Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
Sha2Crypt |
|
| 5.4;5.4 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one or more | |
3 | * contributor license agreements. See the NOTICE file distributed with | |
4 | * this work for additional information regarding copyright ownership. | |
5 | * The ASF licenses this file to You under the Apache License, Version 2.0 | |
6 | * (the "License"); you may not use this file except in compliance with | |
7 | * the License. You may obtain a copy of the License at | |
8 | * | |
9 | * http://www.apache.org/licenses/LICENSE-2.0 | |
10 | * | |
11 | * Unless required by applicable law or agreed to in writing, software | |
12 | * distributed under the License is distributed on an "AS IS" BASIS, | |
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
14 | * See the License for the specific language governing permissions and | |
15 | * limitations under the License. | |
16 | */ | |
17 | package org.apache.commons.codec.digest; | |
18 | ||
19 | import java.security.MessageDigest; | |
20 | import java.security.NoSuchAlgorithmException; | |
21 | import java.util.Arrays; | |
22 | import java.util.regex.Matcher; | |
23 | import java.util.regex.Pattern; | |
24 | ||
25 | import org.apache.commons.codec.Charsets; | |
26 | ||
27 | /** | |
28 | * SHA2-based Unix crypt implementation. | |
29 | * <p> | |
30 | * Based on the C implementation released into the Public Domain by Ulrich Drepper <drepper@redhat.com> | |
31 | * http://www.akkadia.org/drepper/SHA-crypt.txt | |
32 | * <p> | |
33 | * Conversion to Kotlin and from there to Java in 2012 by Christian Hammers <ch@lathspell.de> and likewise put | |
34 | * into the Public Domain. | |
35 | * <p> | |
36 | * This class is immutable and thread-safe. | |
37 | * | |
38 | * @version $Id$ | |
39 | * @since 1.7 | |
40 | */ | |
41 | 1 | public class Sha2Crypt { |
42 | ||
43 | /** Default number of rounds if not explicitly specified. */ | |
44 | private static final int ROUNDS_DEFAULT = 5000; | |
45 | ||
46 | /** Maximum number of rounds. */ | |
47 | private static final int ROUNDS_MAX = 999999999; | |
48 | ||
49 | /** Minimum number of rounds. */ | |
50 | private static final int ROUNDS_MIN = 1000; | |
51 | ||
52 | /** Prefix for optional rounds specification. */ | |
53 | private static final String ROUNDS_PREFIX = "rounds="; | |
54 | ||
55 | /** The number of bytes the final hash value will have (SHA-256 variant). */ | |
56 | private static final int SHA256_BLOCKSIZE = 32; | |
57 | ||
58 | /** The prefixes that can be used to identify this crypt() variant (SHA-256). */ | |
59 | static final String SHA256_PREFIX = "$5$"; | |
60 | ||
61 | /** The number of bytes the final hash value will have (SHA-512 variant). */ | |
62 | private static final int SHA512_BLOCKSIZE = 64; | |
63 | ||
64 | /** The prefixes that can be used to identify this crypt() variant (SHA-512). */ | |
65 | static final String SHA512_PREFIX = "$6$"; | |
66 | ||
67 | /** The pattern to match valid salt values. */ | |
68 | 1 | private static final Pattern SALT_PATTERN = Pattern |
69 | .compile("^\\$([56])\\$(rounds=(\\d+)\\$)?([\\.\\/a-zA-Z0-9]{1,16}).*"); | |
70 | ||
71 | /** | |
72 | * Generates a libc crypt() compatible "$5$" hash value with random salt. | |
73 | * <p> | |
74 | * See {@link Crypt#crypt(String, String)} for details. | |
75 | * | |
76 | * @throws RuntimeException | |
77 | * when a {@link java.security.NoSuchAlgorithmException} is caught. | |
78 | */ | |
79 | public static String sha256Crypt(byte[] keyBytes) { | |
80 | 2 | return sha256Crypt(keyBytes, null); |
81 | } | |
82 | ||
83 | /** | |
84 | * Generates a libc6 crypt() compatible "$5$" hash value. | |
85 | * <p> | |
86 | * See {@link Crypt#crypt(String, String)} for details. | |
