Implement ARGON2 hash (#1165)

* Implement ARGON2 hash

#1150

* Fix argon hash verify

* Add argon2 test

* #1150 Account for Argon2 managing salts internally
This commit is contained in:
Gabriele C 2017-04-14 18:03:27 +02:00 committed by GitHub
parent 5a93ed32f1
commit bf38782790
5 changed files with 71 additions and 2 deletions

View File

@ -1,5 +1,5 @@
<!-- AUTO-GENERATED FILE! Do not edit this directly --> <!-- AUTO-GENERATED FILE! Do not edit this directly -->
<!-- File auto-generated on Sat Mar 25 00:15:27 CET 2017. See docs/hashmethods/hash_algorithms.tpl.md --> <!-- File auto-generated on Fri Apr 14 01:40:05 CEST 2017. See docs/hashmethods/hash_algorithms.tpl.md -->
## Hash Algorithms ## Hash Algorithms
AuthMe supports the following hash algorithms for storing your passwords safely. AuthMe supports the following hash algorithms for storing your passwords safely.
@ -7,6 +7,7 @@ AuthMe supports the following hash algorithms for storing your passwords safely.
Algorithm | Recommendation | Hash length | ASCII | | Salt type | Length | Separate? Algorithm | Recommendation | Hash length | ASCII | | Salt type | Length | Separate?
--------- | -------------- | ----------- | ----- | --- | --------- | ------ | --------- --------- | -------------- | ----------- | ----- | --- | --------- | ------ | ---------
ARGON2 | Recommended | 96 | | | None | |
BCRYPT | Recommended | 60 | | | Text | | BCRYPT | Recommended | 60 | | | Text | |
BCRYPT2Y | Recommended | 60 | | | Text | 22 | BCRYPT2Y | Recommended | 60 | | | Text | 22 |
CRAZYCRYPT1 | Do not use | 128 | | | Username | | CRAZYCRYPT1 | Do not use | 128 | | | Username | |
@ -82,4 +83,4 @@ or bad.
--- ---
This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Sat Mar 25 00:15:27 CET 2017 This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Fri Apr 14 01:40:05 CEST 2017

15
pom.xml
View File

@ -264,6 +264,10 @@
<pattern>de.rtner</pattern> <pattern>de.rtner</pattern>
<shadedPattern>fr.xephi.authme.libs.de.rtner</shadedPattern> <shadedPattern>fr.xephi.authme.libs.de.rtner</shadedPattern>
</relocation> </relocation>
<relocation>
<pattern>de.mkammerer</pattern>
<shadedPattern>fr.xephi.authme.libs.de.mkammerer</shadedPattern>
</relocation>
<relocation> <relocation>
<pattern>javax.inject</pattern> <pattern>javax.inject</pattern>
<shadedPattern>fr.xephi.authme.libs.javax.inject</shadedPattern> <shadedPattern>fr.xephi.authme.libs.javax.inject</shadedPattern>
@ -319,6 +323,10 @@
<pattern>de.rtner</pattern> <pattern>de.rtner</pattern>
<shadedPattern>fr.xephi.authme.libs.de.rtner</shadedPattern> <shadedPattern>fr.xephi.authme.libs.de.rtner</shadedPattern>
</relocation> </relocation>
<relocation>
<pattern>de.mkammerer</pattern>
<shadedPattern>fr.xephi.authme.libs.de.mkammerer</shadedPattern>
</relocation>
<relocation> <relocation>
<pattern>javax.inject</pattern> <pattern>javax.inject</pattern>
<shadedPattern>fr.xephi.authme.libs.javax.inject</shadedPattern> <shadedPattern>fr.xephi.authme.libs.javax.inject</shadedPattern>
@ -537,6 +545,13 @@
<version>1.1.2</version> <version>1.1.2</version>
</dependency> </dependency>
<!-- Argon2 implementation -->
<dependency>
<groupId>de.mkammerer</groupId>
<artifactId>argon2-jvm</artifactId>
<version>2.2</version>
</dependency>
<!-- Spigot API, http://www.spigotmc.org/ or http://bukkit.org/ --> <!-- Spigot API, http://www.spigotmc.org/ or http://bukkit.org/ -->
<!-- Moved in profiles! --> <!-- Moved in profiles! -->

View File

@ -7,6 +7,7 @@ import fr.xephi.authme.security.crypts.EncryptionMethod;
*/ */
public enum HashAlgorithm { public enum HashAlgorithm {
ARGON2(fr.xephi.authme.security.crypts.Argon2.class),
BCRYPT(fr.xephi.authme.security.crypts.BCrypt.class), BCRYPT(fr.xephi.authme.security.crypts.BCrypt.class),
BCRYPT2Y(fr.xephi.authme.security.crypts.BCrypt2y.class), BCRYPT2Y(fr.xephi.authme.security.crypts.BCrypt2y.class),
CRAZYCRYPT1(fr.xephi.authme.security.crypts.CrazyCrypt1.class), CRAZYCRYPT1(fr.xephi.authme.security.crypts.CrazyCrypt1.class),

View File

@ -0,0 +1,31 @@
package fr.xephi.authme.security.crypts;
import de.mkammerer.argon2.Argon2Constants;
import de.mkammerer.argon2.Argon2Factory;
import fr.xephi.authme.security.crypts.description.HasSalt;
import fr.xephi.authme.security.crypts.description.Recommendation;
import fr.xephi.authme.security.crypts.description.SaltType;
import fr.xephi.authme.security.crypts.description.Usage;
@Recommendation(Usage.RECOMMENDED)
@HasSalt(value = SaltType.TEXT, length = Argon2Constants.DEFAULT_SALT_LENGTH)
// Note: Argon2 is actually a salted algorithm but salt generation is handled internally
// and isn't exposed to the outside, so we treat it as an unsalted implementation
public class Argon2 extends UnsaltedMethod {
private de.mkammerer.argon2.Argon2 argon2;
public Argon2() {
argon2 = Argon2Factory.create();
}
@Override
public String computeHash(String password) {
return argon2.hash(2, 65536, 1, password);
}
@Override
public boolean comparePassword(String password, HashedPassword hashedPassword, String name) {
return argon2.verify(hashedPassword.getHash(), password);
}
}

View File

@ -0,0 +1,21 @@
package fr.xephi.authme.security.crypts;
/**
* Test for {@link Argon2}.
*/
public class Argon2Test extends AbstractEncryptionMethodTest {
public Argon2Test() {
super(new Argon2(),
"$argon2i$v=19$m=65536,t=2,p=1$dOP8NiXsPTcMgzI4Z8Rbew$ShdowtoTEWTL5UTFz1UgQOigb9JOlm4ZxWPA6WbIeUw", // password
"$argon2i$v=19$m=65536,t=2,p=1$amZHbPfgc5peKd/4w1AI1g$Q2PUiOVw47TACijP57U0xf7QfiZ00HV4eFzMDA6yKRE", // PassWord1
"$argon2i$v=19$m=65536,t=2,p=1$58v7dWNn9/bpD00QLzSebw$7cMC7p0qceE3Mgf2yQp4X7c+UkO9oyJwQ7S6XTBubNs", // &^%te$t?Pw@_
"$argon2i$v=19$m=65536,t=2,p=1$93OSU71DgBOzpmhti7+6rQ$sSSI6QQQdoG9DlGwLjYz576kTek89nwr9CyNpy6bsL0"); // âË_3(íù*
}
@Override
protected boolean testHashEqualityForSameSalt() {
// Argon2 has a salt but it is handled internally
return false;
}
}