Changed GetDigestInCryptFormat to a normal method instead of a class method, which required changing a few others to normal methods as well. Changed the unit test accordingly and added a yet untested IsValidPassword method.

Author: MHumm

Source/DECFormat.pas

@@ -1984,8 +1984,8 @@ class procedure TFormat_BCryptBSD.DoDecode(const Source;
   end;
 
   procedure SetNextByte(b: Integer);
-    {-Put next byte into pdest if LA<ldest, inc LA and pdest}
   begin
+    // Put next byte into pdest if LA<ldest, inc LA and pdest
     Dest := Dest + [byte(b and $ff)];
   end;
 
@@ -2016,8 +2016,6 @@ class procedure TFormat_BCryptBSD.DoDecode(const Source;
 class procedure TFormat_BCryptBSD.DoEncode(const Source;
                                            var Dest: TBytes;
                                            Size: Integer);
-//const
-//  CT64: array[0..63] of AnsiChar = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 var
   CT64  : TBytes;
   c1,c2 : UInt16;

Source/DECHash.pas

@@ -1117,7 +1117,7 @@       TBCryptBSDData = record
         /// <summary>
         ///   Cost factor
         /// </summary>
-        Cost     : UInt8;
+        Cost     : string;
       end;
 
       var
@@ -1197,7 +1197,7 @@       TBCryptBSDData = record
     /// <summary>
     ///   Splits a given Crypt/BSD style password record into its parts
     /// </summary>
-    function SplitTestVector(const Vector: string):TBCryptBSDData;
+    class function SplitTestVector(const Vector: string):TBCryptBSDData;
   strict protected
     procedure DoInit; override;
     procedure DoTransform(Buffer: PUInt32Array); override;
@@ -1223,9 +1223,8 @@       TBCryptBSDData = record
     /// <param name="Format">
     ///   Format class for formatting the output
     /// </param>
-    class function GetCryptParams(
-                     const Params : string;
-                     Format : TDECFormatClass):string; override;
+    function GetCryptParams(const Params : string;
+                            Format : TDECFormatClass):string; override;
     /// <summary>
     ///   Returns the hash required for the crypt-like password storing
     ///   in that format. If a salt etc. is needed that needs to be specified
@@ -1295,11 +1294,18 @@       TBCryptBSDData = record
     ///   The data needed to "compare" the password against in Crypt/BSD like
     ///   format: $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
     /// </param>
+    /// <param name="Format">
+    ///   Must be the right type for the Crypt/BSD encoding used by the
+    ///   algorithm used. This was implemented this way to avoid making the
+    ///   DECHashAuthentication unit dependant on the DECFormat unit not needed
+    ///   otherwise.
+    /// </param>
     /// <returns>
     ///    True if the password given is correct.
     /// </returns>
-    class function IsValidPassword(const Password  : string;
-                                   const CryptData : string): Boolean; override;
+    function IsValidPassword(const Password  : string;
+                             const CryptData : string;
+                             Format          : TDECFormatClass): Boolean; override;
 
     /// <summary>
     ///   Processes one chunk of data to be hashed.
@@ -5256,9 +5262,8 @@ class function THash_BCrypt.GetCryptID: string;
   Result := '$2a';
 end;
 
-class function THash_BCrypt.GetCryptParams(
-                              const Params : string;
-                              Format       : TDECFormatClass): string;
+function THash_BCrypt.GetCryptParams(const Params : string;
+                                     Format       : TDECFormatClass): string;
 begin
   Result := Params;
   if (Length(Result) < 2) then
@@ -5267,11 +5272,26 @@ class function THash_BCrypt.GetCryptParams(
   Result := '$' + Result;
 end;
 
-class function THash_BCrypt.IsValidPassword(const Password,
-                                                  CryptData: string): Boolean;
+function THash_BCrypt.IsValidPassword(const Password  : string;
+                                      const CryptData : string;
+                                      Format          : TDECFormatClass): Boolean;
+var
+  SplittedCryptData : TBCryptBSDData;
+  Hash              : string;
 begin
-{ TODO : To be implemented }
   Result := false;
+
+  SplittedCryptData := SplitTestVector(CryptData);
+  // Is the CryptData for this algorithm?
+  if SplittedCryptData.ID <> GetCryptID then
+    exit;
+
+  GetCryptHash(Password,
+               SplittedCryptData.Cost,
+               Format.Decode(TEncoding.UTF8.GetBytes(SplittedCryptData.Salt)),
+               Format);
+
+  Result := hash = CryptData;
 end;
 
 procedure THash_BCrypt.BF_Encrypt(const BI: TBFBlock; var BO: TBFBlock);
@@ -5392,13 +5412,13 @@ procedure THash_BCrypt.SetCost(const Value: UInt8);
     raise EDECHashException.CreateFmt(sCostFactorInvalid, [MinCost, MaxCost]);
 end;
 
