This file is indexed.

/usr/include/Wt/Auth/HashFunction is in libwt-dev 3.3.6+dfsg-1.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
// This may look like C code, but it's really -*- C++ -*-
/*
 * Copyright (C) 2011 Emweb bvba, Kessel-Lo, Belgium.
 *
 * See the LICENSE file for terms of use.
 */
#ifndef WT_AUTH_HASH_FUNCTION
#define WT_AUTH_HASH_FUNCTION

#include <string>
#include <Wt/WDllDefs.h>

namespace Wt {
  namespace Auth {

/*! \class HashFunction Wt/Auth/HashFunction
 *  \brief An abstract cryptographic hash function interface.
 *
 * A cryptographic hash function computes a hash value from a message,
 * for which it is hard to guess another message that generates the
 * same hash.
 *
 * These hash functions are intended for short messages, typically
 * passwords or random tokens, and thus not suitable for computing the
 * hash value of a large document.
 *
 * When used for passwords, to avoid dictionary attacks, the hash
 * functions accept also a random salt which is hashed together with
 * the password. Not all hash functions are adequate for passwords
 * hashes.
 *
 * \ingroup auth
 */
class WT_API HashFunction
{
public:
  /*! \brief Destructor.
   */
  virtual ~HashFunction();

  /*! \brief Returns the name for this hash function.
   *
   * This should return a (short) name that uniquely identifies this
   * hash function.
   */
  virtual std::string name() const = 0;

  /*! \brief Computes the hash of a message + salt.
   *
   * The message is usually an ASCII or UTF-8 string.
   *
   * The \p salt and the computed hash are encoded in printable
   * characters. This is usually ASCII-encoded \if cpp (as for the UNIX crypt()
   * functions) \endif or could be Base64-encoded.
   */
  virtual std::string compute(const std::string& msg, const std::string& salt)
    const = 0;

  /*! \brief Verifies a message with the salted hash
   *
   * The base implementation will recompute the hash of the message with
   * the given salt, and compare it to the \p hash.
   *
   * Some methods however store the salt and additional settings in
   * the \p hash, and this information is thus needed to verify the message
   * hash.
   */
  virtual bool verify(const std::string& msg,
		      const std::string& salt,
		      const std::string& hash) const;
};

/*! \class MD5HashFunction Wt/Auth/HashFunction
 *  \brief A cryptograhpic hash function implemented using MD5.
 *
 * This hash function is useful for creating token hashes, but
 * should not be used for password hashes.
 *
 * \ingroup auth
 */
class WT_API MD5HashFunction : public HashFunction
{
public:
  /*! \brief Returns the name for this hash function.
   *
   * Returns <tt>"MD5"</tt>.
   */
  virtual std::string name() const;

  virtual std::string compute(const std::string& msg,
			      const std::string& salt) const;
};

#ifndef WT_TARGET_JAVA
/*! \class SHA1HashFunction Wt/Auth/HashFunction
 *  \brief A cryptographic hash function implemented using SHA1.
 *
 * This hash function is only available if %Wt was compiled with
 * OpenSSL support.
 *
 * This hashing function is useful for creating token hashes, and is
 * also considered adequate for password hashes.
 *
 * \ingroup auth
 */
class WT_API SHA1HashFunction : public HashFunction
{
public:
  /*! \brief Returns the name for this hash function.
   *
   * Returns <tt>"SHA1"</tt>.
   */
  virtual std::string name() const;

  virtual std::string compute(const std::string& msg,
			      const std::string& salt) const;
};

/*! \class BCryptHashFunction Wt/Auth/HashFunction
 *  \brief An cryptographic hash function that implements bcrypt.
 *
 * This hashing function is intended for password hashes. In addition
 * to be collision-resistant, the bcrypt algorithm has a parameter
 * which makes the computation more computationally intensive. In this
 * way, a dictionary-based attack on a compromised hash is also less
 * feasible.
 *
 * \ingroup auth
 */
class WT_API BCryptHashFunction : public HashFunction
{
public:
  /*! \brief Constructor.
   *
   * The \p count parameter controls the number of iterations, and
   * thus the computational complexity. With a value of 0, a small
   * default is chosen. The computational complexity increases
   * exponentionally with increasing values f \p count. The parameter
   * only affects new hashes computed with compute(), and its value is
   * stored in the computed hash.
   *
   * The value of \p count needs to be 0, or in the range 4-31.
   */
  BCryptHashFunction(int count = 0);

  /*! \brief Returns the name for this hash function.
   *
   * Returns <tt>"bcrypt"</tt>.
   */
  virtual std::string name() const;

  virtual std::string compute(const std::string& msg,
			      const std::string& salt) const;

  virtual bool verify(const std::string& msg,
		      const std::string& hash,
		      const std::string& salt) const;

private:
  int count_;
};
#endif

  } 
}

#endif // WT_AUTH_HASH_FUNCTION