87 | * | |
88 | * @throws IllegalArgumentException | |
89 | * if the salt does not match the allowed pattern | |
90 | * @throws RuntimeException | |
91 | * when a {@link java.security.NoSuchAlgorithmException} is caught. | |
92 | */ | |
93 | public static String sha256Crypt(byte[] keyBytes, String salt) { | |
94 | 20 | if (salt == null) { |
95 | 3 | salt = SHA256_PREFIX + B64.getRandomSalt(8); |
96 | } | |
97 | 20 | return sha2Crypt(keyBytes, salt, SHA256_PREFIX, SHA256_BLOCKSIZE, MessageDigestAlgorithms.SHA_256); |
98 | } | |
99 | ||
100 | /** | |
101 | * Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value. | |
102 | * <p> | |
103 | * This is a nearly line by line conversion of the original C function. The numbered comments are from the | |
104 | * algorithm description, the short C-style ones from the original C code and the ones with "Remark" from me. | |
105 | * <p> | |
106 | * See {@link Crypt#crypt(String, String)} for details. | |
107 | * | |
108 | * @param keyBytes | |
109 | * plaintext that should be hashed | |
110 | * @param salt | |
111 | * real salt value without prefix or "rounds=" | |
112 | * @param saltPrefix | |
113 | * either $5$ or $6$ | |
114 | * @param blocksize | |
115 | * a value that differs between $5$ and $6$ | |
116 | * @param algorithm | |
117 | * {@link MessageDigest} algorithm identifier string | |
118 | * @return complete hash value including prefix and salt | |
119 | * @throws IllegalArgumentException | |
120 | * if the given salt is {@code null} or does not match the allowed pattern | |
121 | * @throws IllegalArgumentException | |
122 | * when a {@link NoSuchAlgorithmException} is caught | |
123 | * @see MessageDigestAlgorithms | |
124 | */ | |
125 | private static String sha2Crypt(byte[] keyBytes, String salt, String saltPrefix, int blocksize, String algorithm) { | |
126 | ||
127 | 39 | int keyLen = keyBytes.length; |
128 | ||
129 | // Extracts effective salt and the number of rounds from the given salt. | |
130 | 37 | int rounds = ROUNDS_DEFAULT; |
131 | 37 | boolean roundsCustom = false; |
132 | 37 | if (salt == null) { |
133 | 0 | throw new IllegalArgumentException("Salt must not be null"); |
134 | } | |
135 | ||
136 | 37 | Matcher m = SALT_PATTERN.matcher(salt); |
137 | 37 | if (m == null || !m.find()) { |
138 | 3 | throw new IllegalArgumentException("Invalid salt value: " + salt); |
139 | } | |
140 | 34 | if (m.group(3) != null) { |
141 | 6 | rounds = Integer.parseInt(m.group(3)); |
142 | 6 | rounds = Math.max(ROUNDS_MIN, Math.min(ROUNDS_MAX, rounds)); |
143 | 6 | roundsCustom = true; |
144 | } | |
145 | 34 | String saltString = m.group(4); |
146 | 34 | byte[] saltBytes = saltString.getBytes(Charsets.UTF_8); |
147 | 34 | int saltLen = saltBytes.length; |
148 | ||
149 | // 1. start digest A | |
150 | // Prepare for the real work. | |
151 | 34 | MessageDigest ctx = DigestUtils.getDigest(algorithm); |
152 | ||
153 | // 2. the password string is added to digest A | |
154 | /* | |
155 | * Add the key string. | |
156 | */ | |
157 | 34 | ctx.update(keyBytes); |
158 | ||
159 | // 3. the salt string is added to digest A. This is just the salt string | |
160 | // itself without the enclosing '$', without the magic salt_prefix $5$ and | |
161 | // $6$ respectively and without the rounds=<N> specification. | |
162 | // | |
163 | // NB: the MD5 algorithm did add the $1$ salt_prefix. This is not deemed | |
164 | // necessary since it is a constant string and does not add security | |
165 | // and /possibly/ allows a plain text attack. Since the rounds=<N> | |
166 | // specification should never be added this would also create an | |
167 | // inconsistency. | |
168 | /* | |
169 | * The last part is the salt string. This must be at most 16 characters and it ends at the first `$' character | |
