ARTEMIS-3899 improve salt calculation

Update the salt calculation to more closely align with the
"Randomness Recommendations for Security" at
https://www.ietf.org/rfc/rfc1750.txt.

This was inadvertently changed in
5965a45894.
This commit is contained in:
Justin Bertram 2022-07-20 15:15:37 -05:00
parent a2262612ca
commit a49066e6b7
No known key found for this signature in database
GPG Key ID: F41830B875BB8633
1 changed files with 10 additions and 4 deletions

View File

@ -23,6 +23,7 @@ import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
@ -111,7 +112,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
return algorithm.verify(inputValue, storedValue); return algorithm.verify(inputValue, storedValue);
} }
private abstract class CodecAlgorithm { private abstract static class CodecAlgorithm {
protected Map<String, String> params; protected Map<String, String> params;
@ -202,7 +203,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
} }
} }
private class PBKDF2Algorithm extends CodecAlgorithm { private static class PBKDF2Algorithm extends CodecAlgorithm {
private static final String SEPARATOR = ":"; private static final String SEPARATOR = ":";
private String sceretKeyAlgorithm = "PBKDF2WithHmacSHA1"; private String sceretKeyAlgorithm = "PBKDF2WithHmacSHA1";
private String randomScheme = "SHA1PRNG"; private String randomScheme = "SHA1PRNG";
@ -210,10 +211,14 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
private int saltLength = 32; private int saltLength = 32;
private int iterations = 1024; private int iterations = 1024;
private SecretKeyFactory skf; private SecretKeyFactory skf;
private static SecureRandom sr;
PBKDF2Algorithm(Map<String, String> params) throws NoSuchAlgorithmException { PBKDF2Algorithm(Map<String, String> params) throws NoSuchAlgorithmException {
super(params); super(params);
skf = SecretKeyFactory.getInstance(sceretKeyAlgorithm); skf = SecretKeyFactory.getInstance(sceretKeyAlgorithm);
if (sr == null) {
sr = SecureRandom.getInstance(randomScheme);
}
} }
@Override @Override
@ -221,8 +226,9 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
throw new IllegalArgumentException("Algorithm doesn't support decoding"); throw new IllegalArgumentException("Algorithm doesn't support decoding");
} }
public byte[] getSalt() throws NoSuchAlgorithmException { public byte[] getSalt() {
byte[] salt = RandomUtil.randomBytes(this.saltLength); byte[] salt = new byte[this.saltLength];
sr.nextBytes(salt);
return salt; return salt;
} }