private void testHMAC() {
// from Wikipedia
assertEquals(
"b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad",
StringUtils.convertBytesToHex(SHA256.getHMAC(new byte[0], new byte[0])));
assertEquals(
"f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8",
StringUtils.convertBytesToHex(
SHA256.getHMAC(
"key".getBytes(), "The quick brown fox jumps over the lazy dog".getBytes())));
}
private void init() throws IOException {
if (xts != null) {
return;
}
this.size = base.size() - HEADER_LENGTH;
boolean newFile = size < 0;
byte[] salt;
if (newFile) {
byte[] header = Arrays.copyOf(HEADER, BLOCK_SIZE);
salt = MathUtils.secureRandomBytes(SALT_LENGTH);
System.arraycopy(salt, 0, header, SALT_POS, salt.length);
DataUtils.writeFully(base, 0, ByteBuffer.wrap(header));
size = 0;
} else {
salt = new byte[SALT_LENGTH];
DataUtils.readFully(base, SALT_POS, ByteBuffer.wrap(salt));
if ((size & BLOCK_SIZE_MASK) != 0) {
size -= BLOCK_SIZE;
}
}
AES cipher = new AES();
cipher.setKey(SHA256.getPBKDF2(encryptionKey, salt, HASH_ITERATIONS, 16));
encryptionKey = null;
xts = new XTS(cipher);
}
@Override
public int update() {
session.getUser().checkAdmin();
session.commit(true);
Database db = session.getDatabase();
if (db.findRole(userName) != null) {
throw DbException.get(ErrorCode.ROLE_ALREADY_EXISTS_1, userName);
}
if (db.findUser(userName) != null) {
if (ifNotExists) {
return 0;
}
throw DbException.get(ErrorCode.USER_ALREADY_EXISTS_1, userName);
}
int id = getObjectId();
User user = new User(db, id, userName, false);
user.setAdmin(admin);
user.setComment(comment);
if (hash != null && salt != null) {
user.setSaltAndHash(getByteArray(salt), getByteArray(hash));
} else if (password != null) {
char[] passwordChars = getCharArray(password);
byte[] userPasswordHash;
if (userName.length() == 0 && passwordChars.length == 0) {
userPasswordHash = new byte[0];
} else {
userPasswordHash = SHA256.getKeyPasswordHash(userName, passwordChars);
}
user.setUserPasswordHash(userPasswordHash);
} else {
throw DbException.throwInternalError();
}
db.addDatabaseObject(session, user);
return 0;
}
private String getHashString(byte[] data) {
byte[] result = SHA256.getHash(data, true);
if (data.length > 0) {
assertEquals(0, data[0]);
}
return StringUtils.convertBytesToHex(result);
}
private static void testConnectWithHash() throws SQLException {
Connection conn = DriverManager.getConnection("jdbc:h2:mem:test", "sa", "sa");
String pwd = StringUtils.convertBytesToHex(SHA256.getKeyPasswordHash("SA", "sa".toCharArray()));
Connection conn2 =
DriverManager.getConnection("jdbc:h2:mem:test;PASSWORD_HASH=TRUE", "sa", pwd);
conn.close();
conn2.close();
}
private static byte[] hashPassword(boolean passwordHash, String userName, char[] password) {
// 如果PASSWORD_HASH参数是true那么不再进行SHA256vn
if (passwordHash) {
return StringUtils.convertHexToBytes(new String(password));
}
if (userName.length() == 0 && password.length == 0) {
return new byte[0];
}
// 会生成32个字节,32*8刚好是256 bit,刚好对应SHA256的名字
return SHA256.getKeyPasswordHash(userName, password);
}
private void testPBKDF2() {
// test vectors from StackOverflow (PBKDF2-HMAC-SHA2)
assertEquals(
"120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b",
StringUtils.convertBytesToHex(
SHA256.getPBKDF2("password".getBytes(), "salt".getBytes(), 1, 32)));
assertEquals(
"ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43",
StringUtils.convertBytesToHex(
SHA256.getPBKDF2("password".getBytes(), "salt".getBytes(), 2, 32)));
assertEquals(
"c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a",
StringUtils.convertBytesToHex(
SHA256.getPBKDF2("password".getBytes(), "salt".getBytes(), 4096, 32)));
// take a very long time to calculate
// assertEquals(
// "cf81c66fe8cfc04d1f31ecb65dab4089f7f179e89b3b0bcb17ad10e3ac6eba46",
// StringUtils.convertBytesToHex(
// SHA256.getPBKDF2(
// "password".getBytes(),
// "salt".getBytes(), 16777216, 32)));
assertEquals(
"348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9",
StringUtils.convertBytesToHex(
SHA256.getPBKDF2(
("password" + "PASSWORD" + "password").getBytes(),
("salt" + "SALT" + "salt" + "SALT" + "salt" + "SALT" + "salt" + "SALT" + "salt")
.getBytes(),
4096,
40)));
assertEquals(
"89b69d0516f829893c696226650a8687",
StringUtils.convertBytesToHex(
SHA256.getPBKDF2("pass\0word".getBytes(), "sa\0lt".getBytes(), 4096, 16)));
// the password is filled with zeroes
byte[] password = "******".getBytes();
SHA256.getPBKDF2(password, "".getBytes(), 1, 16);
assertEquals(new byte[4], password);
}
private void checkSHA256(String message, String expected) {
String hash =
StringUtils.convertBytesToHex(SHA256.getHash(message.getBytes(), true)).toUpperCase();
assertEquals(expected, hash);
}