Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add BCrypt and Argon2 password handling to crypto module #577

Merged
merged 42 commits into from
Jan 20, 2025
Merged

Add BCrypt and Argon2 password handling to crypto module #577

merged 42 commits into from
Jan 20, 2025

Conversation

randilt
Copy link
Contributor

@randilt randilt commented Jan 10, 2025
edited
Loading

Purpose

This PR introduces implementation for BCrypt and Argon2id password hashing in Ballerina Crypto Module. It provides functions for securely hashing passwords, verifying them, and generating salts with customizable parameters. The support for both BCrypt and Argon2id allows for flexible and secure password management with different algorithms and configurable options like work factor (for BCrypt) and iterations, memory, and parallelism (for Argon2id).
Resolves: #2744

Fixes: ballerina-platform/ballerina-library#2441
Fixes: ballerina-platform/ballerina-library#2744

Examples

// Hashing a password with BCrypt
string password = "mySecurePassword123";
string|crypto:Error hash = crypto:hashPassword(password);

// Verifying a BCrypt hashed password
string password = "mySecurePassword123";
string hashedPassword = "$2a$12$LQV3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewYpwBAM7RHF.H9m";
boolean|crypto:Error matches = crypto:verifyPassword(password, hashedPassword);

// Generating a BCrypt salt
string|crypto:Error salt = crypto:generateSalt(14);

// Hashing a password with Argon2id
string password = "mySecurePassword123";
string|crypto:Error hashArgon2 = crypto:hashPasswordArgon2(password);

// Verifying an Argon2id hashed password
string password = "mySecurePassword123";
string hashedPasswordArgon2 = "$argon2id$v=19$m=65536,t=3,p=4$c29tZXNhbHQ$hash";
boolean|crypto:Error matchesArgon2 = crypto:verifyPasswordArgon2(password, hashedPasswordArgon2);

// Generating an Argon2id salt
string|crypto:Error saltArgon2 = crypto:generateSaltArgon2(4, 131072, 8);

Checklist

  • Linked to an issue
  • Updated the changelog
  • Added tests
  • Updated the spec
  • Checked native-image compatibility

randilt and others added 12 commits January 9, 2025 17:52
@randilt
[Automated] Update the native jar versions
c25a395
@randilt
Implement a password handling library using BCrypt
0714c09
@randilt
Merge branch 'ballerina-platform:master' into implement-password-hand…
296d158 
…ling-bcrypt
@randilt
Add Argon2 password hashing and verification functions with tests
0dee40b
@randilt
Add parameter validation to hashPasswordArgon2 and update testcase
408b7ef
@randilt
Merge branch 'implement-password-handling-bcrypt' of https://github.c…
1824e22 
…om/randilt/module-ballerina-crypto into implement-password-handling-bcrypt
@randilt
Add PasswordUtils class for password handling and validation functions
62c3d0c
@randilt
[Automated] Update the native jar versions
a44a579
@randilt
Refactor PasswordArgon2 to utilize PasswordUtils for salt generation …
5c44829 
…and hash formatting
@randilt
Add tests for password hash uniqueness and remove unused constant tim…
b6dd7b3 
…e comparison method
@randilt
Remove debug print statements from password hashing tests and add not…
e295de0 
…es on hash uniqueness
@randilt
Add copyright headers and improve documentation for password hashing …
8e6248f 
…classes
daneshk
daneshk reviewed Jan 13, 2025
View reviewed changes
.vscode/settings.json Outdated Show resolved Hide resolved
daneshk
daneshk reviewed Jan 13, 2025
View reviewed changes
ballerina/password.bal Outdated Show resolved Hide resolved
@daneshk
Copy link
Member

daneshk commented Jan 13, 2025

@randilt Thank you for your contribution.

@MohamedSabthar @DimuthuMadushan Please review the new APIs.