170 | * (for compatibility with existing implementations). | |
171 | */ | |
172 | 34 | ctx.update(saltBytes); |
173 | ||
174 | // 4. start digest B | |
175 | /* | |
176 | * Compute alternate sha512 sum with input KEY, SALT, and KEY. The final result will be added to the first | |
177 | * context. | |
178 | */ | |
179 | 34 | MessageDigest altCtx = DigestUtils.getDigest(algorithm); |
180 | ||
181 | // 5. add the password to digest B | |
182 | /* | |
183 | * Add key. | |
184 | */ | |
185 | 34 | altCtx.update(keyBytes); |
186 | ||
187 | // 6. add the salt string to digest B | |
188 | /* | |
189 | * Add salt. | |
190 | */ | |
191 | 34 | altCtx.update(saltBytes); |
192 | ||
193 | // 7. add the password again to digest B | |
194 | /* | |
195 | * Add key again. | |
196 | */ | |
197 | 34 | altCtx.update(keyBytes); |
198 | ||
199 | // 8. finish digest B | |
200 | /* | |
201 | * Now get result of this (32 bytes) and add it to the other context. | |
202 | */ | |
203 | 34 | byte[] altResult = altCtx.digest(); |
204 | ||
205 | // 9. For each block of 32 or 64 bytes in the password string (excluding | |
206 | // the terminating NUL in the C representation), add digest B to digest A | |
207 | /* | |
208 | * Add for any character in the key one byte of the alternate sum. | |
209 | */ | |
210 | /* | |
211 | * (Remark: the C code comment seems wrong for key length > 32!) | |
212 | */ | |
213 | 34 | int cnt = keyBytes.length; |
214 | 43 | while (cnt > blocksize) { |
215 | 9 | ctx.update(altResult, 0, blocksize); |
216 | 9 | cnt -= blocksize; |
217 | } | |
218 | ||
219 | // 10. For the remaining N bytes of the password string add the first | |
220 | // N bytes of digest B to digest A | |
221 | 34 | ctx.update(altResult, 0, cnt); |
222 | ||
223 | // 11. For each bit of the binary representation of the length of the | |
224 | // password string up to and including the highest 1-digit, starting | |
225 | // from to lowest bit position (numeric value 1): | |
226 | // | |
227 | // a) for a 1-digit add digest B to digest A | |
228 | // | |
229 | // b) for a 0-digit add the password string | |
230 | // | |
231 | // NB: this step differs significantly from the MD5 algorithm. It | |
232 | // adds more randomness. | |
233 | /* | |
234 | * Take the binary representation of the length of the key and for every 1 add the alternate sum, for every 0 | |
235 | * the key. | |
236 | */ | |
237 | 34 | cnt = keyBytes.length; |
238 | 134 | while (cnt > 0) { |
239 | 100 | if ((cnt & 1) != 0) { |
240 | 58 | ctx.update(altResult, 0, blocksize); |
241 | } else { | |
242 | 42 | ctx.update(keyBytes); |
243 | } | |
244 | 100 | cnt >>= 1; |
245 | } | |
246 | ||
247 | // 12. finish digest A | |
248 | /* | |
249 | * Create intermediate result. | |
250 | */ | |
251 | 34 | altResult = ctx.digest(); |
252 | ||
253 | // 13. start digest DP | |
254 | /* | |
255 | * Start computation of P byte sequence. | |
256 | */ | |
257 | 34 | altCtx = DigestUtils.getDigest(algorithm); |
258 | ||
259 | // 14. for every byte in the password (excluding the terminating NUL byte | |
260 | // in the C representation of the string) | |
261 | // | |
262 | // add the password to digest DP | |
263 | /* | |
264 | * For every character in the password add the entire password. | |
265 | */ | |
266 | 592 | for (int i = 1; i <= keyLen; i++) { |
267 | 558 | altCtx.update(keyBytes); |
268 | } | |
269 | ||
270 | // 15. finish digest DP | |
271 | /* | |
272 | * Finish the digest. | |
273 | */ | |
274 | 34 | byte[] tempResult = altCtx.digest(); |
275 | ||
276 | // 16. produce byte sequence P of the same length as the password where | |
277 | // | |
278 | // a) for each block of 32 or 64 bytes of length of the password string | |
