Merge pull request #10 from genexuslabs/issue#82272

Issue#82272

Author: sgrampone

GeneXusCryptography/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.2</version>
+		<version>1.0.0.3</version>
 	</parent>
 
 

GeneXusCryptography/src/main/java/com/genexus/cryptography/passwordDerivation/Argon2HashType.java

@@ -0,0 +1,52 @@
+package com.genexus.cryptography.passwordDerivation;
+
+import org.bouncycastle.crypto.params.Argon2Parameters;
+
+import com.genexus.securityapicommons.commons.Error;
+
+public enum Argon2HashType {
+	ARGON2_d, ARGON2_i, ARGON2_id;
+
+	public static Argon2HashType getArgon2HashType(String argon2HashType, Error error) {
+		switch (argon2HashType) {
+		case "ARGON2_d":
+			return Argon2HashType.ARGON2_d;
+		case "ARGON2_i":
+			return Argon2HashType.ARGON2_i;
+		case "ARGON2_id":
+			return Argon2HashType.ARGON2_id;
+		default:
+			error.setError("A2001", "Unrecognized Arggon2HashType");
+			return null;
+		}
+
+	}
+
+	public static String valueOf(Argon2HashType argon2HashType, Error error) {
+		switch (argon2HashType) {
+		case ARGON2_d:
+			return "ARGON2_d";
+		case ARGON2_i:
+			return "ARGON2_i";
+		case ARGON2_id:
+			return "ARGON2_id";
+		default:
+			error.setError("A2002", "Unrecognized Arggon2HashType");
+			return "";
+		}
+	}
+
+	public static int getArgon2Parameter(Argon2HashType argon2HashType, Error error) {
+		switch (argon2HashType) {
+		case ARGON2_d:
+			return Argon2Parameters.ARGON2_d;
+		case ARGON2_i:
+			return Argon2Parameters.ARGON2_i;
+		case ARGON2_id:
+			return Argon2Parameters.ARGON2_id;
+		default:
+			error.setError("A2003", "Unrecognized Arggon2HashType");
+			return 0;
+		}
+	}
+}

GeneXusCryptography/src/main/java/com/genexus/cryptography/passwordDerivation/Argon2Version.java

@@ -0,0 +1,47 @@
+package com.genexus.cryptography.passwordDerivation;
+
+import org.bouncycastle.crypto.params.Argon2Parameters;
+
+import com.genexus.securityapicommons.commons.Error;
+
+public enum Argon2Version {
+
+	ARGON2_VERSION_10, ARGON2_VERSION_13;
+
+	public static Argon2Version getArgon2Version(String argon2Version, Error error) {
+		switch (argon2Version) {
+		case "ARGON2_VERSION_10":
+			return Argon2Version.ARGON2_VERSION_10;
+		case "ARGON2_VERSION_13":
+			return Argon2Version.ARGON2_VERSION_13;
+		default:
+			error.setError("AR001", "Unrecognized Argon2Version");
+			return null;
+		}
+	}
+
+	public static String valueOf(Argon2Version argon2Version, Error error) {
+		switch (argon2Version) {
+		case ARGON2_VERSION_10:
+			return "ARGON2_VERSION_10";
+		case ARGON2_VERSION_13:
+			return "ARGON2_VERSION_13";
+		default:
+			error.setError("AR002", "Unrecognized Argon2Version");
+			return "";
+		}
+	}
+
+	public static int getVersionParameter(Argon2Version argon2Version, Error error) {
+		switch (argon2Version) {
+		case ARGON2_VERSION_10:
+			return Argon2Parameters.ARGON2_VERSION_10;
+		case ARGON2_VERSION_13:
+			return Argon2Parameters.ARGON2_VERSION_13;
+		default:
+			error.setError("AR003", "Unrecognized Argon2Version");
+			return 0;
+		}
+	}
+
+}

GeneXusCryptography/src/main/java/com/genexus/cryptography/passwordDerivation/PasswordDerivation.java

@@ -1,9 +1,12 @@
 package com.genexus.cryptography.passwordDerivation;
 
+import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
 import org.bouncycastle.crypto.generators.BCrypt;
 import org.bouncycastle.crypto.generators.SCrypt;
+import org.bouncycastle.crypto.params.Argon2Parameters;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
 
 import com.genexus.cryptography.commons.PasswordDerivationObject;
 import com.genexus.securityapicommons.config.EncodingUtil;
@@ -101,7 +104,7 @@ public String doGenerateBcrypt(String password, String salt, int cost) {
 		byte[] encryptedBytes = BCrypt.generate(eu.getBytes(password), Strings.toByteArray(hexa.fromHexa(salt)), cost);
 		String result = Strings.fromByteArray(Base64.encode(encryptedBytes));
 		if (result == null || result.length() == 0) {
-			this.error.setError("PD010", "Brypt generation error");
+			this.error.setError("PD010", "Bcrypt generation error");
 			return "";
 		}
 		this.error.cleanError();
@@ -123,6 +126,49 @@ public String doGenerateDefaultBcrypt(String password, String salt) {
 		return doGenerateBcrypt(password, salt, cost);
 	}
 