@randilt randilt requested a review from daneshk January 13, 2025 17:58
@randilt randilt requested a review from daneshk January 14, 2025 18:40
Marcono1234
Marcono1234 reviewed Jan 18, 2025
View reviewed changes
Copy link

@Marcono1234 Marcono1234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for this "drive-by" review. Hopefully these comments are useful, but I am not a project member so feel free to consider these comments at most as suggestions. I don't want to disrupt this review process.

native/src/main/java/io/ballerina/stdlib/crypto/PasswordUtils.java Show resolved Hide resolved
native/src/main/java/io/ballerina/stdlib/crypto/PasswordUtils.java Outdated Show resolved Hide resolved
native/src/main/java/io/ballerina/stdlib/crypto/PasswordUtils.java Show resolved Hide resolved
native/src/main/java/io/ballerina/stdlib/crypto/nativeimpl/Password.java Outdated Show resolved Hide resolved
@randilt randilt dismissed stale reviews from daneshk and ThisaruGuruge via 20bbda9 January 19, 2025 05:43
@randilt
Copy link
Contributor Author

randilt commented Jan 19, 2025

@ThisaruGuruge @daneshk Please review the newly added changes.

Added security fixes and improvements suggested by @Marcono1234

Thanks for the suggestions! @Marcono1234

@daneshk
Copy link
Member

daneshk commented Jan 19, 2025

@randilt One final request. Could you please add a proposal for this new API in the docs/proposals directory and link the issue? The example proposal can be found here

@randilt
Add proposal for BCrypt and Argon2id password hashing support in Ball…
1569a4c 
…erina crypto module
@randilt
Enhance password hashing proposal with future additions and API enhan…
c4793f3 
…cements
@randilt
Clarify future additions proposal for bcrypt and Argon2id hashing API…
4c74cbf 
…s to emphasize modularity and review process
@randilt
Update proposal document for bcrypt and Argon2id hashing APIs to incl…
ce5419f 
…ude reviewer information and maintain formatting consistency
@randilt
Update bcrypt and Argon2id hashing proposal to include reviewer detai…
ea9fc44 
…ls and adjust creation/update dates
@randilt
Update bcrypt and Argon2id hashing proposal to include additional iss…
f7e61af 
…ue references and enhance algorithm descriptions
@randilt
Update bcrypt and Argon2id hashing proposal to include reviewer infor…
cb75962 
…mation and adjust formatting
@randilt
Copy link
Contributor Author

randilt commented Jan 20, 2025

@randilt One final request. Could you please add a proposal for this new API in the docs/proposals directory and link the issue? The example proposal can be found here

@daneshk I have added the proposal here please check

@randilt randilt requested a review from daneshk January 20, 2025 04:21
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

daneshk
daneshk approved these changes Jan 20, 2025
View reviewed changes
Copy link
Member

@daneshk daneshk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ThisaruGuruge
ThisaruGuruge approved these changes Jan 20, 2025
View reviewed changes
Copy link
Member

@ThisaruGuruge ThisaruGuruge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@daneshk
Copy link
Member

daneshk commented Jan 20, 2025

@randilt, thank you very much for your contribution. It will be included in our next release.

@daneshk daneshk merged commit 6c48143 into ballerina-platform:master Jan 20, 2025
6 checks passed
@randilt
Copy link
Contributor Author

randilt commented Jan 20, 2025

@randilt, thank you very much for your contribution. It will be included in our next release.

I'm glad to contribute! Thank you all for your suggestions and support. I learned a lot during this PR. 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MohamedSabthar MohamedSabthar MohamedSabthar approved these changes

@ThisaruGuruge ThisaruGuruge ThisaruGuruge approved these changes

@daneshk daneshk daneshk approved these changes

@DimuthuMadushan DimuthuMadushan Awaiting requested review from DimuthuMadushan DimuthuMadushan is a code owner

@shafreenAnfar shafreenAnfar Awaiting requested review from shafreenAnfar shafreenAnfar is a code owner

@Marcono1234 Marcono1234 Awaiting requested review from Marcono1234

@Thevakumar-Luheerathan Thevakumar-Luheerathan Awaiting requested review from Thevakumar-Luheerathan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add library to securely hash passwords (like bcrypt) Add Bcrypt Support in Crypto Standard Library
6 participants
@randilt @daneshk @MohamedSabthar @Marcono1234 @ThisaruGuruge @Thevakumar-Luheerathan