279 | // the entire digest DP is used | |
280 | // | |
281 | // b) for the remaining N (up to 31 or 63) bytes use the first N | |
282 | // bytes of digest DP | |
283 | /* | |
284 | * Create byte sequence P. | |
285 | */ | |
286 | 34 | byte[] pBytes = new byte[keyLen]; |
287 | 34 | int cp = 0; |
288 | 43 | while (cp < keyLen - blocksize) { |
289 | 9 | System.arraycopy(tempResult, 0, pBytes, cp, blocksize); |
290 | 9 | cp += blocksize; |
291 | } | |
292 | 34 | System.arraycopy(tempResult, 0, pBytes, cp, keyLen - cp); |
293 | ||
294 | // 17. start digest DS | |
295 | /* | |
296 | * Start computation of S byte sequence. | |
297 | */ | |
298 | 34 | altCtx = DigestUtils.getDigest(algorithm); |
299 | ||
300 | // 18. repeast the following 16+A[0] times, where A[0] represents the first | |
301 | // byte in digest A interpreted as an 8-bit unsigned value | |
302 | // | |
303 | // add the salt to digest DS | |
304 | /* | |
305 | * For every character in the password add the entire password. | |
306 | */ | |
307 | 5346 | for (int i = 1; i <= 16 + (altResult[0] & 0xff); i++) { |
308 | 5312 | altCtx.update(saltBytes); |
309 | } | |
310 | ||
311 | // 19. finish digest DS | |
312 | /* | |
313 | * Finish the digest. | |
314 | */ | |
315 | 34 | tempResult = altCtx.digest(); |
316 | ||
317 | // 20. produce byte sequence S of the same length as the salt string where | |
318 | // | |
319 | // a) for each block of 32 or 64 bytes of length of the salt string | |
320 | // the entire digest DS is used | |
321 | // | |
322 | // b) for the remaining N (up to 31 or 63) bytes use the first N | |
323 | // bytes of digest DS | |
324 | /* | |
325 | * Create byte sequence S. | |
326 | */ | |
327 | // Remark: The salt is limited to 16 chars, how does this make sense? | |
328 | 34 | byte[] sBytes = new byte[saltLen]; |
329 | 34 | cp = 0; |
330 | 34 | while (cp < saltLen - blocksize) { |
331 | 0 | System.arraycopy(tempResult, 0, sBytes, cp, blocksize); |
332 | 0 | cp += blocksize; |
333 | } | |
334 | 34 | System.arraycopy(tempResult, 0, sBytes, cp, saltLen - cp); |
335 | ||
336 | // 21. repeat a loop according to the number specified in the rounds=<N> | |
337 | // specification in the salt (or the default value if none is | |
338 | // present). Each round is numbered, starting with 0 and up to N-1. | |
339 | // | |
340 | // The loop uses a digest as input. In the first round it is the | |
341 | // digest produced in step 12. In the latter steps it is the digest | |
342 | // produced in step 21.h. The following text uses the notation | |
343 | // "digest A/C" to describe this behavior. | |
344 | /* | |
345 | * Repeatedly run the collected hash value through sha512 to burn CPU cycles. | |
346 | */ | |
347 | 164034 | for (int i = 0; i <= rounds - 1; i++) { |
348 | // a) start digest C | |
349 | /* | |
350 | * New context. | |
351 | */ | |
352 | 164000 | ctx = DigestUtils.getDigest(algorithm); |
353 | ||
354 | // b) for odd round numbers add the byte sequense P to digest C | |
355 | // c) for even round numbers add digest A/C | |
356 | /* | |
357 | * Add key or last result. | |
358 | */ | |
359 | 164000 | if ((i & 1) != 0) { |
360 | 81998 | ctx.update(pBytes, 0, keyLen); |
361 | } else { | |
362 | 82002 | ctx.update(altResult, 0, blocksize); |
363 | } | |
364 | ||
365 | // d) for all round numbers not divisible by 3 add the byte sequence S | |
366 | /* | |
367 | * Add salt for numbers not divisible by 3. | |
368 | */ | |
369 | 164000 | if (i % 3 != 0) { |
370 | 109322 | ctx.update(sBytes, 0, saltLen); |
371 | } | |
372 | ||
373 | // e) for all round numbers not divisible by 7 add the byte sequence P | |
374 | /* | |
375 | * Add key for numbers not divisible by 7. | |
376 | */ | |
377 | 164000 | if (i % 7 != 0) { |
