X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Futil%2FPasswordHash.java;h=97e3493aa63a76333fe1fa6098fab4a6e92e6254;hb=12323116dd560da2a348b4045dd8af20db764ea5;hp=edc1ad53a927782018c31e883be15a847192a243;hpb=b0ab4664edfc6ee90b658bfa662a54dec42879b3;p=gigi.git

diff --git a/src/org/cacert/gigi/util/PasswordHash.java b/src/org/cacert/gigi/util/PasswordHash.java
index edc1ad53..97e3493a 100644
--- a/src/org/cacert/gigi/util/PasswordHash.java
+++ b/src/org/cacert/gigi/util/PasswordHash.java
@@ -1,30 +1,117 @@
 package org.cacert.gigi.util;
 
+import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.Properties;
+
+import com.lambdaworks.crypto.SCryptUtil;
 
 public class PasswordHash {
-	public static boolean verifyHash(String password, String hash) {
-		String newhash = sha1(password);
-		return newhash.equals(hash);
-	}
-
-	private static String sha1(String password) {
-		try {
-			MessageDigest md = MessageDigest.getInstance("SHA1");
-			byte[] digest = md.digest(password.getBytes());
-			StringBuffer res = new StringBuffer(digest.length * 2);
-			for (int i = 0; i < digest.length; i++) {
-				res.append(Integer.toHexString((digest[i] & 0xF0) >> 4));
-				res.append(Integer.toHexString(digest[i] & 0xF));
-			}
-			return res.toString();
-		} catch (NoSuchAlgorithmException e) {
-			throw new Error(e);
-		}
-	}
-
-	public static String hash(String password) {
-		return sha1(password);
-	}
+
+    /**
+     * Verifies a password hash.
+     * 
+     * @param password
+     *            The password that should result in the given hash.
+     * @param hash
+     *            The hash to verify the password against.
+     * @return
+     *         <ul>
+     *         <li><code>null</code>, if the password was valid</li>
+     *         <li><code>hash</code>, if the password is valid and the hash
+     *         doesn't need to be updated</li>
+     *         <li>a new hash, if the password is valid but the hash in the
+     *         database needs to be updated.</li>
+     *         </ul>
+     */
+    public static String verifyHash(String password, String hash) {
+        if (password == null || password.isEmpty()) {
+            return null;
+        }
+        if (hash.contains("$")) {
+            if (SCryptUtil.check(password, hash)) {
+                return hash;
+            } else {
+                return null;
+            }
+        }
+        String newhash = sha1(password);
+        boolean match = true;
+        if (newhash.length() != hash.length()) {
+            match = false;
+        }
+        for (int i = 0; i < newhash.length(); i++) {
+            match &= newhash.charAt(i) == hash.charAt(i);
+        }
+        if (match) {
+            return hash(password);
+        } else {
+            return null;
+        }
+    }
+
+    public static String sha1(String password) {
+        try {
+            MessageDigest md = MessageDigest.getInstance("SHA1");
+            byte[] digest = md.digest(password.getBytes("UTF-8"));
+            StringBuffer res = new StringBuffer(digest.length * 2);
+            for (int i = 0; i < digest.length; i++) {
+                res.append(Integer.toHexString((digest[i] & 0xF0) >> 4));
+                res.append(Integer.toHexString(digest[i] & 0xF));
+            }
+            return res.toString();
+        } catch (NoSuchAlgorithmException e) {
+            throw new Error(e);
+        } catch (UnsupportedEncodingException e) {
+            throw new Error(e);
+        }
+    }
+
+    public static String hash(String password) {
+        return SCryptUtil.scrypt(password, N, r, p);
+    }
+
+    private static int N = 1 << 14;
+
+    private static int r = 8;
+
+    private static int p = 1;
+
+    private static boolean initialized = false;
+
+    public static synchronized void init(Properties prop) {
+        if (initialized) {
+            throw new IllegalStateException("Already initialized.");
+        }
+        String val = prop.getProperty("scrypt.params", "14;8;1");
+        String[] parts = val.split(";", 3);
+        int N = 1 << Integer.parseInt(parts[0]);
+        int r = Integer.parseInt(parts[1]);
+        int p = Integer.parseInt(parts[2]);
+        checkScryptParams(N, r, p);
+        PasswordHash.N = N;
+        PasswordHash.r = r;
+        PasswordHash.p = p;
+        initialized = true;
+    }
+
+    private static void checkScryptParams(int N, int r, int p) {
+        if (N < 2 || (N & (N - 1)) != 0) {
+            throw new IllegalArgumentException("N must be a power of 2 greater than 1");
+        }
+        if (r <= 0) {
+            throw new IllegalArgumentException("Parameter r zero or negative");
+        }
+        if (p <= 0) {
+            throw new IllegalArgumentException("Parameter p zero or negative");
+        }
+
+        if (N > Integer.MAX_VALUE / 128 / r) {
+            throw new IllegalArgumentException("Parameter N is too large");
+        }
+        if (r > Integer.MAX_VALUE / 128 / p) {
+            throw new IllegalArgumentException("Parameter r is too large");
+        }
+    }
 }