UNPKG

@phc/bcrypt

Version:

Node.JS bcrypt password hashing algorithm following the PHC string format

github.com/simonepri/phc-bcrypt

simonepri/phc-bcrypt

187 lines (169 loc) 5.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
/* eslint-disable capitalized-comments,complexity,prefer-destructuring */ 'use strict'; const bcrypt = require('bcrypt'); const tsse = require('tsse'); const phc = require('@phc/format'); const gensalt = require('@kdf/salt'); const bb64 = require('./bcrypt-b64'); /** * Default configurations used to generate a new hash. * @private * @type {Object} */ const defaults = Object.freeze({ // The cost of processing the data. // See here https://www.npmjs.com/package/bcrypt#a-note-on-rounds rounds: 10, // The minimum recommended size for the salt is 128 bits. saltSize: 16 }); /** * Supported bcrypt versions. * @private * @type {number[]} */ const versions = [ 0x61, // a (97) 0x62 // b (98) ]; /** * Computes the hash string of the given password in the PHC format using bcrypt * package. * @public * @param {string} password The password to hash. * @param {Object} [options] Optional configurations related to the hashing * function. * @param {number} [options.rounds=10] Optional * Must be an integer within the range (`4` <= `rounds` <= `31`). * @return {Promise.<string>} The generated secure hash string in the PHC * format. */ function hash(password, options) { options = options || {}; const rounds = options.rounds || defaults.rounds; const saltSize = options.saltSize || defaults.saltSize; const version = versions[versions.length - 1]; // Rounds Validation if (typeof rounds !== 'number' || !Number.isInteger(rounds)) { return Promise.reject( new TypeError("The 'rounds' option must be an integer") ); } if (rounds < 4 || rounds > 31) { return Promise.reject( new TypeError( `The 'rounds' option must be in the range (4 <= rounds <= 31)` ) ); } // Salt Size Validation if (saltSize < 8 || saltSize > 1024) { return Promise.reject( new TypeError( "The 'saltSize' option must be in the range (8 <= saltSize <= 1023)" ) ); } return gensalt(saltSize).then(salt => { const bb64salt = bb64.encode(salt); const padrounds = rounds > 9 ? Number(rounds) : '0' + rounds; const decver = String.fromCharCode(version); const parstr = `$2${decver}$${padrounds}$${bb64salt}`; return bcrypt.hash(password, parstr).then(enchash => { const hash = bb64.decode(enchash.split(parstr)[1]); const phcstr = phc.serialize({ id: 'bcrypt', version, params: { r: rounds }, salt, hash }); return phcstr; }); }); } /** * Determines whether or not the hash stored inside the PHC formatted string * matches the hash generated for the password provided. * @public * @param {string} phcstr Secure hash string generated from this package. * @param {string} password User's password input. * @returns {Promise.<boolean>} A boolean that is true if the hash computed * for the password matches. */ function verify(phcstr, password) { let phcobj; try { phcobj = phc.deserialize(phcstr); } catch (err) { return Promise.reject(err); } // Identifier Validation if (phcobj.id !== 'bcrypt') { return Promise.reject( new TypeError(`Incompatible ${phcobj.id} identifier found in the hash`) ); } // Parameters Existence Validation if (typeof phcobj.params !== 'object') { return Promise.reject(new TypeError('The param section cannot be empty')); } // Version Validation if (typeof phcobj.version === 'undefined') { phcobj.version = versions[0]; // Old bcrypt strings without the version. } if (versions.indexOf(phcobj.version) === -1) { return Promise.reject( new TypeError(`Unsupported ${phcobj.version} version`) ); } const version = phcobj.version; // Rounds Validation if ( typeof phcobj.params.r !== 'number' || !Number.isInteger(phcobj.params.r) ) { return Promise.reject(new TypeError("The 'r' param must be an integer")); } if (phcobj.params.r < 4 || phcobj.params.r > 31) { return Promise.reject( new TypeError(`The 'r' param must be in the range (4 <= r <= 31)`) ); } const rounds = phcobj.params.r; // Salt Validation if (typeof phcobj.salt === 'undefined') { return Promise.reject(new TypeError('No salt found in the given string')); } const salt = phcobj.salt; // Hash Validation if (typeof phcobj.hash === 'undefined') { return Promise.reject(new TypeError('No hash found in the given string')); } const hash = phcobj.hash; // const keylen = phcobj.hash.byteLength; const bb64salt = bb64.encode(salt); const padrounds = rounds > 9 ? Number(rounds) : '0' + rounds; const decver = String.fromCharCode(version); const parstr = `$2${decver}$${padrounds}$${bb64salt}`; return bcrypt.hash(password, parstr).then(enchash => { const newhash = bb64.decode(enchash.split(parstr)[1]); const match = tsse(hash, newhash); return match; }); } /** * Gets the list of all identifiers supported by this hashing function. * @public * @returns {string[]} A list of identifiers supported by this hashing function. */ function identifiers() { return ['bcrypt']; } module.exports = { hash, verify, identifiers };