Merge pull request #102 from ljacqu/bakatrouble

Fix Django crypt (needs testing)
2025-02-03 13:31:28 +01:00 · 2016-02-14 23:22:36 +01:00 · 2016-02-14 23:22:36 +01:00 · 29cc69407c
commit 29cc69407c
parent f5b5595f08 0992997483
2 changed files with 22 additions and 3 deletions
--- a/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java
@ -1,5 +1,6 @@
 package fr.xephi.authme.security.crypts;

+import fr.xephi.authme.ConsoleLogger;
 import fr.xephi.authme.security.crypts.description.AsciiRestricted;
 import fr.xephi.authme.security.pbkdf2.PBKDF2Engine;
 import fr.xephi.authme.security.pbkdf2.PBKDF2Parameters;
@ -9,10 +10,12 @@ import javax.xml.bind.DatatypeConverter;
@AsciiRestricted
 public class CryptPBKDF2Django extends HexSaltedMethod {

+    private static final int DEFAULT_ITERATIONS = 24000;
+
    @Override
    public String computeHash(String password, String salt, String name) {
-        String result = "pbkdf2_sha256$15000$" + salt + "$";
-        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000);
+        String result = "pbkdf2_sha256$" + DEFAULT_ITERATIONS + "$" + salt + "$";
+        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), DEFAULT_ITERATIONS);
        PBKDF2Engine engine = new PBKDF2Engine(params);

        return result + String.valueOf(DatatypeConverter.printBase64Binary(engine.deriveKey(password, 32)));
@ -24,9 +27,17 @@ public class CryptPBKDF2Django extends HexSaltedMethod {
        if (line.length != 4) {
            return false;
        }
+        int iterations;
+        try {
+            iterations = Integer.parseInt(line[1]);
+        } catch (NumberFormatException e) {
+            ConsoleLogger.logException("Could not read number of rounds in '" + hashedPassword.getHash()
+                + " for CryptPBKDF2Django", e);
+            return false;
+        }
        String salt = line[2];
        byte[] derivedKey = DatatypeConverter.parseBase64Binary(line[3]);
-        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000, derivedKey);
+        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), iterations, derivedKey);
        PBKDF2Engine engine = new PBKDF2Engine(params);
        return engine.verifyKey(password);
    }
--- a/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2DjangoTest.java
+++ b/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2DjangoTest.java
@ -1,10 +1,18 @@
 package fr.xephi.authme.security.crypts;

+import fr.xephi.authme.ConsoleLoggerTestInitializer;
+import org.junit.BeforeClass;
+
 /**
 * Test for {@link CryptPBKDF2Django}.
 */
 public class CryptPBKDF2DjangoTest extends AbstractEncryptionMethodTest {

+    @BeforeClass
+    public static void setupLogger() {
+        ConsoleLoggerTestInitializer.setupLogger();
+    }
+
    public CryptPBKDF2DjangoTest() {
        super(new CryptPBKDF2Django(),
            "pbkdf2_sha256$15000$50a7ff2d7e00$t7Qx2CfzMhGEbyCa3Wk5nJvNjj3N+FdxhpwJDerl4Fs=",  // password