-function THash_BCrypt.SplitTestVector(const Vector: string): TBCryptBSDData;
+class function THash_BCrypt.SplitTestVector(const Vector: string): TBCryptBSDData;
 var
   Parts : TArray<string>;
 begin
   Parts := Vector.Split(['$'], TStringSplitOptions.ExcludeEmpty);
   Result.ID   := Parts[0];
-  Result.Cost := Copy(Parts[1], Low(Parts[1]), Length(Parts[1])).ToInteger;
+  Result.Cost := Copy(Parts[1], Low(Parts[1]), Length(Parts[1]));
   Result.Salt := Copy(Parts[2], Low(Parts[2]), 22);
 end;
 

Source/DECHashAuthentication.pas

@@ -672,8 +672,8 @@   TDECPasswordHash = class(TDECHashAuthentication)
     ///   Returns an empty string if the the algorithm on which this is being
     ///   used is not a Crypt/BSD compatible password hash algorithm
     /// </returns>
-    class function GetCryptParams(const Params : string;
-                                  Format       : TDECFormatClass):string; virtual;
+    function GetCryptParams(const Params : string;
+                            Format       : TDECFormatClass):string; virtual;
     /// <summary>
     ///   Returns the salt required for the crypt-like password storing
     ///   in that format.
@@ -736,7 +736,7 @@   TDECPasswordHash = class(TDECHashAuthentication)
     /// </summary>
     class function MaxPasswordLength:UInt8; virtual; abstract;
 
-    {$Region CryptFormatHandlingPublic}
+    {$Region CryptBSDFormatHandlingPublic}
     /// <summary>
     ///   Tries to find a class type by its Crypt identification
     ///   (e.g. 2a is Bcrypt).
@@ -791,12 +791,11 @@   TDECPasswordHash = class(TDECHashAuthentication)
     ///   <c>MaxPasswordLength</c> or if a salt with a different length than
     ///   128 bit has been specified.
     /// </exception>
-    class function GetDigestInCryptFormat(
-                     const Password : string;
-                     const Params   : string;
-                     const Salt     : string;
-                     SaltIsRaw      : Boolean;
-                     Format         : TDECFormatClass):string; virtual;
+    function GetDigestInCryptFormat(const Password : string;
+                                    const Params   : string;
+                                    const Salt     : string;
+                                    SaltIsRaw      : Boolean;
+                                    Format         : TDECFormatClass):string; virtual;
 
     /// <summary>
     ///   Checks whether a given password is the correct one for a password
@@ -809,55 +808,18 @@   TDECPasswordHash = class(TDECHashAuthentication)
     ///   The data needed to "compare" the password against in Crypt/BSD like
     ///   format: $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
     /// </param>
+    /// <param name="Format">
+    ///   Must be the right type for the Crypt/BSD encoding used by the
+    ///   algorithm used. This was implemented this way to avoid making the
+    ///   DECHashAuthentication unit dependant on the DECFormat unit not needed
+    ///   otherwise.
+    /// </param>
     /// <returns>
     ///    True if the password given is correct.
     /// </returns>
-    class function IsValidPassword(const Password  : string;
-                                   const CryptData : string): Boolean; virtual;
-
-//    /// <summary>
-//    ///   Calculates a passwort hash for the given password and returns it in
-//    ///   a BSDCrypt compatible format. This method only works for those hash
-//    ///   algorithms implementing the necessary GetBSDCryptID method.
-//    /// </summary>
-//    /// <param name="Password">
-//    ///   Entered password for which to calculate the hash. The caller is
-//    ///   responsible to ensure the maximum password length is adhered to.
-//    ///   Any exceptions raised due to too long passwords are not caught here!
-//    /// </param>
-//    /// <param name="Params">
-//    ///   Algorithm specific parameters used for initialization. For details see
-//    ///   documentation of the concrete implementation in the algorithm.
-//    /// </param>
-//    /// <param name="Salt">
-//    ///   Salt value used by the password hash calculation. Depending on the
-//    ///   value of SaltIsRaw, the salt needs to specified in raw encoding or
-//    ///   in the encoding used in the Crypt/BSD password storage string.
-//    /// </param>
-//    /// <param name="SaltIsRaw">
-//    ///   If true the passed salt value is a raw value. If false it is encoded
-//    ///   like in the Crypt/BSD password storage string.
-//    /// </param>
-//    /// <param name="Format">
-//    ///   Formatting class used to format the calculated password. Different
-//    ///   algorithms in BSDCrypt use different algorithms so one needs to know
-//    ///   which one to pass. See description of the hash class used.
-//    /// </param>
-//    /// <returns>
-//    ///   Calculated hash value in BSD crypt style format. Returns an empty
-//    ///   string if the algorithm is not a Crypt/BSD style password hash algorithm.
-//    /// </returns>
-//    /// <exception cref="EDECHashException">
-//    ///   Exception raised if length of <c>Password</c> is higher than
-//    ///   <c>MaxPasswordLength</c> or if a salt with a different length than
-//    ///   128 bit has been specified.
-//    /// </exception>
-//    class function GetDigestInCryptFormat(
-//                     const Password : string;
-//                     const Params   : RawByteString;
-//                     const Salt     : RawByteString;
-//                     SaltIsRaw      : Boolean;
-//                     Format         : TDECFormatClass):RawByteString; virtual; overload;
+    function IsValidPassword(const Password  : string;
+                             const CryptData : string;
+                             Format          : TDECFormatClass): Boolean; virtual;
     {$EndRegion}
 
