From e8f8eb8212c1909e11b4f218d158de15c1ed6c49 Mon Sep 17 00:00:00 2001 From: lucas Date: Fri, 20 Dec 2024 11:54:47 +0100 Subject: [PATCH] salt and pepper --- .idea/libraries/bytedeco_javacv_platform.xml | 4 +- .../fasterxml_jackson_core_databind.xml | 12 ++ ByteWarden.iml | 1 + databases.json | 16 +++ llucas.json | 9 ++ pepper.json | 3 + src/Classes/DatabasesManager.java | 31 ++++- src/Classes/Menu.java | 2 +- src/Classes/Sha256.java | 1 + src/Classes/VigenereAlgo.java | 19 ++- src/Tests/DatabasesManagerTest.java | 109 ------------------ test.json | 9 ++ 12 files changed, 97 insertions(+), 119 deletions(-) create mode 100644 .idea/libraries/fasterxml_jackson_core_databind.xml create mode 100644 llucas.json create mode 100644 pepper.json create mode 100644 test.json diff --git a/.idea/libraries/bytedeco_javacv_platform.xml b/.idea/libraries/bytedeco_javacv_platform.xml index 53085a2..9fa3834 100644 --- a/.idea/libraries/bytedeco_javacv_platform.xml +++ b/.idea/libraries/bytedeco_javacv_platform.xml @@ -19,9 +19,9 @@ - + - + diff --git a/.idea/libraries/fasterxml_jackson_core_databind.xml b/.idea/libraries/fasterxml_jackson_core_databind.xml new file mode 100644 index 0000000..142f4e6 --- /dev/null +++ b/.idea/libraries/fasterxml_jackson_core_databind.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/ByteWarden.iml b/ByteWarden.iml index 13556b5..27a65dc 100644 --- a/ByteWarden.iml +++ b/ByteWarden.iml @@ -19,5 +19,6 @@ + \ No newline at end of file diff --git a/databases.json b/databases.json index 7a73a41..4cb7c65 100644 --- a/databases.json +++ b/databases.json @@ -1,2 +1,18 @@ { + "llucas": { + "name": "llucas", + "hashPassword": "eebc1115b82aea1ee598f927e19500c75d2e318eaa9d83fa5a7513e26dea608b", + "encryptionMap": { + "RotX": "12" + }, + "salt": "NTNcG1Mv\u002604K" + }, + "test": { + "name": "test", + "hashPassword": "6b3fcb519f1dac8495538eed6bf3963faf7d7a6762d6789869a2cb51a9bca91d", + "encryptionMap": { + "RotX": "12" + }, + "salt": "sP5s3cWwMsOX" + } } \ No newline at end of file diff --git a/llucas.json b/llucas.json new file mode 100644 index 0000000..e104e2e --- /dev/null +++ b/llucas.json @@ -0,0 +1,9 @@ +{ + "eufqe": [ + { + "bmeeiadp": "rlrqlr", + "eufqZmyq": "kagfgnq", + "geqdzmyq": "lplp" + } + ] +} \ No newline at end of file diff --git a/pepper.json b/pepper.json new file mode 100644 index 0000000..51db507 --- /dev/null +++ b/pepper.json @@ -0,0 +1,3 @@ +{ + "pepper": "jesuisunpoivre" +} \ No newline at end of file diff --git a/src/Classes/DatabasesManager.java b/src/Classes/DatabasesManager.java index 35e22c0..3c28709 100644 --- a/src/Classes/DatabasesManager.java +++ b/src/Classes/DatabasesManager.java @@ -1,5 +1,6 @@ package Classes; +import com.fasterxml.jackson.databind.ObjectMapper; import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.reflect.TypeToken; @@ -25,7 +26,9 @@ public DatabasesManager(File databasesFile) { public boolean verifyDatabase(String dbName, String password) { if (!databases.containsKey(dbName)) return false; Database database = databases.get(dbName); - String hashedPassword = sha256.calculateHash(password); + String pepper = readPepperFromJson("pepper.json"); + + String hashedPassword = sha256.calculateHash(database.getSalt() + password + pepper); return database.getHashPassword().equals(hashedPassword); } @@ -33,12 +36,24 @@ public void createDatabase(String dbName, String password, Map e if (databases.containsKey(dbName)) { throw new IllegalArgumentException("Database already exists."); } - String hashedPassword = sha256.calculateHash(password); - Database newDatabase = new Database(dbName, hashedPassword, encryptionMap); + String pepper = readPepperFromJson("pepper.json"); + String salt = PasswordUtils.generateRandomPassword(12); + String hashedPassword = sha256.calculateHash(salt + password + pepper); + Database newDatabase = new Database(dbName, hashedPassword, encryptionMap, salt); databases.put(dbName, newDatabase); saveDatabases(); } + private String readPepperFromJson(String filePath) { + ObjectMapper objectMapper = new ObjectMapper(); + try { + Map jsonMap = objectMapper.readValue(new File(filePath), Map.class); + return jsonMap.get("pepper"); + } catch (IOException e) { + e.printStackTrace(); + return ""; + } + } private Map loadDatabases() { if (!databasesFile.exists()) return new HashMap<>(); try (FileReader reader = new FileReader(databasesFile)) { @@ -66,11 +81,12 @@ public static class Database { private final String name; private final String hashPassword; private final Map encryptionMap; - - public Database(String name, String hashPassword, Map encryptionMap) { + private final String salt; + public Database(String name, String hashPassword, Map encryptionMap, String salt) { this.name = name; this.hashPassword = hashPassword; this.encryptionMap = encryptionMap; + this.salt = salt; } public String getName() { @@ -84,6 +100,11 @@ public String getHashPassword() { public Map getEncryptionMap() { return encryptionMap; } + public String getSalt(){ + return salt; + } + + } public Map getEncryptionMap(String dbName) { if (!databases.containsKey(dbName)) { diff --git a/src/Classes/Menu.java b/src/Classes/Menu.java index 4be04d6..9dc206e 100644 --- a/src/Classes/Menu.java +++ b/src/Classes/Menu.java @@ -64,6 +64,7 @@ else if (dbChoice == 2) { System.out.println("Generated password: " + password); + // Ask the user for encryption methods Map encryptionMap = new HashMap<>(); boolean addMoreEncryptions = true; @@ -102,7 +103,6 @@ else if (dbChoice == 2) { default -> System.out.println("Invalid choice. Please choose a valid encryption method."); } } - // Create the new database with the given name, password, and encryption map dbManager.createDatabase(dbName, password, encryptionMap); diff --git a/src/Classes/Sha256.java b/src/Classes/Sha256.java index cce7911..b704c12 100644 --- a/src/Classes/Sha256.java +++ b/src/Classes/Sha256.java @@ -4,6 +4,7 @@ public class Sha256 extends Hash { + // function to calculate hash @Override public String calculateHash(String input) { try { diff --git a/src/Classes/VigenereAlgo.java b/src/Classes/VigenereAlgo.java index c43039e..673ba81 100644 --- a/src/Classes/VigenereAlgo.java +++ b/src/Classes/VigenereAlgo.java @@ -44,11 +44,26 @@ public static String encrypt(String plainText, String key) { // Only encrypt alphabetic characters if (Character.isLetter(pi)) { boolean isUpperCase = Character.isUpperCase(pi); - char normalizedPi = Character.toLowerCase(pi); + char normalizedPi = Character.toLowerCase(pi); // the calculations are based on lowerCase alphabet char ki = key.charAt(keyIndex++); - // Encryption formula: Ci = (Pi + Ki) mod 26 + + // encrypt formula + // normalizedPi - a : converts the character to an index between 0 and 25 (ex : normalizedPi = 'c' (ASCII 99), then 'c' - 'a' = 99-97 = 2) + // ki - 'a' similarly normalizes the key character to the same 0–25 range. + + // normalizedPi - 'a' and ki - 'a' are added together to combine the plaintext and key in the normalized alphabet range. + + // % 26 ensures the result wraps around if it exceeds 25 (e.g., for 'z'). + // Example: If normalizedPi = 'z' (25) and ki = 'y' (24), then: + // (25 + 24) % 26 = 49 % 26 = 23 (which corresponds to 'x'). + + + // + 'a' converts the normalized result (0–25) back into a valid ASCII character (alphabetical range). + // Example: If the result is 2, adding 'a' (97) gives 99, which corresponds to 'c' in