Move away from JNA argon2id hashing

Quackster · Sep 10, 2022 · f63e05d · f63e05d · emansom · Sep 10, 2022
1 parent 7342126
commit f63e05d
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 48 deletions.
diff --git a/Kepler-Server/build.gradle b/Kepler-Server/build.gradle
@@ -9,9 +9,6 @@ java {
 mainClassName = 'org.alexdev.kepler.Kepler'
 
 repositories {
-    flatDir {
-        dirs 'libs'
-    }
     maven { url 'https://jitpack.io' }
     mavenCentral()
 }
@@ -50,9 +47,14 @@ dependencies {
     // https://mvnrepository.com/artifact/com.google.code.gson/gson
     implementation group: 'com.google.code.gson', name: 'gson', version: '2.8.0'
 
+    // https://mvnrepository.com/artifact/org.springframework.security/spring-security-crypto
+    implementation group: 'org.springframework.security', name: 'spring-security-crypto', version: '5.7.3'
+
+    // https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on
+    implementation group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70'
+
     implementation 'com.github.bhlangonijr:chesslib:1.1.1'
-    implementation 'com.goterl:lazysodium-java:5.0.1'
-    implementation "net.java.dev.jna:jna:5.8.0"
+
 }
 
 // Create fat jar with libraries inside of it.

diff --git a/Kepler-Server/libs/bcrypt-0.9.0.jar b/Kepler-Server/libs/bcrypt-0.9.0.jar
diff --git a/Kepler-Server/libs/bcrypt-cli-0.9.0-full.jar b/Kepler-Server/libs/bcrypt-cli-0.9.0-full.jar
diff --git a/Kepler-Server/src/main/java/org/alexdev/kepler/Kepler.java b/Kepler-Server/src/main/java/org/alexdev/kepler/Kepler.java
@@ -1,7 +1,5 @@
 package org.alexdev.kepler;
 
-import com.goterl.lazysodium.LazySodiumJava;
-import com.goterl.lazysodium.SodiumJava;
 import io.netty.util.ResourceLeakDetector;
 import org.alexdev.kepler.dao.Storage;
 import org.alexdev.kepler.dao.mysql.SettingsDao;
@@ -36,9 +34,7 @@
 import org.alexdev.kepler.util.config.writer.GameConfigWriter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.net.UnknownHostException;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
 
 public class Kepler {
 
@@ -59,9 +55,6 @@ public class Kepler {
     private static MusServer musServer;
     private static RconServer rconServer;
     private static Logger log;
-
-    private static LazySodiumJava LIB_SODIUM;
-
     public static final String SERVER_VERSION = "v1.4";
 
     /**
@@ -92,7 +85,7 @@ public static void main(String[] args) {
             if (!Storage.connect()) {
                 return;
             }
-
+            
             log.info("Setting up game");
             //log.info(REGISTER.createPassword("lol"));
 
@@ -121,9 +114,6 @@ public static void main(String[] args) {
             // Update players online back to 0
             SettingsDao.updateSetting("players.online", "0");
 
-            log.info("Using Argon2 password hashing algorithm");
-            LIB_SODIUM  = new LazySodiumJava(new SodiumJava());
-
             setupMus();
             setupRcon();
             setupServer();
@@ -308,7 +298,13 @@ public static boolean isShuttingdown() {
         return isShutdown;
     }
 
-    public static LazySodiumJava getLibSodium() {
-        return LIB_SODIUM;
+    /**
+     * Get the Argon2 password encoder instance.
+     *
+     * @return
+     */
+    public static Argon2PasswordEncoder getPasswordEncoder() {
+        var encoder =new Argon2PasswordEncoder(16, 32, 1, 65536, 2);
+        return encoder;
     }
 }
diff --git a/Kepler-Server/src/main/java/org/alexdev/kepler/dao/mysql/PlayerDao.java b/Kepler-Server/src/main/java/org/alexdev/kepler/dao/mysql/PlayerDao.java
@@ -1,10 +1,10 @@
 package org.alexdev.kepler.dao.mysql;
 
