I have to implement Argon2 hashing in Adobe ColdFusion 2018. I have found two Java Bindings which could be used:
- argon2-jvm: https://github.com/phxql/argon2-jvm
- jargon2-api: https://github.com/kosprov/jargon2-api
The first one I have successfully integrated. It works well, the only problem is that it does not allow passing a 'pepper' string (a.k.a. 'secret').
So I tried integrating the other binding too. To solve problems with dependiencies I use the JavaLoader (https://github.com/markmandel/JavaLoader). The Jars I get via Maven.
However, I get the following exception:
Typ | java.lang.UnsatisfiedLinkError
Diagnose | Unable to load library 'argon2': Das angegebene Modul wurde nicht gefunden. Das angegebene Modul wurde nicht gefunden. Das angegebene Modul wurde nicht gefunden. Native library (win32-x86-64/argon2.dll) not found in resource path ([file:/D:/ColdFusion2018/cfusion/lib/updates/chf20180010.jar,
The code looks like this:
component name="Argon2Kosprov" output="false" {
public function init(string pepper = "pepper") {
getJavaLoader();
// More info about the API: https://github.com/kosprov/jargon2-api
local.jargon2 = variables.javaLoader.create("com.kosprov.jargon2.api.Jargon2");
variables.hasher = local.jargon2.jargon2Hasher();
initConstants();
variables.hasher.type(variables.argon2Type);
// Parameters
variables.hasher.memoryCost(65536); // 64MB memory cost
variables.hasher.timeCost(3); // 3 passes through memory
variables.hasher.parallelism(4); // use 4 lanes and 4 threads
variables.hasher.saltLength(16); // 16 random bytes salt
variables.hasher.hashLength(16); // 16 bytes output hash
applyPepper(arguments.pepper);
// Just get a hold on the verifier. No special configuration needed.
variables.verifier = local.jargon2.jargon2Verifier();
return this;
}
public void function applyPepper(required string pepper) {
local.binaryValue = stringToBinary(arguments.pepper);
variables.hasher.secret(local.binaryValue);
}
public string function hashString(required string string) {
// Set the password and calculate the encoded hash
local.binaryValue = stringToBinary(arguments.string);
local.encodedHash = variables.hasher.password(local.binaryValue).encodedHash();
return local.encodedHash;
}
public boolean function checkString(required string string, required string hash) {
// Set the encoded hash, the password and verify
return variables.verifier.hash(arguments.hash).password(arguments.string).verifyEncoded();
}
// private functions
private void function initConstants() {
local.argon2Types = variables.javaLoader.create("com.kosprov.jargon2.api.Jargon2$Type");
final variables.argon2Type = local.argon2Types.ARGON2id
}
/**
* @hint Load specific .jar files using JavaLoader
* */
private component function getJavaLoader() {
if (NOT StructKeyExists(variables, "javaLoader")) {
local.jarArray = [
ExpandPath("/jars/net/java/dev/jna/jna/5.6.0/jna-5.6.0.jar"),
ExpandPath("/jars/com/nativelibs4java/ochafik-util/0.12/ochafik-util-0.12.jar"),
ExpandPath("/jars/com/nativelibs4java/jnaerator-runtime/0.12/jnaerator-runtime-0.12.jar"),
ExpandPath("/jars/com/kosprov/jargon2/jargon2-native-ri-backend/1.1.1/jargon2-native-ri-backend-1.1.1.jar"),
ExpandPath("/jars/com/kosprov/jargon2/jargon2-native-ri-binaries-generic/1.1.1/jargon2-native-ri-binaries-generic-1.1.1.jar"),
ExpandPath("/jars/com/kosprov/jargon2/jargon2-api/1.1.1/jargon2-api-1.1.1.jar")
];
variables.javaLoader = CreateObject("component", "lib.shared.javaloader.JavaLoader").init(local.jarArray);
}
return variables.javaLoader;
}
private any function stringToBinary(required string) {
local.base64Value = toBase64(arguments.string);
local.binaryValue = toBinary(base64Value);
return local.binaryValue;
}
}
and it is called like this:
<cfset local.argon = new lib.shared.argon2.Argon2Kosprov()>
<cfset local.password = "alabala">
<cfset local.hash = local.argon.hashString(local.password).encodedHash()>
Then comes the exception saying the the DLL is not found. The DLL is in the JAR and should not be separately loaded.
Has anyone by chance successfully integrated this Argon2 binding in Coldfusion?