jenkinsci · jtnord · Oct 5, 2023 · Jul 27, 2023 · Aug 4, 2023 · Aug 4, 2023
diff --git a/core/src/main/java/hudson/Util.java b/core/src/main/java/hudson/Util.java
@@ -1952,4 +1952,17 @@ public static String getHexOfSHA256DigestOf(byte[] input) throws IOException {
         byte[] payloadDigest = Util.getSHA256DigestOf(input);
         return (payloadDigest != null) ? Util.toHexString(payloadDigest) : null;
     }
+
+    /**
+     * Setting this flag to true enables FIPS mode
+     */
+    @SuppressFBWarnings(value = "MS_SHOULD_BE_FINAL")
+    @Restricted(NoExternalUse.class)
+    public static boolean FIPS_MODE = SystemProperties.getBoolean(Util.class.getName() + ".FIPS_MODE");
+
+    public static boolean isFipsMode() {
+        LOGGER.info("FIPS mode : " + FIPS_MODE);
+        return FIPS_MODE;
+    }
+
 }
diff --git a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
@@ -24,6 +24,7 @@
 
 package hudson.security;
 
+import static java.util.logging.Level.WARNING;
 import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
 
 import com.thoughtworks.xstream.converters.UnmarshallingContext;
@@ -48,8 +49,12 @@
 import hudson.util.XStream2;
 import java.io.IOException;
 import java.lang.reflect.Constructor;
+import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -60,6 +65,8 @@
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -885,9 +892,9 @@ public Category getCategory() {
 
     // TODO can we instead use BCryptPasswordEncoder from Spring Security, which has its own copy of BCrypt so we could drop the special library?
     /**
-     * {@link PasswordEncoder} that uses jBCrypt.
+     * {@link PasswordHashEncoder} that uses jBCrypt.
      */
-    private static class JBCryptEncoder implements PasswordEncoder {
+     static class JBCryptEncoder implements PasswordHashEncoder {
         // in jBCrypt the maximum is 30, which takes ~22h with laptop late-2017
         // and for 18, it's "only" 20s
         @SuppressFBWarnings(value = "MS_SHOULD_BE_FINAL", justification = "Accessible via System Groovy Scripts")
@@ -911,6 +918,7 @@ public boolean matches(CharSequence rawPassword, String encodedPassword) {
          * implementation defined in jBCrypt and <a href="https://en.wikipedia.org/wiki/Bcrypt">the Wikipedia page</a>.
          *
          */
+        @Override
         public boolean isHashValid(String hash) {
             Matcher matcher = BCRYPT_PATTERN.matcher(hash);
             if (matcher.matches()) {
@@ -925,49 +933,172 @@ public boolean isHashValid(String hash) {
         }
     }
 
