1 #ifndef BCRYPT_H_ 2 #define BCRYPT_H_ 3 /* 4 * bcrypt wrapper library 5 * 6 * Written in 2011, 2013, 2014, 2015 by Ricardo Garcia <r@rg3.name> 7 * 8 * To the extent possible under law, the author(s) have dedicated all copyright 9 * and related and neighboring rights to this software to the public domain 10 * worldwide. This software is distributed without any warranty. 11 * 12 * You should have received a copy of the CC0 Public Domain Dedication along 13 * with this software. If not, see 14 * <http://creativecommons.org/publicdomain/zero/1.0/>. 15 */ 16 17 #define BCRYPT_HASHSIZE (64) 18 19 #ifdef __cplusplus 20 extern "C" { 21 #endif 22 23 /* 24 * This function expects a work factor between 4 and 31 and a char array to 25 * store the resulting generated salt. The char array should typically have 26 * BCRYPT_HASHSIZE bytes at least. If the provided work factor is not in the 27 * previous range, it will default to 12. 28 * 29 * The return value is zero if the salt could be correctly generated and 30 * nonzero otherwise. 31 * 32 */ 33 int bcrypt_gensalt(int workfactor, char salt[BCRYPT_HASHSIZE]); 34 35 /* 36 * This function expects a password to be hashed, a salt to hash the password 37 * with and a char array to leave the result. Both the salt and the hash 38 * parameters should have room for BCRYPT_HASHSIZE characters at least. 39 * 40 * It can also be used to verify a hashed password. In that case, provide the 41 * expected hash in the salt parameter and verify the output hash is the same 42 * as the input hash. However, to avoid timing attacks, it's better to use 43 * bcrypt_checkpw when verifying a password. 44 * 45 * The return value is zero if the password could be hashed and nonzero 46 * otherwise. 47 */ 48 int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE], 49 char hash[BCRYPT_HASHSIZE]); 50 51 /* 52 * This function expects a password and a hash to verify the password against. 53 * The internal implementation is tuned to avoid timing attacks. 54 * 55 * The return value will be -1 in case of errors, zero if the provided password 56 * matches the given hash and greater than zero if no errors are found and the 57 * passwords don't match. 58 * 59 */ 60 int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]); 61 62 /* 63 * Brief Example 64 * ------------- 65 * 66 * Hashing a password: 67 * 68 * char salt[BCRYPT_HASHSIZE]; 69 * char hash[BCRYPT_HASHSIZE]; 70 * int ret; 71 * 72 * ret = bcrypt_gensalt(12, salt); 73 * assert(ret == 0); 74 * ret = bcrypt_hashpw("thepassword", salt, hash); 75 * assert(ret == 0); 76 * 77 * 78 * Verifying a password: 79 * 80 * int ret; 81 * 82 * ret = bcrypt_checkpw("thepassword", "expectedhash"); 83 * assert(ret != -1); 84 * 85 * if (ret == 0) { 86 * printf("The password matches\n"); 87 * } else { 88 * printf("The password does NOT match\n"); 89 * } 90 * 91 */ 92 93 #ifdef __cplusplus 94 } 95 #endif 96 97 #endif 98