  */
16 
17 #define BCRYPT_HASHSIZE	(64)
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif
22 
23 /*
24  * This function expects a work factor between 4 and 31 and a char array to
25  * store the resulting generated salt. The char array should typically have
26  * BCRYPT_HASHSIZE bytes at least. If the provided work factor is not in the
27  * previous range, it will default to 12.
28  *
29  * The return value is zero if the salt could be correctly generated and
30  * nonzero otherwise.
31  *
32  */
33 int bcrypt_gensalt(int workfactor, char salt[BCRYPT_HASHSIZE]);
34 
35 /*
36  * This function expects a password to be hashed, a salt to hash the password
37  * with and a char array to leave the result. Both the salt and the hash
38  * parameters should have room for BCRYPT_HASHSIZE characters at least.
39  *
40  * It can also be used to verify a hashed password. In that case, provide the
41  * expected hash in the salt parameter and verify the output hash is the same
42  * as the input hash. However, to avoid timing attacks, it's better to use
43  * bcrypt_checkpw when verifying a password.
44  *
45  * The return value is zero if the password could be hashed and nonzero
46  * otherwise.
47  */
48 int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE],
49 		  char hash[BCRYPT_HASHSIZE]);
50 
51 /*
52  * This function expects a password and a hash to verify the password against.
53  * The internal implementation is tuned to avoid timing attacks.
54  *
55  * The return value will be -1 in case of errors, zero if the provided password
56  * matches the given hash and greater than zero if no errors are found and the
57  * passwords don't match.
58  *
59  */
60 int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]);
61 
62 /*
63  * Brief Example
64  * -------------
65  *
66  * Hashing a password:
67  *
68  *	char salt[BCRYPT_HASHSIZE];
69  *	char hash[BCRYPT_HASHSIZE];
70  *	int ret;
71  *
72  *	ret = bcrypt_gensalt(12, salt);
73  *	assert(ret == 0);
74  *	ret = bcrypt_hashpw("thepassword", salt, hash);
75  *	assert(ret == 0);
76  *
77  *
78  * Verifying a password:
79  *
80  *	int ret;
81  *
82  *      ret = bcrypt_checkpw("thepassword", "expectedhash");
83  *      assert(ret != -1);
84  *
85  *	if (ret == 0) {
86  *		printf("The password matches\n");
87  *	} else {
88  *		printf("The password does NOT match\n");
89  *	}
90  *
91  */
92 
93 #ifdef __cplusplus
94 }
95 #endif
96 
97 #endif
98