public bool SaveSettings(string filename, string password)
{
if (_otpSettings == null)
{
return(false);
}
FileStream fs = null;
try
{
if (File.Exists(filename))
{
File.Delete(filename);
}
fs = File.OpenWrite(filename);
fs.Seek(4, 0);
fs.Write(_otpSettings.Salt1, 0, _otpSettings.Salt1.Length);
fs.Write(_otpSettings.Salt2, 0, _otpSettings.Salt2.Length);
byte[] passwordBytes = GeneralConverters.GetByteArrayFromString(password);
string passwordHash = CreatePasswordHash(_otpSettings.Salt1, _otpSettings.Salt2, passwordBytes);
passwordBytes = GeneralConverters.GetByteArrayFromString(passwordHash);
fs.Write(passwordBytes, 0, passwordBytes.Length);
byte[] encodedBytes = _otpSettings.Encode(password);
int encodedBlockSize = encodedBytes.Length;
byte[] buffer = BitConverter.GetBytes(encodedBlockSize);
fs.Write(buffer, 0, buffer.Length);
fs.Write(encodedBytes, 0, encodedBytes.Length);
// Write configOffsetBytes
fs.Seek(0, SeekOrigin.Begin);
int configOffsetBytes = _otpSettings.Salt1.Length + _otpSettings.Salt2.Length + passwordBytes.Length;
buffer = BitConverter.GetBytes(configOffsetBytes);
fs.Write(buffer, 0, buffer.Length);
fs.Seek(0, SeekOrigin.End);
}
catch (Exception ex)
{
Log.Error(ex, "Exception in SaveSettings()");
if (File.Exists(filename))
{
File.Delete(filename);
}
}
finally
{
fs?.Close();
}
return(true);
}
public bool ValidatePassword(string password)
{
if (_otpSettings == null)
{
throw new InvalidOperationException("OTPConfigService must be Initialized before password validation");
}
byte[] passwordBytes = GeneralConverters.GetByteArrayFromString(password);
return(CreatePasswordHash(_otpSettings.Salt1, _otpSettings.Salt2, passwordBytes) == PasswordHash);
}
/// <summary>
/// Create a new instance of otpSettings
/// </summary>
/// <param name="password"></param>
/// <returns>Password hash</returns>
public string Create(string password, Authenticator.SecretKeyLength keyLength)
{
using (var randomNumberGenerator = RandomNumberGenerator.Create())
{
byte[] salt1Bytes = new byte[SaltByteLength];
byte[] salt2Bytes = new byte[SaltByteLength];
byte[] passwordBytes = GeneralConverters.GetByteArrayFromString(password);
randomNumberGenerator.GetBytes(salt1Bytes);
randomNumberGenerator.GetBytes(salt2Bytes);
PasswordHash = CreatePasswordHash(salt1Bytes, salt2Bytes, passwordBytes);
_otpSettings = new OTPSettings(Authenticator.GenerateKey(keyLength), salt1Bytes, salt2Bytes);
Initialized = true;
return(PasswordHash);
}
}
public byte[] Encode(string password)
{
var secureRandom = new SecureRandomGenerator();
var msBlock = new MemoryStream();
var msContent = new MemoryStream();
int leftPaddingLength = secureRandom.GetRandomInt(64, 512);
int rightPaddingLength = secureRandom.GetRandomInt(64, 512);
byte[] sharedSecretBytes = GeneralConverters.GetByteArrayFromString(SharedSecret);
byte[] buffer = BitConverter.GetBytes(leftPaddingLength);
msBlock.Write(buffer, 0, buffer.Length);
buffer = BitConverter.GetBytes(rightPaddingLength);
msBlock.Write(buffer, 0, buffer.Length);
buffer = BitConverter.GetBytes(leftPaddingLength + rightPaddingLength + sharedSecretBytes.Length);
msBlock.Write(buffer, 0, buffer.Length);
msBlock.Write(secureRandom.GetRandomData(leftPaddingLength), 0, leftPaddingLength);
msBlock.Write(sharedSecretBytes, 0, sharedSecretBytes.Length);
msBlock.Write(secureRandom.GetRandomData(rightPaddingLength), 0, rightPaddingLength);
byte[] encodeBytes = msBlock.ToArray();
encodeBytes = EncryptionManager.EncryptData(encodeBytes, password);
byte[] hashBytes = SHA512.Create().ComputeHash(encodeBytes, 0, encodeBytes.Length);
buffer = BitConverter.GetBytes(encodeBytes.Length);
msContent.Write(buffer, 0, buffer.Length);
msBlock.WriteTo(msContent);
buffer = BitConverter.GetBytes(hashBytes.Length);
msContent.Write(buffer, 0, buffer.Length);
msContent.Write(hashBytes, 0, hashBytes.Length);
return(msContent.ToArray());
}
public static string GetSHA512HashAsHexString(string inputString)
{
return(GetSHA512HashAsHexString(GeneralConverters.GetByteArrayFromString(inputString)));
}