Skip to content

Commit

Permalink
Improve Upgrading
Browse files Browse the repository at this point in the history
  • Loading branch information
jzheaux authored and rwinch committed May 16, 2022
1 parent c6461d6 commit 0bd7daf
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 13 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -526,35 +526,47 @@ static long roundsForLogRounds(int log_rounds) {
* @param safety bit 16 is set when the safety measure is requested
* @return an array containing the binary hashed password
*/
private byte[] crypt_raw(byte password[], byte salt[], int log_rounds, boolean sign_ext_bug, int safety) {
int rounds, i, j;
private byte[] crypt_raw(byte password[], byte salt[], int log_rounds, boolean sign_ext_bug, int safety,
boolean for_check) {
int cdata[] = bf_crypt_ciphertext.clone();
int clen = cdata.length;
byte ret[];

long rounds;
if (log_rounds < 4 || log_rounds > 31) {
throw new IllegalArgumentException("Bad number of rounds");
if (!for_check) {
throw new IllegalArgumentException("Bad number of rounds");
}
if (log_rounds != 0) {
throw new IllegalArgumentException("Bad number of rounds");
}
rounds = 0;
}
else {
rounds = roundsForLogRounds(log_rounds);
if (rounds < 16 || rounds > Integer.MAX_VALUE) {
throw new IllegalArgumentException("Bad number of rounds");
}
}
rounds = 1 << log_rounds;

if (salt.length != BCRYPT_SALT_LEN) {
throw new IllegalArgumentException("Bad salt length");
}

init_key();
ekskey(salt, password, sign_ext_bug, safety);
for (i = 0; i < rounds; i++) {
for (int i = 0; i < rounds; i++) {
key(password, sign_ext_bug, safety);
key(salt, false, safety);
}

for (i = 0; i < 64; i++) {
for (j = 0; j < (clen >> 1); j++) {
for (int i = 0; i < 64; i++) {
for (int j = 0; j < (clen >> 1); j++) {
encipher(cdata, j << 1);
}
}

ret = new byte[clen * 4];
for (i = 0, j = 0; i < clen; i++) {
byte[] ret = new byte[clen * 4];
for (int i = 0, j = 0; i < clen; i++) {
ret[j++] = (byte) ((cdata[i] >> 24) & 0xff);
ret[j++] = (byte) ((cdata[i] >> 16) & 0xff);
ret[j++] = (byte) ((cdata[i] >> 8) & 0xff);
Expand All @@ -563,6 +575,10 @@ private byte[] crypt_raw(byte password[], byte salt[], int log_rounds, boolean s
return ret;
}

private static String hashpwforcheck(byte[] passwordb, String salt) {
return hashpw(passwordb, salt, true);
}

/**
* Hash a password using the OpenBSD bcrypt scheme
* @param password the password to hash
Expand All @@ -584,6 +600,10 @@ public static String hashpw(String password, String salt) {
* @return the hashed password
*/
public static String hashpw(byte passwordb[], String salt) {
return hashpw(passwordb, salt, false);
}

private static String hashpw(byte passwordb[], String salt, boolean for_check) {
BCrypt B;
String real_salt;
byte saltb[], hashed[];
Expand Down Expand Up @@ -633,7 +653,7 @@ public static String hashpw(byte passwordb[], String salt) {
}

B = new BCrypt();
hashed = B.crypt_raw(passwordb, saltb, rounds, minor == 'x', minor == 'a' ? 0x10000 : 0);
hashed = B.crypt_raw(passwordb, saltb, rounds, minor == 'x', minor == 'a' ? 0x10000 : 0, for_check);

rs.append("$2");
if (minor >= 'a') {
Expand Down Expand Up @@ -740,7 +760,8 @@ public static String gensalt() {
* @return true if the passwords match, false otherwise
*/
public static boolean checkpw(String plaintext, String hashed) {
return equalsNoEarlyReturn(hashed, hashpw(plaintext, hashed));
byte[] passwordb = plaintext.getBytes(StandardCharsets.UTF_8);
return equalsNoEarlyReturn(hashed, hashpwforcheck(passwordb, hashed));
}

/**
Expand All @@ -751,7 +772,7 @@ public static boolean checkpw(String plaintext, String hashed) {
* @since 5.3
*/
public static boolean checkpw(byte[] passwordb, String hashed) {
return equalsNoEarlyReturn(hashed, hashpw(passwordb, hashed));
return equalsNoEarlyReturn(hashed, hashpwforcheck(passwordb, hashed));
}

static boolean equalsNoEarlyReturn(String a, String b) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -208,4 +208,18 @@ public void matchNullRawPassword() {
assertThatIllegalArgumentException().isThrownBy(() -> encoder.matches(null, "does-not-matter"));
}

@Test
public void upgradeWhenNoRoundsThenTrue() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
assertThat(encoder.upgradeEncoding("$2a$00$9N8N35BVs5TLqGL3pspAte5OWWA2a2aZIs.EGp7At7txYakFERMue")).isTrue();
}

@Test
public void checkWhenNoRoundsThenTrue() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
assertThat(encoder.matches("password", "$2a$00$9N8N35BVs5TLqGL3pspAte5OWWA2a2aZIs.EGp7At7txYakFERMue"))
.isTrue();
assertThat(encoder.matches("wrong", "$2a$00$9N8N35BVs5TLqGL3pspAte5OWWA2a2aZIs.EGp7At7txYakFERMue")).isFalse();
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -456,4 +456,11 @@ public void equalsOnStringsIsCorrect() {
assertThat(BCrypt.equalsNoEarlyReturn("test", "pass")).isFalse();
}

@Test
public void checkpwWhenZeroRoundsThenMatches() {
String password = "$2a$00$9N8N35BVs5TLqGL3pspAte5OWWA2a2aZIs.EGp7At7txYakFERMue";
assertThat(BCrypt.checkpw("password", password)).isTrue();
assertThat(BCrypt.checkpw("wrong", password)).isFalse();
}

}

0 comments on commit 0bd7daf

Please sign in to comment.