org.apache.nifi.security.util.crypto.scrypt

Class Scrypt

java.lang.Object

org.apache.nifi.security.util.crypto.scrypt.Scrypt

public class Scrypt
extends Object

Copyright (C) 2011 - Will Glozer. All rights reserved.

Taken from Will Glozer's port of Colin Percival's C implementation. Glozer's project located at https://github.com/wg/scrypt was released under the ASF 2.0 license and has not been updated since May 25, 2013 and there are outstanding issues which have been patched in this version.

An implementation of the scrypt key derivation function.

Allows for hashing passwords using the scrypt key derivation function and comparing a plain text password to a hashed one.

Field Summary

Fields

Modifier and Type	Field and Description
private static int	DEFAULT_SALT_LENGTH
private static org.slf4j.Logger	logger
private static Pattern	SCRYPT_PATTERN

Constructor Summary

Constructors

Constructor and Description
Scrypt()

Method Summary

Modifier and Type	Method and Description
private static void	blockmix_salsa8(byte[] by, int bi, int yi, int r)
private static void	blockxor(byte[] s, int si, byte[] d, int di, int len)
static int	calculateExpectedMemory(int n, int r, int p) Returns the expected memory cost of the provided parameters in bytes.
static boolean	check(String password, String hashed) Compare the supplied plaintext password to a hashed password.
protected static byte[]	deriveScryptKey(byte[] password, byte[] salt, int n, int r, int p, int dkLen) Implementation of the scrypt KDF.
private static String	encodeParams(int n, int r, int p)
private static String	formatHash(byte[] salt, int n, int r, int p, byte[] derived)
static String	formatSalt(byte[] salt, int n, int r, int p)
static int	getDefaultSaltLength()
private static int	integerify(byte[] b, int bi, int r)
private static int	log2(int n)
static List<Integer>	parseParameters(String encodedParams) Parses the individual values from the encoded params value in the modified-mcrypt format for the salt & hash.
private static void	pbkdf2(Mac mac, byte[] s, int c, byte[] dk, int dkLen) Implementation of PBKDF2 (RFC2898).
private static byte[]	pbkdf2(String alg, byte[] p, byte[] s, int c, int dkLen) Implementation of PBKDF2 (RFC2898).
private static int	r(int a, int b)
private static void	salsa20_8(byte[] b)
static byte[]	scrypt(byte[] input, byte[] salt, int n, int r, int p, int dkLen) Hash the supplied input and generate raw unencoded output.
static String	scrypt(String password, byte[] salt, int n, int r, int p, int dkLen) Hash the supplied plaintext password and generate output in the format described in scrypt(String, int, int, int, int).
static String	scrypt(String password, int n, int r, int p, int dkLen) Hash the supplied plaintext password and generate output in the format described below: The hashed output is an extended implementation of the Modular Crypt Format that also includes the scrypt algorithm parameters.
private static void	smix(byte[] b, int bi, int r, int n, byte[] v, byte[] xy)
static boolean	verifyHashFormat(String hash) Returns true if the provided hash is a valid scrypt hash.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

DEFAULT_SALT_LENGTH

private static final int DEFAULT_SALT_LENGTH

See Also:

Constant Field Values

SCRYPT_PATTERN

private static final Pattern SCRYPT_PATTERN

Constructor Detail

Scrypt

public Scrypt()

Method Detail

scrypt

public static String scrypt(String password,
                            int n,
                            int r,
                            int p,
                            int dkLen)

Hash the supplied plaintext password and generate output in the format described below:

The hashed output is an extended implementation of the Modular Crypt Format that also includes the scrypt algorithm parameters.

Format: $s0$PARAMS$SALT$KEY.

PARAMS

32-bit hex integer containing log2(N) (16 bits), r (8 bits), and p (8 bits)

SALT

base64-encoded salt

KEY

base64-encoded derived key

s0 identifies version 0 of the scrypt format, using a 128-bit salt and 256-bit derived key.

This method generates a 16 byte random salt internally.

Parameters:

password - password

n - CPU cost parameter

r - memory cost parameter

p - parallelization parameter

dkLen - the desired key length in bits

Returns:

the hashed password

scrypt

public static String scrypt(String password,
                            byte[] salt,
                            int n,
                            int r,
                            int p,
                            int dkLen)

Hash the supplied plaintext password and generate output in the format described in scrypt(String, int, int, int, int).

Parameters:

password - password

salt - the raw salt (16 bytes)

n - CPU cost parameter

r - memory cost parameter

p - parallelization parameter

dkLen - the desired key length in bits

Returns:

the hashed password

scrypt

public static byte[] scrypt(byte[] input,
                            byte[] salt,
                            int n,
                            int r,
                            int p,
                            int dkLen)

Hash the supplied input and generate raw unencoded output.