378 | 140550 | ctx.update(pBytes, 0, keyLen); |
379 | } | |
380 | ||
381 | // f) for odd round numbers add digest A/C | |
382 | // g) for even round numbers add the byte sequence P | |
383 | /* | |
384 | * Add key or last result. | |
385 | */ | |
386 | 164000 | if ((i & 1) != 0) { |
387 | 81998 | ctx.update(altResult, 0, blocksize); |
388 | } else { | |
389 | 82002 | ctx.update(pBytes, 0, keyLen); |
390 | } | |
391 | ||
392 | // h) finish digest C. | |
393 | /* | |
394 | * Create intermediate result. | |
395 | */ | |
396 | 164000 | altResult = ctx.digest(); |
397 | } | |
398 | ||
399 | // 22. Produce the output string. This is an ASCII string of the maximum | |
400 | // size specified above, consisting of multiple pieces: | |
401 | // | |
402 | // a) the salt salt_prefix, $5$ or $6$ respectively | |
403 | // | |
404 | // b) the rounds=<N> specification, if one was present in the input | |
405 | // salt string. A trailing '$' is added in this case to separate | |
406 | // the rounds specification from the following text. | |
407 | // | |
408 | // c) the salt string truncated to 16 characters | |
409 | // | |
410 | // d) a '$' character | |
411 | /* | |
412 | * Now we can construct the result string. It consists of three parts. | |
413 | */ | |
414 | 34 | StringBuilder buffer = new StringBuilder(saltPrefix); |
415 | 34 | if (roundsCustom) { |
416 | 6 | buffer.append(ROUNDS_PREFIX); |
417 | 6 | buffer.append(rounds); |
418 | 6 | buffer.append("$"); |
419 | } | |
420 | 34 | buffer.append(saltString); |
421 | 34 | buffer.append("$"); |
422 | ||
423 | // e) the base-64 encoded final C digest. The encoding used is as | |
424 | // follows: | |
425 | // [...] | |
426 | // | |
427 | // Each group of three bytes from the digest produces four | |
428 | // characters as output: | |
429 | // | |
430 | // 1. character: the six low bits of the first byte | |
431 | // 2. character: the two high bits of the first byte and the | |
432 | // four low bytes from the second byte | |
433 | // 3. character: the four high bytes from the second byte and | |
434 | // the two low bits from the third byte | |
435 | // 4. character: the six high bits from the third byte | |
436 | // | |
437 | // The groups of three bytes are as follows (in this sequence). | |
438 | // These are the indices into the byte array containing the | |
439 | // digest, starting with index 0. For the last group there are | |
440 | // not enough bytes left in the digest and the value zero is used | |
441 | // in its place. This group also produces only three or two | |
442 | // characters as output for SHA-512 and SHA-512 respectively. | |
443 | ||
444 | // This was just a safeguard in the C implementation: | |
445 | // int buflen = salt_prefix.length() - 1 + ROUNDS_PREFIX.length() + 9 + 1 + salt_string.length() + 1 + 86 + 1; | |
446 | ||
447 | 34 | if (blocksize == 32) { |
448 | 18 | B64.b64from24bit(altResult[0], altResult[10], altResult[20], 4, buffer); |
449 | 18 | B64.b64from24bit(altResult[21], altResult[1], altResult[11], 4, buffer); |
450 | 18 | B64.b64from24bit(altResult[12], altResult[22], altResult[2], 4, buffer); |
451 | 18 | B64.b64from24bit(altResult[3], altResult[13], altResult[23], 4, buffer); |
452 | 18 | B64.b64from24bit(altResult[24], altResult[4], altResult[14], 4, buffer); |
453 | 18 | B64.b64from24bit(altResult[15], altResult[25], altResult[5], 4, buffer); |
454 | 18 | B64.b64from24bit(altResult[6], altResult[16], altResult[26], 4, buffer); |
455 | 18 | B64.b64from24bit(altResult[27], altResult[7], altResult[17], 4, buffer); |
456 | 18 | B64.b64from24bit(altResult[18], altResult[28], altResult[8], 4, buffer); |
457 | 18 | B64.b64from24bit(altResult[9], altResult[19], altResult[29], 4, buffer); |
