AuroraRuntime/Include/Aurora/Crypto/BCrypt/BCrypt.hpp

/***
    Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.

    File: BCrypt.hpp
    Date: 2022-9-15
    Author: Reece

    Note: MD5 ($1$), the other numberic methods, and non-standard unix fuckery (ie: $sha1$) isn't implemented.
          This API implements $2x$-class password hashing and verification

    Note 2: BCrypt is really fucky when it comes to NULL termination. A bunch of libraries were vulnerable to \x00 injection.
            In addition, the final NULL termination is supposed to be carried into the hash. For this reason we use AuStrings 
            instead of memory views by default. Only use the MemoryView with an additional NUL byte otherwise your hashes will
            not be compatible with other software. This could be a problem for database [accessing?] software.
            
    Note 3: ...with AuStrings being recommended to prevent fuck-ups between other bcrypt implementations, the [...]Safer variants
             enforce zeroing out of the passwords character buffer before the function returns.
***/
#pragma once

namespace Aurora::Crypto::BCrypt
{
    AUKN_SYM int GetForcedMinRounds();

    AUKN_SYM AuString GenSalt(int rounds);
    
    AUKN_SYM AuString HashPassword(const AuString &password, const AuString &salt);
    AUKN_SYM AuString HashPasswordEx(const Memory::MemoryViewRead &password, const AuString &salt);
    AUKN_SYM AuString HashPasswordSafer(AuString &&password, const AuString &salt);

    AUKN_SYM bool CheckPassword(const AuString &password, const AuString &hashedPassword);
    AUKN_SYM bool CheckPasswordEx(const Memory::MemoryViewRead &password, const AuString &hashedPassword);
    AUKN_SYM bool CheckPasswordSafer(AuString &&password, const AuString &hashedPassword);
}
[+] AuCrypto::BCrypt > GetForcedMinRounds > GenSalt > HashPW > HashPWEx > CheckPassword > CheckPasswordEx [] Refactor AuCompression APIs [] Clean up AuTryConstructs [+] Internal compression API for compression based interceptors [+] Root-level input stream arg check for all compression apis (harden) [] Clean up AuCompression code [+] Solar Designer / OpenWall blowfish crypt [] BlowCrypt: accept length input parameter [*] Split locale into 2 source files [-] Ugly comment from Open.Win32.cpp. TODO: Readd later. Might warn on empty string bc it makes sense given, "." and "/" normalizes to nothing, and memory pre-idc-if-drops are dropped siliently. 2022-09-15 19:48:50 +00:00			`/***`
			`Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.`

			`File: BCrypt.hpp`
			`Date: 2022-9-15`
			`Author: Reece`

			`Note: MD5 ($1$), the other numberic methods, and non-standard unix fuckery (ie: $sha1$) isn't implemented.`
			`This API implements $2x$-class password hashing and verification`
[+] Added "Safer" variants to bcrypt when using string containers 2024-02-19 19:08:20 +00:00
			`Note 2: BCrypt is really fucky when it comes to NULL termination. A bunch of libraries were vulnerable to \x00 injection.`
			`In addition, the final NULL termination is supposed to be carried into the hash. For this reason we use AuStrings`
			`instead of memory views by default. Only use the MemoryView with an additional NUL byte otherwise your hashes will`
			`not be compatible with other software. This could be a problem for database [accessing?] software.`

			`Note 3: ...with AuStrings being recommended to prevent fuck-ups between other bcrypt implementations, the [...]Safer variants`
			`enforce zeroing out of the passwords character buffer before the function returns.`
[+] AuCrypto::BCrypt > GetForcedMinRounds > GenSalt > HashPW > HashPWEx > CheckPassword > CheckPasswordEx [] Refactor AuCompression APIs [] Clean up AuTryConstructs [+] Internal compression API for compression based interceptors [+] Root-level input stream arg check for all compression apis (harden) [] Clean up AuCompression code [+] Solar Designer / OpenWall blowfish crypt [] BlowCrypt: accept length input parameter [*] Split locale into 2 source files [-] Ugly comment from Open.Win32.cpp. TODO: Readd later. Might warn on empty string bc it makes sense given, "." and "/" normalizes to nothing, and memory pre-idc-if-drops are dropped siliently. 2022-09-15 19:48:50 +00:00			`***/`
			`#pragma once`

