dauth.core

DAuth - Salted Hashed Password Library for D Core package

Members

Aliases

Password
alias Password = RefCounted!PasswordData

A reference-counted type for passwords. The memory containing the password is automatically zeroed-out when there are no more references or when a new password is assigned.

isPasswordCorrect
alias isPasswordCorrect = isSameHash

Alias for backwards compatibility.

Classes

KnownWeakException
class KnownWeakException

Thrown when a known-weak algortihm or setting it attempted, UNLESS compiled with '-version=DAuth_AllowWeakSecurity'

UnknownDigestException
class UnknownDigestException

Thrown whenever a digest type cannot be determined. For example, when the provided (or default) 'digestCodeOfObj' or 'digestFromCode' delegates fail to find a match. Or when passing isSameHash a Hash!Digest with a null 'digest' member (which prevents it from determining the correct digest to match with).

Functions

defaultDigestCodeOfObj
string defaultDigestCodeOfObj(Digest digest)

Default implementation of 'digestCodeOfObj' for DAuth-style hash strings. See 'Hash!(TDigest).toString' for more info.

defaultDigestCryptCodeOfObj
string defaultDigestCryptCodeOfObj(Digest digest)

Default implementation of 'digestCodeOfObj' for Unix crypt-style hash strings. See 'Hash!(TDigest).toString' for more info.

defaultDigestFromCode
Digest defaultDigestFromCode(string digestCode)

Default implementation of 'digestFromCode' for DAuth-style hash strings. See 'parseHash' for more info.

defaultDigestFromCryptCode
Digest defaultDigestFromCryptCode(string digestCode)

Default implementation of 'digestFromCode' for Unix crypt-style hash strings. See 'parseHash' for more info.

defaultSalter
void defaultSalter(ref TDigest digest, Password password, Salt salt)

Default salter for 'makeHash' and 'isSameHash'.

dupPassword
Password dupPassword(string password)

This function exists as a convenience in case you need it, HOWEVER it's recommended to design your code so you DON'T need to use this (use toPassword instead):

isKnownWeak
bool isKnownWeak()
bool isKnownWeak(T digest)

Note, this only checks Phobos's RNG's and digests, and only by type. This works on a blacklist basis - it blindly accepts any Phobos-compatible RNG or digest it does not know about. This is only supplied as a convenience. It is always your own responsibility to select an appropriate algorithm for your own needs.

isSameHash
bool isSameHash(Password password, Hash!TDigest sHash, Salter!TDigest salter = toDelegate(&defaultSalter!TDigest))
bool isSameHash(Password password, Hash!TDigest sHash, Salter!Digest salter = toDelegate(&defaultSalter!Digest))
bool isSameHash(Password password, DigestType!TDigest hash, Salt salt, Salter!TDigest salter = toDelegate(&defaultSalter!TDigest))
bool isSameHash(Password password, ubyte[] hash, Salt salt, Digest digest = new DefaultDigestClass(), Salter!Digest salter = toDelegate(&defaultSalter!Digest))
bool isSameHash(Password password, ubyte[] hash, Salt salt, Salter!Digest salter)

Validates a password against an existing salted hash.

lengthConstantEquals
bool lengthConstantEquals(ubyte[] a, ubyte[] b)

Compare two arrays in "length-constant" time. This thwarts timing-based attacks by guaranteeing all comparisons (of a given length) take the same amount of time.

makeHash
Hash!TDigest makeHash(Password password, Salt salt = randomSalt(), Salter!TDigest salter = toDelegate(&defaultSalter!TDigest))
Hash!TDigest makeHash(Password password, Salter!TDigest salter)
Hash!Digest makeHash(Digest digest, Password password, Salt salt = randomSalt(), Salter!Digest salter = toDelegate(&defaultSalter!Digest))
Hash!Digest makeHash(Digest digest, Password password, Salter!Digest salter)

Generates a salted password using any Phobos-compatible digest, default being SHA-512.

parseCryptHash
Hash!Digest parseCryptHash(string str, Digest delegate(string) digestFromCryptCode = toDelegate(&defaultDigestFromCryptCode))
parseDAuthHash
Hash!Digest parseDAuthHash(string str, Digest delegate(string) digestFromDAuthCode = toDelegate(&defaultDigestFromCode))

Parses a string that was encoded by Hash.toString.

parseHash
Hash!Digest parseHash(string str, Digest delegate(string) digestFromDAuthCode = toDelegate(&defaultDigestFromCode), Digest delegate(string) digestFromCryptCode = toDelegate(&defaultDigestFromCryptCode))

Parses a string that was encoded by Hash.toString.

toPassword
Password toPassword(ubyte[] password)

Constructs a Password from a ubyte[]. Mainly provided for syntactic consistency with 'toPassword(char[])'.

toPassword
Password toPassword(char[] password)

Constructs a Password from a char[] so you don't have to cast to ubyte[], and don't accidentally cast away immutability.

Structs

Hash
struct Hash(TDigest)

Contains all the relevant information for a salted hash. Note the digest type can be obtained via DigestOf!(SomeHashType).

Templates

AnyDigestType
template AnyDigestType(TDigest)

Like std.digest.digest.DigestType, but also accepts OO-style digests (ie. classes deriving from interface std.digest.digest.Digest)

DigestOf
template DigestOf(T)

Retreive the digest type of a struct Hash(some digest)

isAnyDigest
template isAnyDigest(TDigest)

Like std.digest.digest.isDigest, but also accepts OO-style digests (ie. classes deriving from interface std.digest.digest.Digest)

isHash
template isHash(T)

Tests if the type is an instance of struct Hash(some digest)

Meta