Parameters:

input - input in bytes

salt - the raw salt (16 bytes)

n - CPU cost parameter

r - memory cost parameter

p - parallelization parameter

dkLen - the desired key length in bits

Returns:

the hashed password

formatSalt

public static String formatSalt(byte[] salt,
                                int n,
                                int r,
                                int p)

encodeParams

private static String encodeParams(int n,
                                   int r,
                                   int p)

formatHash

private static String formatHash(byte[] salt,
                                 int n,
                                 int r,
                                 int p,
                                 byte[] derived)

calculateExpectedMemory

public static int calculateExpectedMemory(int n,
                                          int r,
                                          int p)

Returns the expected memory cost of the provided parameters in bytes.

Parameters:

n - the N value, iterations >= 2

r - the r value, block size >= 1

p - the p value, parallelization factor >= 1

Returns:

the memory cost in bytes

check

public static boolean check(String password,
                            String hashed)

Compare the supplied plaintext password to a hashed password.

Parameters:

password - plaintext password

hashed - scrypt hashed password

Returns:

true if password matches hashed value

verifyHashFormat

public static boolean verifyHashFormat(String hash)

Returns true if the provided hash is a valid scrypt hash. Expected format:

$s0$40801$ABCDEFGHIJKLMNOPQRSTUQ$hxU5g0eH6sRkBqcsiApI8jxvKRT+2QMCenV0GToiMQ8

Components:

s0 -- version. Currently only "s0" is supported 40801 -- hex-encoded N, r, p parameters. Scrypt#encodeParams() for format ABCDEFGHIJKLMNOPQRSTUQ -- Base64-encoded (URL-safe, no padding) salt value. By default, 22 characters (16 bytes) but can be an arbitrary length between 11 and 64 characters (8 - 48 bytes) of random salt data hxU5g0eH6sRkBqcsiApI8jxvKRT+2QMCenV0GToiMQ8 -- the Base64-encoded (URL-safe, no padding) resulting hash component. By default, 43 characters (32 bytes) but can be an arbitrary length between 1 and MAX (depends on implementation, see RFC 7914)

Parameters:

hash - the hash to verify

Returns:

true if the format is acceptable

See Also:

formatSalt(byte[], int, int, int)

parseParameters

public static List<Integer> parseParameters(String encodedParams)

Parses the individual values from the encoded params value in the modified-mcrypt format for the salt & hash.

Example:

Hash: $s0$e0801$epIxT/h6HbbwHaehFnh/bw$7H0vsXlY8UxxyW/BWx/9GuY7jEvGjT71GFd6O4SZND0 Params: e0801

N = 16384 r = 8 p = 1

Parameters:

encodedParams - the String representation of the second section of the mcrypt format hash

Returns:

a list containing N, r, p

log2

private static int log2(int n)

deriveScryptKey

protected static byte[] deriveScryptKey(byte[] password,
                                        byte[] salt,
                                        int n,
                                        int r,
                                        int p,
                                        int dkLen)
                                 throws GeneralSecurityException

Implementation of the scrypt KDF.

Parameters:

password - password

salt - salt

n - CPU cost parameter

r - memory cost parameter

p - parallelization parameter

dkLen - intended length of the derived key in bits

Returns:

the derived key

Throws:

GeneralSecurityException - when HMAC_SHA256 is not available

pbkdf2

private static byte[] pbkdf2(String alg,
                             byte[] p,
                             byte[] s,
                             int c,
                             int dkLen)
                      throws GeneralSecurityException

Implementation of PBKDF2 (RFC2898).

Parameters:

alg - the HMAC algorithm to use

p - the password

s - the salt

c - the iteration count

dkLen - the intended length, in octets, of the derived key

Returns:

The derived key

Throws:

GeneralSecurityException

pbkdf2

private static void pbkdf2(Mac mac,
                           byte[] s,
                           int c,
                           byte[] dk,
                           int dkLen)
                    throws GeneralSecurityException

Implementation of PBKDF2 (RFC2898).

Parameters:

mac - the pre-initialized Mac instance to use

s - the salt

c - the iteration count

dk - the byte array that derived key will be placed in

dkLen - the intended length, in octets, of the derived key

Throws:

GeneralSecurityException - if the key length is too long

smix

private static void smix(byte[] b,
                         int bi,
                         int r,
                         int n,
                         byte[] v,
                         byte[] xy)

blockmix_salsa8

private static void blockmix_salsa8(byte[] by,
                                    int bi,
                                    int yi,
                                    int r)

r

private static int r(int a,
                     int b)

salsa20_8

private static void salsa20_8(byte[] b)

blockxor

private static void blockxor(byte[] s,
                             int si,
                             byte[] d,
                             int di,
                             int len)

integerify

private static int integerify(byte[] b,
                              int bi,
                              int r)

getDefaultSaltLength

public static int getDefaultSaltLength()