			`namespace Aurora::Crypto::BCrypt`
			`{`
			`AUKN_SYM int GetForcedMinRounds();`

			`AUKN_SYM AuString GenSalt(int rounds);`

[+] RMD128+BScFwd based HashCash (bcrypt DoS mitigation, acc creation, antibot, etc) [] Refactor bcrypt api: HashPW[Ex] -> HashPassword[Ex] [+] ByteBuffer::GetOrAllocateLinearWriteable [+] ByteBuffer::Can[Read/Write](n) [+] ByteBuffer::GetLinear[Read/Writable]able(n) [] Split RNG.cpp into two files [+] EHashType::eSHA2_48 (_32, _64 was already in place. missed 48/384 bit) [+] AuCrypto::HMAC and IHMACContext (AuHashing) [+] EHashType::eSHA3_28 [+] EHashType::eSHA3_32 [+] EHashType::eSHA3_48 [+] EHashType::eSHA3_64 (AuCrypto) [+] EHashType::eSHA2_48_384 [+] EHashType::eSHA2_64_512 [+] EHashType::eSHA3_28_224 [+] EHashType::eSHA3_32_256 [+] EHashType::eSHA3_48_384 [+] EHashType::eSHA3_64_512 [] (IRandomDevice) class -> struct [] Bugfix: cast in Promise<SuccessValue_t, ErrorValue_t>::WriteIntoError [+] Missing AuHashing namespace alias [*] Time util: pad ms when fraction of a second to 3 digits 2022-09-19 01:34:57 +00:00			`AUKN_SYM AuString HashPassword(const AuString &password, const AuString &salt);`
			`AUKN_SYM AuString HashPasswordEx(const Memory::MemoryViewRead &password, const AuString &salt);`
[+] Added "Safer" variants to bcrypt when using string containers 2024-02-19 19:08:20 +00:00			`AUKN_SYM AuString HashPasswordSafer(AuString &&password, const AuString &salt);`
[+] AuCrypto::BCrypt > GetForcedMinRounds > GenSalt > HashPW > HashPWEx > CheckPassword > CheckPasswordEx [] Refactor AuCompression APIs [] Clean up AuTryConstructs [+] Internal compression API for compression based interceptors [+] Root-level input stream arg check for all compression apis (harden) [] Clean up AuCompression code [+] Solar Designer / OpenWall blowfish crypt [] BlowCrypt: accept length input parameter [*] Split locale into 2 source files [-] Ugly comment from Open.Win32.cpp. TODO: Readd later. Might warn on empty string bc it makes sense given, "." and "/" normalizes to nothing, and memory pre-idc-if-drops are dropped siliently. 2022-09-15 19:48:50 +00:00
			`AUKN_SYM bool CheckPassword(const AuString &password, const AuString &hashedPassword);`
			`AUKN_SYM bool CheckPasswordEx(const Memory::MemoryViewRead &password, const AuString &hashedPassword);`
[+] Added "Safer" variants to bcrypt when using string containers 2024-02-19 19:08:20 +00:00			`AUKN_SYM bool CheckPasswordSafer(AuString &&password, const AuString &hashedPassword);`
[+] AuCrypto::BCrypt > GetForcedMinRounds > GenSalt > HashPW > HashPWEx > CheckPassword > CheckPasswordEx [] Refactor AuCompression APIs [] Clean up AuTryConstructs [+] Internal compression API for compression based interceptors [+] Root-level input stream arg check for all compression apis (harden) [] Clean up AuCompression code [+] Solar Designer / OpenWall blowfish crypt [] BlowCrypt: accept length input parameter [*] Split locale into 2 source files [-] Ugly comment from Open.Win32.cpp. TODO: Readd later. Might warn on empty string bc it makes sense given, "." and "/" normalizes to nothing, and memory pre-idc-if-drops are dropped siliently. 2022-09-15 19:48:50 +00:00			`}`