-import com.goterl.lazysodium.interfaces.PwHash;
 import org.alexdev.kepler.Kepler;
 import org.alexdev.kepler.dao.Storage;
 import org.alexdev.kepler.game.player.Player;
 import org.alexdev.kepler.game.player.PlayerDetails;
+import org.alexdev.kepler.game.player.PlayerManager;
 import org.alexdev.kepler.util.DateUtil;
 
 import java.nio.charset.StandardCharsets;
@@ -199,17 +199,13 @@ public static boolean login(PlayerDetails player, String username, String passwo
             resultSet = preparedStatement.executeQuery();
 
             if (resultSet.next()) {
-                    byte[] hashedPassword = (resultSet.getString("password") + '\0').getBytes(StandardCharsets.UTF_8);
-                    byte[] pass = password.getBytes(StandardCharsets.UTF_8);
+                String databasePassword = resultSet.getString("password");
 
-                    PwHash.Native pwHash = (PwHash.Native) Kepler.getLibSodium();
-                    success = pwHash.cryptoPwHashStrVerify(hashedPassword, pass, pass.length);
-
-                    if (success) {
-                        fill(player, resultSet);
-                    }
+                if (PlayerManager.getInstance().passwordMatches(databasePassword, password)) {
+                    success = true;
+                    fill(player, resultSet);
+                }
             }
-
         } catch (Exception e) {
             Storage.logError(e);
         } finally {
@@ -238,8 +234,6 @@ public static boolean login(String username, String password) {
                 byte[] hashedPassword = (resultSet.getString("password") + '\0').getBytes(StandardCharsets.UTF_8);
                 byte[] pass = password.getBytes(StandardCharsets.UTF_8);
 
-                PwHash.Native pwHash = (PwHash.Native) Kepler.getLibSodium();
-                success = pwHash.cryptoPwHashStrVerify(hashedPassword, pass, pass.length);
             }
 
         } catch (Exception e) {

diff --git a/Kepler-Server/src/main/java/org/alexdev/kepler/game/player/PlayerManager.java b/Kepler-Server/src/main/java/org/alexdev/kepler/game/player/PlayerManager.java
@@ -1,6 +1,5 @@
 package org.alexdev.kepler.game.player;
 
-import com.goterl.lazysodium.interfaces.PwHash;
 import org.alexdev.kepler.Kepler;
 import org.alexdev.kepler.dao.mysql.PlayerDao;
 import org.alexdev.kepler.game.GameScheduler;
@@ -15,6 +14,7 @@
 import org.alexdev.kepler.messages.types.MessageComposer;
 import org.alexdev.kepler.util.DateUtil;
 import org.alexdev.kepler.util.config.ServerConfiguration;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
 
 import java.time.Duration;
 import java.time.LocalTime;
@@ -287,23 +287,14 @@ public Collection<Player> getActivePlayers() {
      * @return hashed password
      * @throws Exception
      */
-    public String createPassword(String password) throws Exception {
-        byte[] pw = password.getBytes();
-        byte[] outputHash = new byte[PwHash.STR_BYTES];
-        PwHash.Native pwHash = (PwHash.Native) Kepler.getLibSodium();
-        boolean success = pwHash.cryptoPwHashStr(
-                outputHash,
-                pw,
-                pw.length,
-                PwHash.OPSLIMIT_INTERACTIVE,
-                PwHash.MEMLIMIT_INTERACTIVE
-        );
-
-        if (!success) {
-            throw new Exception("Password creation was a failure!");
-        }
+    public String createPassword(String password)  {
+        return Kepler.getPasswordEncoder().encode(password);
+    }
 
-        return new String(outputHash).replace((char) 0 + "", "");
+    public boolean passwordMatches(String databasePassword, String enteredPassword) {
+        System.out.println("raw = " + enteredPassword);
+        System.out.println("db = " + databasePassword);
+        return Kepler.getPasswordEncoder().matches(enteredPassword, databasePassword);
     }
 
     /**