-    /* package */ static final JBCryptEncoder JBCRYPT_ENCODER = new JBCryptEncoder();
+     static class PBKDF2PasswordEncoder implements PasswordHashEncoder {
+
+        public static final int HASH_LENGTH = 8;
+        public static final int ZERO = 0;
+        public static final int HEX_TWO = 2;
+        public static final int RADIX_LENGTH = 16;
+        public static final String STRING_SEPARATION = ":";
+        public static final int KEY_LENGTH = 512;
+        public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA512";
+
+        @SuppressFBWarnings(value = "MS_SHOULD_BE_FINAL", justification = "Accessible via System Groovy Scripts")
+        @Restricted(NoExternalUse.class)
+        private static int MAXIMUM_PBKDF2_LOG_ROUND = SystemProperties.getInteger(HudsonPrivateSecurityRealm.class.getName() + ".maximumPBKDF2LogRound", 1000);
+
+        private static final Pattern PBKDF2_PATTERN = Pattern.compile("^\\$PBKDF2\\$HMACSHA512\\:([0-9]{4})\\:[a-zA-Z0-9=]+\\$[a-zA-Z0-9=]+");
+
+        @Override
+        public String encode(CharSequence rawPassword) {
+            return generatePasswordHashWithPBKDF2(rawPassword);
+        }
+
+        @Override
+        public boolean matches(CharSequence rawPassword, String encodedPassword) {
+                return validatePassword(rawPassword.toString(), encodedPassword);
+        }
+
+        private static String generatePasswordHashWithPBKDF2(CharSequence password)  {
+            byte[] salt = generateSalt();
+            PBEKeySpec spec = new PBEKeySpec(password.toString().toCharArray(), salt, 1000, KEY_LENGTH);
+            byte[] hash = generateSecretKey(spec);
+            return PBKDF2 + "$HMACSHA512:" + 1000 + STRING_SEPARATION + toHex(salt) + "$" + toHex(hash);
+        }
+
+        private static byte[] generateSecretKey(PBEKeySpec spec)  {
+            SecretKeyFactory secretKeyFactory = null;
+            byte[] hash = new byte[0];
+            try {
+                secretKeyFactory = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
+                hash = secretKeyFactory.generateSecret(spec).getEncoded();
+            } catch (NoSuchAlgorithmException e) {
+                LOGGER.log(WARNING, "No such algorithm found for encode",  e);
+            } catch (InvalidKeySpecException e) {
+                LOGGER.log(WARNING, "Invalid key spec exception",  e);
+            }
+            return hash;
+        }
+
+        private static String toHex(byte[] secretKey)  {
+
+            BigInteger bi = new BigInteger(1, secretKey);
+            String saltHashValue = bi.toString(RADIX_LENGTH);
+
+            int paddingLength = (secretKey.length * HEX_TWO) - saltHashValue.length();
+            if (paddingLength > ZERO) {
+                return String.format("%0" + paddingLength + "d", ZERO) + saltHashValue;
+            } else {
+                return saltHashValue;
+            }
+        }
+
+        @SuppressFBWarnings(value = {"DMI_RANDOM_USED_ONLY_ONCE", "PREDICTABLE_RANDOM"}, justification = "https://github.com/spotbugs/spotbugs/issues/1539 and doesn't need to be secure, we're just not hardcoding a 'wrong' password")
+        private static byte[] generateSalt() {
+            SecureRandom random = new SecureRandom();
+            byte[] salt = new byte[16];
+            random.nextBytes(salt);
+            return salt;
+        }
+
+        @Override
+        public boolean isHashValid(String hash)    {
+            Matcher matcher = PBKDF2_PATTERN.matcher(hash);
+            if (matcher.matches()) {
+                String logNumOfRound = matcher.group(1);
+                // no number format exception due to the expression
+                int logNumOfRoundInt = Integer.parseInt(logNumOfRound);
+                if (logNumOfRoundInt > 0 && logNumOfRoundInt <= MAXIMUM_PBKDF2_LOG_ROUND) {
+                    return true;
+                }
+            }
+            return false;
+        }
+
+        private static boolean validatePassword(String originalPassword, String storedPassword) {
+            String[] parts = storedPassword.split("[:$]");
+            int iterations = Integer.parseInt(parts[3]);
+
+            byte[] salt = fromHex(parts[4]);
+            byte[] hash = fromHex(parts[5]);
+
+            PBEKeySpec spec = new PBEKeySpec(originalPassword.toCharArray(),
+                    salt, iterations, hash.length * HASH_LENGTH);
+
+            byte[] generatedHashValue = generateSecretKey(spec);
+
+            int diff = hash.length ^ generatedHashValue.length;
+            for (int i = ZERO; i < hash.length && i < generatedHashValue.length; i++)
+            {
+                diff |= hash[i] ^ generatedHashValue[i];
+            }
+            return diff == 0;
+        }
+
+        private static byte[] fromHex(String storedPassword)  {
+            byte[] bytes = new byte[storedPassword.length() / HEX_TWO];
+            for (int i = ZERO; i < bytes.length; i++)
+            {
+                bytes[i] = (byte) Integer.parseInt(storedPassword.substring(HEX_TWO * i, HEX_TWO * i + HEX_TWO), RADIX_LENGTH);
+            }
+            return bytes;
+        }
+
+    }
+
+    /* package */ static final PasswordHashEncoder PASSWORD_HASH_ENCODER =  Util.isFipsMode() ? new PBKDF2PasswordEncoder() : new JBCryptEncoder();
+
+
+    public static final String PBKDF2 = "$PBKDF2";
+    public static final String JBCRYPT = "#jbcrypt:";
+
+    /**
+     * Magic header used to detect if a password is hashed.
+     */
+
+    public static String getPasswordHeader() {
+        return Util.isFipsMode() ? PBKDF2 : JBCRYPT;
+    }
+
 