ASCII. + // (char) : Casts the result back to a character char ci = (char) (((normalizedPi - 'a' + ki - 'a') % 26) + 'a'); + // + 'a' converts the normalized result (0 - 25) back into a valid ASCII character (97-122) encryptedText.append(isUpperCase ? Character.toUpperCase(ci) : ci); } else { // Keep non-alphabetic characters unchanged diff --git a/src/Tests/DatabasesManagerTest.java b/src/Tests/DatabasesManagerTest.java index b4d837e..e69de29 100644 --- a/src/Tests/DatabasesManagerTest.java +++ b/src/Tests/DatabasesManagerTest.java @@ -1,109 +0,0 @@ -package Tests; - -import Classes.DatabasesManager; -import Classes.Sha256; -import org.junit.*; -import static org.junit.Assert.*; - -import java.io.File; -import java.io.FileWriter; -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -public class DatabasesManagerTest { - - private static File testFile; - private DatabasesManager manager; - - @BeforeClass - public static void setUpBeforeClass() throws IOException { - testFile = new File("testDatabases.json"); - if (testFile.exists()) { - testFile.delete(); - } - testFile.createNewFile(); - } - - @AfterClass - public static void tearDownAfterClass() { - if (testFile.exists()) { - testFile.delete(); - } - } - - @Before - public void setUp() { - manager = new DatabasesManager(testFile); - } - - @After - public void tearDown() { - if (testFile.exists()) { - testFile.delete(); - } - } - - @Test - public void testCreateDatabase() { - String dbName = "TestDB"; - String password = "password123"; - Map encryptionMap = new HashMap<>(); - encryptionMap.put("key1", "value1"); - - manager.createDatabase(dbName, password, encryptionMap); - - assertTrue(manager.verifyDatabase(dbName, password)); - assertEquals(encryptionMap, manager.getEncryptionMap(dbName)); - } - - @Test(expected = IllegalArgumentException.class) - public void testCreateDatabaseDuplicate() { - String dbName = "TestDB"; - String password = "password123"; - Map encryptionMap = new HashMap<>(); - - manager.createDatabase(dbName, password, encryptionMap); - manager.createDatabase(dbName, password, encryptionMap); - } - - @Test - public void testVerifyDatabase() { - String dbName = "TestDB"; - String password = "password123"; - Map encryptionMap = new HashMap<>(); - - manager.createDatabase(dbName, password, encryptionMap); - - assertTrue(manager.verifyDatabase(dbName, password)); - assertFalse(manager.verifyDatabase(dbName, "wrongPassword")); - assertFalse(manager.verifyDatabase("NonExistentDB", password)); - } - - @Test - public void testLoadDatabases() throws IOException { - // Pre-populate the test file with data - String dbName = "TestDB"; - Sha256 sha256 = new Sha256(); - String passwordHash = sha256 .calculateHash("password123"); - Map encryptionMap = new HashMap<>(); - encryptionMap.put("key1", "value1"); - - Map preloadedData = new HashMap<>(); - preloadedData.put(dbName, new DatabasesManager.Database(dbName, passwordHash, encryptionMap)); - - try (FileWriter writer = new FileWriter(testFile)) { - writer.write(new com.google.gson.GsonBuilder().setPrettyPrinting().create().toJson(preloadedData)); - } - - manager = new DatabasesManager(testFile); - - assertTrue(manager.verifyDatabase(dbName, "password123")); - assertEquals(encryptionMap, manager.getEncryptionMap(dbName)); - } - - @Test(expected = IllegalArgumentException.class) - public void testGetEncryptionMapForNonExistentDatabase() { - manager.getEncryptionMap("NonExistentDB"); - } -} diff --git a/test.json b/test.json new file mode 100644 index 0000000..48f52d0 --- /dev/null +++ b/test.json @@ -0,0 +1,9 @@ +{ + "eufqe": [ + { + "bmeeiadp": "xutosh", + "eufqZmyq": "uzefm", + "geqdzmyq": "xgome" + } + ] +} \ No newline at end of file