458 | 18 | B64.b64from24bit((byte) 0, altResult[31], altResult[30], 3, buffer); |
459 | } else { | |
460 | 16 | B64.b64from24bit(altResult[0], altResult[21], altResult[42], 4, buffer); |
461 | 16 | B64.b64from24bit(altResult[22], altResult[43], altResult[1], 4, buffer); |
462 | 16 | B64.b64from24bit(altResult[44], altResult[2], altResult[23], 4, buffer); |
463 | 16 | B64.b64from24bit(altResult[3], altResult[24], altResult[45], 4, buffer); |
464 | 16 | B64.b64from24bit(altResult[25], altResult[46], altResult[4], 4, buffer); |
465 | 16 | B64.b64from24bit(altResult[47], altResult[5], altResult[26], 4, buffer); |
466 | 16 | B64.b64from24bit(altResult[6], altResult[27], altResult[48], 4, buffer); |
467 | 16 | B64.b64from24bit(altResult[28], altResult[49], altResult[7], 4, buffer); |
468 | 16 | B64.b64from24bit(altResult[50], altResult[8], altResult[29], 4, buffer); |
469 | 16 | B64.b64from24bit(altResult[9], altResult[30], altResult[51], 4, buffer); |
470 | 16 | B64.b64from24bit(altResult[31], altResult[52], altResult[10], 4, buffer); |
471 | 16 | B64.b64from24bit(altResult[53], altResult[11], altResult[32], 4, buffer); |
472 | 16 | B64.b64from24bit(altResult[12], altResult[33], altResult[54], 4, buffer); |
473 | 16 | B64.b64from24bit(altResult[34], altResult[55], altResult[13], 4, buffer); |
474 | 16 | B64.b64from24bit(altResult[56], altResult[14], altResult[35], 4, buffer); |
475 | 16 | B64.b64from24bit(altResult[15], altResult[36], altResult[57], 4, buffer); |
476 | 16 | B64.b64from24bit(altResult[37], altResult[58], altResult[16], 4, buffer); |
477 | 16 | B64.b64from24bit(altResult[59], altResult[17], altResult[38], 4, buffer); |
478 | 16 | B64.b64from24bit(altResult[18], altResult[39], altResult[60], 4, buffer); |
479 | 16 | B64.b64from24bit(altResult[40], altResult[61], altResult[19], 4, buffer); |
480 | 16 | B64.b64from24bit(altResult[62], altResult[20], altResult[41], 4, buffer); |
481 | 16 | B64.b64from24bit((byte) 0, (byte) 0, altResult[63], 2, buffer); |
482 | } | |
483 | ||
484 | /* | |
485 | * Clear the buffer for the intermediate result so that people attaching to processes or reading core dumps | |
486 | * cannot get any information. | |
487 | */ | |
488 | // Is there a better way to do this with the JVM? | |
489 | 34 | Arrays.fill(tempResult, (byte) 0); |
490 | 34 | Arrays.fill(pBytes, (byte) 0); |
491 | 34 | Arrays.fill(sBytes, (byte) 0); |
492 | 34 | ctx.reset(); |
493 | 34 | altCtx.reset(); |
494 | 34 | Arrays.fill(keyBytes, (byte) 0); |
495 | 34 | Arrays.fill(saltBytes, (byte) 0); |
496 | ||
497 | 34 | return buffer.toString(); |
498 | } | |
499 | ||
500 | /** | |
501 | * Generates a libc crypt() compatible "$6$" hash value with random salt. | |
502 | * <p> | |
503 | * See {@link Crypt#crypt(String, String)} for details. | |
504 | * | |
505 | * @throws RuntimeException | |
506 | * when a {@link java.security.NoSuchAlgorithmException} is caught. | |
507 | */ | |
508 | public static String sha512Crypt(byte[] keyBytes) { | |
509 | 5 | return sha512Crypt(keyBytes, null); |
510 | } | |
511 | ||
512 | /** | |
513 | * Generates a libc6 crypt() compatible "$6$" hash value. | |
514 | * <p> | |
515 | * See {@link Crypt#crypt(String, String)} for details. | |
516 | * | |
517 | * @throws IllegalArgumentException | |
518 | * if the salt does not match the allowed pattern | |
519 | * @throws RuntimeException | |
520 | * when a {@link java.security.NoSuchAlgorithmException} is caught. | |
521 | */ | |
522 | public static String sha512Crypt(byte[] keyBytes, String salt) { | |
523 | 19 | if (salt == null) { |
524 | 6 | salt = SHA512_PREFIX + B64.getRandomSalt(8); |
525 | } | |
526 | 19 | return sha2Crypt(keyBytes, salt, SHA512_PREFIX, SHA512_BLOCKSIZE, MessageDigestAlgorithms.SHA_512); |
527 | } | |
528 | } |