     // TODO check if DelegatingPasswordEncoder can be used
     /**
-     * Wraps {@link #JBCRYPT_ENCODER}.
+     * Wraps {@link #PASSWORD_HASH_ENCODER}.
      * There used to be a SHA-256-based encoder but this is long deprecated, and insecure anyway.
      */
     /* package */ static class MultiPasswordEncoder implements PasswordEncoder {
-        /**
-         * Magic header used to detect if a password is bcrypt hashed.
-         */
-        private static final String JBCRYPT_HEADER = "#jbcrypt:";
 
         /*
             CLASSIC encoder outputs "salt:hash" where salt is [a-z]+, so we use unique prefix '#jbcyrpt"
-            to designate JBCRYPT-format hash.
+            to designate JBCRYPT-format hash and $PBKDF2 to designate PBKDF2 format hash.
 
             '#' is neither in base64 nor hex, which makes it a good choice.
          */
+
         @Override
         public String encode(CharSequence rawPassword) {
-            return JBCRYPT_HEADER + JBCRYPT_ENCODER.encode(rawPassword);
+            return getPasswordHeader() + PASSWORD_HASH_ENCODER.encode(rawPassword);
         }
 
         @Override
         public boolean matches(CharSequence rawPassword, String encPass) {
             if (isPasswordHashed(encPass)) {
-                return JBCRYPT_ENCODER.matches(rawPassword, encPass.substring(JBCRYPT_HEADER.length()));
+                return PASSWORD_HASH_ENCODER.matches(rawPassword, encPass.substring(getPasswordHeader().length()));
             } else {
                 return false;
             }
         }
 
         /**
-         * Returns true if the supplied password starts with a prefix indicating it is already hashed.
+         * Returns true if the supplied password starts with a prefix indicating i
+         * t is already hashed.
          */
         public boolean isPasswordHashed(String password) {
             if (password == null) {
                 return false;
             }
-            return password.startsWith(JBCRYPT_HEADER) && JBCRYPT_ENCODER.isHashValid(password.substring(JBCRYPT_HEADER.length()));
+                return password.startsWith(getPasswordHeader()) && PASSWORD_HASH_ENCODER.isHashValid(password.substring(getPasswordHeader().length()));
         }
-
     }
 
     public static final MultiPasswordEncoder PASSWORD_ENCODER = new MultiPasswordEncoder();
@@ -1032,5 +1163,6 @@ public void destroy() {
         }
     };
 
-    private static final Logger LOGGER = Logger.getLogger(HudsonPrivateSecurityRealm.class.getName());
+     static final Logger LOGGER = Logger.getLogger(HudsonPrivateSecurityRealm.class.getName());
+
 }
diff --git a/core/src/main/java/hudson/security/PasswordHashEncoder.java b/core/src/main/java/hudson/security/PasswordHashEncoder.java
@@ -0,0 +1,7 @@
+package hudson.security;
+
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+public interface PasswordHashEncoder extends PasswordEncoder {
+     boolean isHashValid(String hash);
+}