package helpers;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.bouncycastle.crypto.generators.SCrypt;
/**
* Wrapper for Bouncy Castle's scrypt implementation.
*
* Generates salted scrypt hashes in a format similar to Modular Crypt Format (MCF).
*
* @author Mark George <mark.george@otago.ac.nz>
*/
public final class ScryptHelper {
// the standard work factors for scrypt
private static final int N = 16384;
private static final int r = 8;
private static final int p = 1;
private static final int saltSize = 64;
private static final int dkLen = 64;
private static final Charset utf8 = StandardCharsets.UTF_8;
private ScryptHelper() {
}
/**
* Generates an MCF-like formatted salted scrypt hash for the password.
*
* @param password The password to hash.
* @return The MCF formatted hash.
*/
public static CharBuffer hash(CharSequence password) {
byte[] salt = salt();
byte[] hash = hash(password, salt, N, r, p, dkLen);
Base64.Encoder b64encoder = Base64.getEncoder();
int costParams = (log2(N)) << 16 | r << 8 | p;
byte[] dollar = "$".getBytes(utf8);
byte[] params = String.valueOf(costParams).getBytes(utf8);
byte[] b64salt = b64encoder.encode(salt);
byte[] b64hash = b64encoder.encode(hash);
int size = (4 * dollar.length) + params.length + b64salt.length + b64hash.length;
ByteBuffer mcf = ByteBuffer.allocate(size);
mcf.put(dollar).put(params);
mcf.put(dollar).put(b64salt);
mcf.put(dollar).put(b64hash);
mcf.put(dollar);
mcf.flip();
CharBuffer result = utf8.decode(mcf);
Arrays.fill(hash, (byte) 0);
Arrays.fill(salt, (byte) 0);
Arrays.fill(b64hash, (byte) 0);
Arrays.fill(b64salt, (byte) 0);
Arrays.fill(mcf.array(), (byte) 0);
return result;
}
/**
* Checks a hash (as generated by the hash method) against a
* password.
*
* @param mcfHash The MCF formatted hash.
* @param password The password.
*
* @return True if the password matches the hash, false if not.
*/
public static boolean check(CharSequence mcfHash, CharSequence password) {
Pattern regex = Pattern.compile("\\$(\\d+?)\\$(.+?)\\$(.+?)\\$");
Matcher matcher = regex.matcher(mcfHash);
if (matcher.matches()) {
int costParams = Integer.parseInt(matcher.group(1));
Base64.Decoder decoder = Base64.getDecoder();
byte[] salt = decoder.decode(matcher.group(2));
byte[] hash = decoder.decode(matcher.group(3));
int hN = 1 << (costParams >> 16);
int hr = costParams >> 8 & 255;
int hp = costParams & 255;
byte[] cHash = hash(password, salt, hN, hr, hp, hash.length);
for (int i = 0; i < cHash.length; i++) {
if (cHash[i] != hash[i]) {
return false;
}
}
return true;
} else {
throw new IllegalArgumentException("Hash is not in a recognisable format!");
}
}
static byte[] hash(CharSequence password, byte[] salt, int N, int r, int p, int dkLen) {
return SCrypt.generate(toBytes(password), salt, N, r, p, dkLen);
}
private static byte[] salt() {
try {
byte[] salt = new byte[saltSize];
SecureRandom.getInstance("SHA1PRNG").nextBytes(salt);
return salt;
} catch (NoSuchAlgorithmException ex) {
throw new IllegalStateException("SHA1PRNG not supported on this JVM!", ex);
}
}
private static int log2(int operand) {
int result = 0;
do {
operand = operand >> 1;
result++;
} while (operand > 1);
return result;
}
/*
* Source: https://stackoverflow.com/a/9670279
*/
private static byte[] toBytes(CharSequence chars) {
CharBuffer charBuffer = CharBuffer.wrap(chars);
ByteBuffer byteBuffer = utf8.encode(charBuffer);
byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
Arrays.fill(byteBuffer.array(), (byte) 0);
return bytes;
}
}
