Meishin/LoginSystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #102 from ljacqu/bakatrouble

Browse Source 
Fix Django crypt (needs testing)
This commit is contained in:
Gabriele C 2016-02-14 23:22:36 +01:00
commit 29cc69407c
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java
View File

@ -1,5 +1,6 @@
package fr.xephi.authme.security.crypts; package fr.xephi.authme.security.crypts;
import fr.xephi.authme.ConsoleLogger;
import fr.xephi.authme.security.crypts.description.AsciiRestricted; import fr.xephi.authme.security.crypts.description.AsciiRestricted;
import fr.xephi.authme.security.pbkdf2.PBKDF2Engine; import fr.xephi.authme.security.pbkdf2.PBKDF2Engine;
import fr.xephi.authme.security.pbkdf2.PBKDF2Parameters; import fr.xephi.authme.security.pbkdf2.PBKDF2Parameters;
@ -9,10 +10,12 @@ import javax.xml.bind.DatatypeConverter;
@AsciiRestricted @AsciiRestricted
public class CryptPBKDF2Django extends HexSaltedMethod { public class CryptPBKDF2Django extends HexSaltedMethod {
private static final int DEFAULT_ITERATIONS = 24000;
@Override @Override
public String computeHash(String password, String salt, String name) { public String computeHash(String password, String salt, String name) {
String result = "pbkdf2_sha256$15000$" + salt + "$"; String result = "pbkdf2_sha256$" + DEFAULT_ITERATIONS + "$" + salt + "$";
PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000); PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), DEFAULT_ITERATIONS);
PBKDF2Engine engine = new PBKDF2Engine(params); PBKDF2Engine engine = new PBKDF2Engine(params);
return result + String.valueOf(DatatypeConverter.printBase64Binary(engine.deriveKey(password, 32))); return result + String.valueOf(DatatypeConverter.printBase64Binary(engine.deriveKey(password, 32)));
@ -24,9 +27,17 @@ public class CryptPBKDF2Django extends HexSaltedMethod {
if (line.length != 4) { if (line.length != 4) {
return false; return false;
} }
int iterations;
try {
iterations = Integer.parseInt(line[1]);
} catch (NumberFormatException e) {
ConsoleLogger.logException("Could not read number of rounds in '" + hashedPassword.getHash()
+ " for CryptPBKDF2Django", e);
return false;
}
String salt = line[2]; String salt = line[2];
byte[] derivedKey = DatatypeConverter.parseBase64Binary(line[3]); byte[] derivedKey = DatatypeConverter.parseBase64Binary(line[3]);
PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000, derivedKey); PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), iterations, derivedKey);
PBKDF2Engine engine = new PBKDF2Engine(params); PBKDF2Engine engine = new PBKDF2Engine(params);
return engine.verifyKey(password); return engine.verifyKey(password);
} }

8
src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2DjangoTest.java
View File

@ -1,10 +1,18 @@
package fr.xephi.authme.security.crypts; package fr.xephi.authme.security.crypts;
import fr.xephi.authme.ConsoleLoggerTestInitializer;
import org.junit.BeforeClass;
/** /**
* Test for {@link CryptPBKDF2Django}. * Test for {@link CryptPBKDF2Django}.
*/ */
public class CryptPBKDF2DjangoTest extends AbstractEncryptionMethodTest { public class CryptPBKDF2DjangoTest extends AbstractEncryptionMethodTest {
@BeforeClass
public static void setupLogger() {
ConsoleLoggerTestInitializer.setupLogger();
}
public CryptPBKDF2DjangoTest() { public CryptPBKDF2DjangoTest() {
super(new CryptPBKDF2Django(), super(new CryptPBKDF2Django(),
"pbkdf2_sha256$15000$50a7ff2d7e00$t7Qx2CfzMhGEbyCa3Wk5nJvNjj3N+FdxhpwJDerl4Fs=", // password "pbkdf2_sha256$15000$50a7ff2d7e00$t7Qx2CfzMhGEbyCa3Wk5nJvNjj3N+FdxhpwJDerl4Fs=", // password