Add UAUTH_UNSAFE Crypto provider

bivashy · Jun 1, 2023 · cbe0f12 · cbe0f12
1 parent 95d477b
commit cbe0f12
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 1 deletion.
diff --git a/core/src/main/java/me/mastercapexd/auth/BaseAuthPlugin.java b/core/src/main/java/me/mastercapexd/auth/BaseAuthPlugin.java
@@ -58,6 +58,7 @@
 import me.mastercapexd.auth.crypto.MessageDigestCryptoProvider;
 import me.mastercapexd.auth.crypto.ScryptCryptoProvider;
 import me.mastercapexd.auth.crypto.authme.AuthMeSha256CryptoProvider;
+import me.mastercapexd.auth.crypto.belkaauth.UAuthCryptoProvider;
 import me.mastercapexd.auth.database.AuthAccountDatabaseProxy;
 import me.mastercapexd.auth.database.DatabaseHelper;
 import me.mastercapexd.auth.hooks.BaseTelegramPluginHook;
@@ -167,9 +168,11 @@ private void registerCryptoProviders() {
         this.cryptoProviderBucket.addCryptoProvider(new BcryptCryptoProvider());
         this.cryptoProviderBucket.addCryptoProvider(new MessageDigestCryptoProvider("SHA256", HashUtils.getSHA256()));
         this.cryptoProviderBucket.addCryptoProvider(new MessageDigestCryptoProvider("MD5", HashUtils.getMD5()));
-        this.cryptoProviderBucket.addCryptoProvider(new AuthMeSha256CryptoProvider());
         this.cryptoProviderBucket.addCryptoProvider(new Argon2CryptoProvider());
         this.cryptoProviderBucket.addCryptoProvider(new ScryptCryptoProvider());
+
+        this.cryptoProviderBucket.addCryptoProvider(new AuthMeSha256CryptoProvider());
+        this.cryptoProviderBucket.addCryptoProvider(new UAuthCryptoProvider());
     }
 
     private void initializeTelegram() {

diff --git a/core/src/main/java/me/mastercapexd/auth/crypto/belkaauth/UAuthCryptoProvider.java b/core/src/main/java/me/mastercapexd/auth/crypto/belkaauth/UAuthCryptoProvider.java
@@ -0,0 +1,24 @@
+package me.mastercapexd.auth.crypto.belkaauth;
+
+import com.bivashy.auth.api.crypto.CryptoProvider;
+import com.bivashy.auth.api.crypto.HashInput;
+import com.bivashy.auth.api.crypto.HashedPassword;
+
+public class UAuthCryptoProvider implements CryptoProvider {
+    private static final String SALT = "saharPidor";
+
+    @Override
+    public HashedPassword hash(HashInput input) {
+        return HashedPassword.of(UAuthUtil.getHash(SALT, input.getRawInput()), SALT, this);
+    }
+
+    @Override
+    public boolean matches(HashInput input, HashedPassword password) {
+        return hash(input).getHash().equals(password.getHash());
+    }
+
+    @Override
+    public String getIdentifier() {
+        return "UAUTH_UNSAFE";
+    }
+}
diff --git a/core/src/main/java/me/mastercapexd/auth/crypto/belkaauth/UAuthUtil.java b/core/src/main/java/me/mastercapexd/auth/crypto/belkaauth/UAuthUtil.java
@@ -0,0 +1,68 @@
+package me.mastercapexd.auth.crypto.belkaauth;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+
+public final class UAuthUtil {
+  private static SecureRandom RANDOM;
+
+  public static String generateSalt() {
+    byte[] salt = new byte[20];
+    RANDOM.nextBytes(salt);
+    return new String(bytesToString(salt));
+  }
+
+  public static byte[] getHash(String pass, byte[] salt, int iter, int len, String alg) throws Exception {
+    PBEKeySpec ks = new PBEKeySpec(pass.toCharArray(), salt, iter, len);
+    SecretKeyFactory skf = SecretKeyFactory.getInstance(alg);
+    return skf.generateSecret(ks).getEncoded();
+  }
+
+  public static String getHash(String pass, String salt, int iter, int len, String alg) throws Exception {
+    byte[] hash = getHash(pass, stringToBytes(salt), iter, len, alg);
+    return new String(bytesToString(hash));
+  }
+
+  public static char[] bytesToString(byte[] b) {
+    char[] res = new char[b.length * 2];
+    for (int i = 0; i < b.length; i++) {
+      res[i * 2] = LOOKUP[b[i] >>> 4 & 0xF];
+      res[i * 2 + 1] = LOOKUP[b[i] & 0xF];
+    } 
+    return res;
+  }
+
+  public static byte[] stringToBytes(String s) {
+    int len = s.length();
+    byte[] data = new byte[len / 2];
+    for (int i = 0; i < len; i += 2)
+      data[i / 2] = (byte)((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16)); 
+    return data;
+  }
+
+  public static String getHash(String salt, String password) {
+    try {
+      return getHash(password + "1_jm6H3tbLZ3DwZAqy8kVxAmjEJhl8ASypKUP-3d", salt, 50000, 160, "PBKDF2WithHmacSHA256");
+    } catch (Exception e) {
+      e.printStackTrace();
+      return null;
+    } 
+  }
+
+  private UAuthUtil() {
+    throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
+  }
+
+  static {
+    try {
+      RANDOM = SecureRandom.getInstance("SHA1PRNG");
+    } catch (NoSuchAlgorithmException e) {
+      e.printStackTrace();
+    }
+  }
+
+  private static char[] LOOKUP = "0123456789abcdef".toCharArray();
+}