     /// <summary>
@@ -1509,9 +1471,8 @@ class function TDECPasswordHash.GetCryptID: string;
   Result := '';
 end;
 
-class function TDECPasswordHash.GetCryptParams(
-                 const Params : string;
-                 Format       : TDECFormatClass): string;
+function TDECPasswordHash.GetCryptParams(const Params : string;
+                                         Format       : TDECFormatClass): string;
 begin
   Result := '';
 end;
@@ -1571,12 +1532,12 @@ class function TDECPasswordHash.GetCryptHash(
   Result := '';
 end;
 
-class function TDECPasswordHash.GetDigestInCryptFormat(
-                                  const Password : string;
-                                  const Params   : string;
-                                  const Salt     : string;
-                                  SaltIsRaw      : Boolean;
-                                  Format         : TDECFormatClass): string;
+function TDECPasswordHash.GetDigestInCryptFormat(
+                            const Password : string;
+                            const Params   : string;
+                            const Salt     : string;
+                            SaltIsRaw      : Boolean;
+                            Format         : TDECFormatClass): string;
 var
   SaltBytes : TBytes;
 begin
@@ -1598,8 +1559,9 @@ class function TDECPasswordHash.GetDigestInCryptFormat(
   end;
 end;
 
-class function TDECPasswordHash.IsValidPassword(const Password  : string;
-                                                const CryptData : string): Boolean;
+function TDECPasswordHash.IsValidPassword(const Password  : string;
+                                          const CryptData : string;
+                                          Format          : TDECFormatClass): Boolean;
 begin
   Result := false;
 end;

Unit Tests/Tests/TestDECHash.pas

@@ -6364,18 +6364,23 @@   TPair = record
   Result    : string;
   i         : Integer;
   SplitData : TBCryptBSDTestData;
+  HashInst  : THash_BCrypt;
 begin
-  for i := Low(TestData) to High(TestData) do
-  begin
-    SplitData := SplitTestVector(TestData[i].bs);
-    Result := string(THash_BCrypt.GetDigestInCryptFormat(
-                                    Passwords[TestData[i].pn],
-                                    SplitData.Cost.ToString,
-                                    SplitData.Salt,
-                                    False,
-                                    TFormat_BCryptBSD));
-
-    CheckEquals(TestData[i].bs, Result);
+  HashInst := THash_BCrypt.Create;
+  try
+    for i := Low(TestData) to High(TestData) do
+    begin
+      SplitData := SplitTestVector(TestData[i].bs);
+      Result := string(HashInst.GetDigestInCryptFormat(Passwords[TestData[i].pn],
+                                                       SplitData.Cost.ToString,
+                                                       SplitData.Salt,
+                                                       False,
+                                                       TFormat_BCryptBSD));
+
+      CheckEquals(TestData[i].bs, Result);
+    end;
+  finally
+    HashInst.Free;
   end;
 end;