de.uplanet.security

Class KeyedSaltedHashing

java.lang.Object

de.uplanet.security.KeyedSaltedHashing

@Scriptable
public final class KeyedSaltedHashing
extends Object

HMAC Keyed Salted Hashing

This class implements a HMAC keyed and SALTed hashing algorithm. It is closely related to the mechanism described in RFC 2104, HMAC: Keyed-Hashing for Message Authentication. Beyond that, it supports SALT in a way that is compatible with common password storing strategies

Version:

1.0

Constructor Summary

Constructors

Constructor and Description
KeyedSaltedHashing() Contruct the hashing class with SHA-1 as the undelying hashing algorithm.
KeyedSaltedHashing(String p_strAlgorithm) Contruct the hashing class with the specified hashing algorithm.

Method Summary

Modifier and Type	Method and Description
boolean	equals(KeyedSaltedHashing p_another) Deprecated. Do not use this method.
byte[]	getDigest() Get the digest.
byte[]	makeDigest(byte[] p_hashedPassword, byte[] p_message) Create the HMAC.
byte[]	makeDigest(byte[] p_password, byte[] p_salt, byte[] p_message) Create the HMAC.
static boolean	verify(byte[] p_response, byte[] p_hashedPassword, byte[] p_challenge) Verify a given client login response using SHA-1 as the hashing algorithm.
static boolean	verify(byte[] p_response, byte[] p_hashedPassword, byte[] p_challenge, String p_strAlgorithm) Verify a given client login response.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyedSaltedHashing

public KeyedSaltedHashing()

Contruct the hashing class with SHA-1 as the undelying hashing algorithm.

KeyedSaltedHashing

public KeyedSaltedHashing(String p_strAlgorithm)
                   throws NoSuchAlgorithmException

Contruct the hashing class with the specified hashing algorithm.

Throws:

NoSuchAlgorithmException - If the algorithm is not available in the caller's environment.

Method Detail

verify

public static boolean verify(byte[] p_response,
                             byte[] p_hashedPassword,
                             byte[] p_challenge)

Verify a given client login response using SHA-1 as the hashing algorithm.

This method calls makeDigest(byte[], byte[]) to calculate the expected response, and then securely compares it with the response given by the client.

Parameters:

p_response - The client response.

p_hashedPassword - The hashed password.

p_challenge - The challenge.

Returns:

true if the client's response is correct, or false otherwise.

verify

public static boolean verify(byte[] p_response,
                             byte[] p_hashedPassword,
                             byte[] p_challenge,
                             String p_strAlgorithm)
                      throws NoSuchAlgorithmException

Verify a given client login response.

This method calls makeDigest(byte[], byte[]) to calculate the expected response, and then securely compares it with the response given by the client.

Parameters:

p_response - The client response.

p_hashedPassword - The hashed password.

p_challenge - The challenge.

p_strAlgorithm - The hashing algorithm to be used.

Returns:

true if the client's response is correct, or false otherwise.

Throws:

NoSuchAlgorithmException - If the requested hashing algorithm is not available.

equals

@Deprecated
public boolean equals(KeyedSaltedHashing p_another)

Deprecated. Do not use this method.

Compare the digest of this object with the digest of another KeyedSaltedHashing

Parameters:

p_another - Another instance of KeyedSaltedHashing to compare with.

Returns:

true if the two underlying digests are the same or both digest are null, false otherwise.

makeDigest

public byte[] makeDigest(byte[] p_password,
                         byte[] p_salt,
                         byte[] p_message)
                  throws NullPointerException

Create the HMAC.

The HMAC is computed from the password, the SALT and the message

Parameters:

p_password - The plain password as a byte array.

p_salt - The SALT as a byte array or null if SALT should not be used.

p_message - The message (e.g. challenge) as a byte array.

Returns:

The keyed salted digest.

Throws:

NullPointerException - if the password or the message is null

makeDigest

public byte[] makeDigest(byte[] p_hashedPassword,
                         byte[] p_message)
                  throws NullPointerException

Create the HMAC.

The HMAC is computed from a hashed password-SALT pair and the message

Parameters:

p_hashedPassword - The hashed and password-SALT-pair as a byte array.

p_message - The message (e.g. challenge) as a byte array.

Returns:

The HMAC.

Throws:

NullPointerException - if p_hashedPassword or the message is null

getDigest

public byte[] getDigest()

Get the digest.

Returns:

The keyed salted digest or null if none is available.