+	public String doGenerateArgon2(String argon2Version10, String argon2HashType, int iterations, int memory,
+			int parallelism, String password, String salt, int hashLength) {
+		if (!areArgon2ValidParameters(iterations, parallelism, hashLength)) {
+			return "";
+		}
+		Argon2Version ver_aux = Argon2Version.getArgon2Version(argon2Version10, this.error);
+		int version = Argon2Version.getVersionParameter(ver_aux, this.error);
+		if (this.hasError()) {
+			return "";
+		}
+		Argon2HashType hash_aux = Argon2HashType.getArgon2HashType(argon2HashType, this.error);
+		int hashType = Argon2HashType.getArgon2Parameter(hash_aux, this.error);
+		if (this.hasError()) {
+			return "";
+		}
+
+		EncodingUtil eu = new EncodingUtil();
+		HexaEncoder hexa = new HexaEncoder();
+		byte[] bytePass = eu.getBytes(password);
+		if(eu.hasError())
+		{
+			this.error = eu.getError();
+			return "";
+		}
+
+		Argon2Parameters.Builder builder = new Argon2Parameters.Builder(hashType).withVersion(version)
+				.withIterations(iterations).withMemoryPowOfTwo(memory).withParallelism(parallelism)
+				.withSalt(Strings.toByteArray(hexa.fromHexa(salt)));
+
+		Argon2BytesGenerator dig = new Argon2BytesGenerator();
+		dig.init(builder.build());
+		byte[] res = new byte[hashLength];
+		dig.generateBytes(bytePass, res);
+		String result = Strings.fromByteArray(Base64.encode(res));
+		if (result == null || result.length() == 0) {
+			this.error.setError("PD012", "Argon2 generation error");
+			return "";
+		}
+		this.error.cleanError();
+		return result;
+
+	}
+
 	/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
 
 	/**
@@ -194,4 +240,20 @@ private boolean areSCRyptValidParameters(int CPUCost, int blockSize, int paralle
 		}
 		return true;
 	}
+
+	private boolean areArgon2ValidParameters(int iterations, int parallelism, int hashLength) {
+		if (parallelism < 1 || parallelism >= 16777216) {
+			this.error.setError("PD012", "Parallelism parameter must be >= 1 and < 16777216");
+			return false;
+		}
+		if (iterations < 1) {
+			this.error.setError("PD013", "Must be 1 iteration at least");
+			return false;
+		}
+		if (hashLength < 4) {
+			this.error.setError("PD014", "The output hash length must be >= 4");
+			return false;
+		}
+		return true;
+	}
 }

GeneXusCryptography/src/main/java/com/genexus/cryptography/passwordDerivation/PasswordDerivationAlgorithm.java

@@ -7,7 +7,7 @@
  *
  */
 public enum PasswordDerivationAlgorithm {
-	SCrypt, Bcrypt,;
+	SCrypt, Bcrypt,Argon2;
 
 	/**
 	 * Mapping between String name and PasswordDerivationAlgorithm enum
@@ -26,6 +26,8 @@ public static PasswordDerivationAlgorithm getPasswordDerivationAlgorithm(String
 			return PasswordDerivationAlgorithm.SCrypt;
 		case "Bcrypt":
 			return PasswordDerivationAlgorithm.Bcrypt;
+		case "Argon2":
+			return PasswordDerivationAlgorithm.Argon2;
 		default:
 			error.setError("PD001", "Unrecognized PasswordDerivationAlgorithm");
 			return null;
@@ -45,6 +47,8 @@ public static String valueOf(PasswordDerivationAlgorithm passwordDerivationAlgor
 			return "SCrypt";
 		case Bcrypt:
 			return "Bcrypt";
+		case Argon2:
+			return "Argon2";
 		default:
 			error.setError("PD002", "Unrecognized PasswordDerivationAlgorithm");
 			return "Unrecognized algorithm";

GeneXusFtps/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.2</version>
+		<version>1.0.0.3</version>
 	</parent>
 
 

GeneXusJWT/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.2</version>
+		<version>1.0.0.3</version>
 	</parent>
 
 

GeneXusSftp/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.2</version>
+		<version>1.0.0.3</version>
 	</parent>
 
 

GeneXusXmlSignature/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.2</version>
+		<version>1.0.0.3</version>
 	</parent>
 
 	<artifactId>GeneXusXmlSignature</artifactId>

SecurityAPICommons/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.2</version>
+		<version>1.0.0.3</version>
 	</parent>