Merge pull request #49 from HorizenOfficial/dev

Upgrade to 2.0.0-RC11

build.sbt

@@ -25,7 +25,7 @@ lazy val commonSettings = Seq(
     Wart.OptionPartial),
   organization := "io.horizen",
   organizationName := "Zen Blockchain Foundation",
-  version := "2.0.0-RC10",
+  version := "2.0.0-RC11",
   licenses := Seq("CC0" -> url("https://creativecommons.org/publicdomain/zero/1.0/legalcode")),
   homepage := Some(url("https://github.com/HorizenOfficial/Sparkz")),
   pomExtra :=
@@ -85,7 +85,7 @@ val testingDependencies = Seq(
 libraryDependencies ++= Seq(
   "com.iheart" %% "ficus" % "1.5.2",
   "org.scala-lang.modules" %% "scala-collection-compat" % "2.8.1",
-  "org.mindrot" % "jbcrypt" % "0.4"
+  "at.favre.lib" % "bcrypt" % "0.10.2"
 ) ++ networkDependencies ++ apiDependencies ++ loggingDependencies ++ testingDependencies
 
 

release-notes.md

@@ -1,3 +1,7 @@
+2.0.0-RC11
+---------
+* Changed library for the Bcrypt hashing algorithm and added additional unit tests
+
 2.0.0-RC10
 ---------
 * UPnP module removed

src/main/scala/sparkz/core/api/http/ApiDirectives.scala

@@ -2,7 +2,7 @@ package sparkz.core.api.http
 
 import akka.http.scaladsl.server.directives.{AuthenticationDirective, Credentials}
 import akka.http.scaladsl.server.{AuthorizationFailedRejection, Directive0}
-import org.mindrot.jbcrypt.BCrypt
+import at.favre.lib.crypto.bcrypt.BCrypt
 import sparkz.core.settings.RESTApiSettings
 import sparkz.util.SparkzEncoding
 import sparkz.crypto.hash.Blake2b256
@@ -41,7 +41,7 @@ trait ApiDirectives extends CorsHandler with SparkzEncoding {
         if (apiKeyHash.equals(""))
           false
         else
-          BCrypt.checkpw(apiKey, apiKeyHash)
+          BCrypt.verifyer().verify(apiKey.toCharArray, apiKeyHash).verified
       case None => false
     }
   }

src/test/scala/sparkz/core/api/http/PeersApiRouteSpec.scala

@@ -5,9 +5,9 @@ import akka.http.scaladsl.model.{ContentTypes, HttpEntity, StatusCodes}
 import akka.http.scaladsl.server.Route
 import akka.http.scaladsl.testkit.{RouteTestTimeout, ScalatestRouteTest}
 import akka.testkit.{TestDuration, TestProbe}
+import at.favre.lib.crypto.bcrypt.BCrypt
 import io.circe.Json
 import io.circe.syntax._
-import org.mindrot.jbcrypt.BCrypt
 import org.scalatest.flatspec.AnyFlatSpec
 import org.scalatest.matchers.should.Matchers
 import sparkz.core.api.http.PeersApiRoute.PeerInfoResponse
@@ -38,7 +38,9 @@ class PeersApiRouteSpec extends AnyFlatSpec
   private val body = HttpEntity("localhost:8080".asJson.toString).withContentType(ContentTypes.`application/json`)
   private val badBody = HttpEntity("badBodyContent".asJson.toString).withContentType(ContentTypes.`application/json`)
 
-  private val restApiSettingsWithApiKey = RESTApiSettings(addr, Some(BCrypt.hashpw(credentials.password(), BCrypt.gensalt())), None, 10 seconds)
+  //Algorithm cost, higher is the number, higher is the round in the algorithm and the time to hash/verify the password
+  private val bcryptCostAlgorithm = 12
+  private val restApiSettingsWithApiKey = RESTApiSettings(addr, Some(BCrypt.`with`(BCrypt.Version.VERSION_2Y).hashToString(bcryptCostAlgorithm, credentials.password().toCharArray)), None, 10 seconds)
   private val routes = PeersApiRoute(pmRef, networkControllerRef, timeProvider, restApiSettings).route
   private val routesWithApiKey = PeersApiRoute(pmRef, networkControllerRef, timeProvider, restApiSettingsWithApiKey).route
 
@@ -60,6 +62,40 @@ class PeersApiRouteSpec extends AnyFlatSpec
     ).asJson
   }.asJson
 
+  it should "verify the Bcrypt hash" in {
+    // Test with the $a$ version
+    val password = "1234"
+    var bcryptHashString = BCrypt.withDefaults().hashToString(bcryptCostAlgorithm, password.toCharArray())
+    // $2a$12$US00g/uMhoSBm.HiuieBjeMtoN69SN.GE25fCpldebzkryUyopws6
+    var result = BCrypt.verifyer().verify(password.toCharArray(), bcryptHashString)
+    result.verified shouldBe true
+
+    //Test the same password with the newest version $y$
+    bcryptHashString = BCrypt.`with`(BCrypt.Version.VERSION_2Y).hashToString(bcryptCostAlgorithm, password.toCharArray)
+    result = BCrypt.verifyer().verify(password.toCharArray(), bcryptHashString)
+    result.verified shouldBe true
+  }
+
+  it should "not throw an exception in Bcrypt hash" in {
+    //Test verify with empty password
+    val password = "1234"
+    var bcryptHashString = BCrypt.withDefaults().hashToString(bcryptCostAlgorithm, password.toCharArray())
+    var result = BCrypt.verifyer().verify("".toCharArray(), bcryptHashString)
+    result.verified shouldBe false
+
+    //Test verify with dummy password hash
+    result = BCrypt.verifyer().verify(password.toCharArray(), "Horizen")
+    result.verified shouldBe false
+
+    //Test verify with NON UTF8 password
+    result = BCrypt.verifyer().verify("�����".toCharArray(), bcryptHashString)
+    result.verified shouldBe false
+
+    //Test verify with NON UTF8 password hash
+    result = BCrypt.verifyer().verify(password.toCharArray(), "�����")
+    result.verified shouldBe false
+  }
+
   it should "get all peers" in {
     Get(prefix + "/all") ~> routes ~> check {
       status shouldBe StatusCodes.OK

src/test/scala/sparkz/core/network/NetworkControllerSpec.scala

@@ -522,7 +522,7 @@ class NetworkControllerSpec extends NetworkTests with ScalaFutures {
     peerManagerProbe.expectMsg(RandomPeerForConnectionExcluding(Seq()))
     peerManagerProbe.reply(Some(getPeerInfo(peerAddressOne)))
     // Wait for the message to be received
-    Thread.sleep(1)
+    Thread.sleep(2)
 
     // Second attempt, discarding the peer we tried just before
     networkControllerRef ! ConnectionToPeer(emptyActiveConnections, emptyUnconfirmedConnections)