public static void Pbkdf2_PasswordString_NullPassword()
{
AssertExtensions.Throws <ArgumentNullException>("password", () =>
Rfc2898DeriveBytes.Pbkdf2(
password: (string)null, s_salt, iterations: 1, HashAlgorithmName.SHA256, s_extractLength)
);
}
public static void Pbkdf2_PasswordBytes_BogusHash()
{
Assert.Throws <CryptographicException>(() =>
Rfc2898DeriveBytes.Pbkdf2(
s_passwordBytes, s_salt, iterations: 1, new HashAlgorithmName("BLAH"), s_extractLength)
);
}
public static void Pbkdf2_PasswordBytes_EmptyHashName()
{
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () =>
Rfc2898DeriveBytes.Pbkdf2(
s_passwordBytes, s_salt, iterations: 1, new HashAlgorithmName(""), s_extractLength)
);
}
public static void Pbkdf2_PasswordBytes_SaltBytes_SaltEmpty()
{
byte[] expectedKey = "1E437A1C79D75BE61E91141DAE20".HexToByteArray();
byte[] key = Rfc2898DeriveBytes.Pbkdf2(
new byte[0], salt: new byte[0], iterations: 1, HashAlgorithmName.SHA1, s_extractLength);
Assert.Equal(expectedKey, key);
}
public static void Pbkdf2_PasswordBytes_SaltBytes_OutputLengthNegative()
{
AssertExtensions.Throws <ArgumentOutOfRangeException>("outputLength", () =>
Rfc2898DeriveBytes.Pbkdf2(
s_passwordBytes, s_salt, iterations: 1, HashAlgorithmName.SHA256, -1)
);
}
public static void Pbkdf2_PasswordString_NullHashName()
{
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () =>
Rfc2898DeriveBytes.Pbkdf2(
Password, s_salt, iterations: 1, default(HashAlgorithmName), s_extractLength)
);
}
public static void Pbkdf2_PasswordBytes_NullSalt()
{
AssertExtensions.Throws <ArgumentNullException>("salt", () =>
Rfc2898DeriveBytes.Pbkdf2(
s_passwordBytes, salt: (byte[])null, iterations: 1, HashAlgorithmName.SHA256, s_extractLength)
);
}
public static void Pbkdf2_PasswordString_SaltBytes_IterationsNegative()
{
AssertExtensions.Throws <ArgumentOutOfRangeException>("iterations", () =>
Rfc2898DeriveBytes.Pbkdf2(
Password, s_salt, iterations: -1, HashAlgorithmName.SHA256, s_extractLength)
);
}
public byte[] DeriveKey(string password, byte[] salt, KeyDerivationPrf prf, int iterationCount, int numBytesRequested)
{
Debug.Assert(password != null);
Debug.Assert(salt != null);
Debug.Assert(iterationCount > 0);
Debug.Assert(numBytesRequested > 0);
HashAlgorithmName algorithmName;
switch (prf)
{
case KeyDerivationPrf.HMACSHA1:
algorithmName = HashAlgorithmName.SHA1;
break;
case KeyDerivationPrf.HMACSHA256:
algorithmName = HashAlgorithmName.SHA256;
break;
case KeyDerivationPrf.HMACSHA512:
algorithmName = HashAlgorithmName.SHA512;
break;
default:
throw new ArgumentOutOfRangeException(nameof(prf));
}
return(Rfc2898DeriveBytes.Pbkdf2(password, salt, iterationCount, algorithmName, numBytesRequested));
}
public static void Pbkdf2_Password_Salt_Overlapping_Completely()
{
Span <byte> buffer = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
byte[] expected = { 0xBE, 0xA4, 0xEE, 0x0E, 0xC3, 0x98, 0xBF, 0x32 };
Rfc2898DeriveBytes.Pbkdf2(buffer, buffer, buffer, iterations: 1, HashAlgorithmName.SHA256);
Assert.Equal(expected, buffer.ToArray());
}
/// <inheritdoc />
public PasswordHash CreatePasswordHash(ReadOnlySpan <char> password)
{
byte[] salt = GenerateSalt();
return(new PasswordHash(
DefaultHashMethod,
Rfc2898DeriveBytes.Pbkdf2(
password,
salt,
DefaultIterations,
HashAlgorithmName.SHA512,
DefaultOutputLength),
salt,
new Dictionary <string, string>
{
{ "iterations", DefaultIterations.ToString(CultureInfo.InvariantCulture) }
}));
}
/// <summary>
///
/// </summary>
/// <param name="decryptedBytes"></param>
/// <param name="password"></param>
/// <param name="keySize"></param>
/// <param name="iterations"></param>
/// <returns></returns>
public static byte[] Encrypt(byte[] decryptedBytes, string password, int keySize, int iterations)
{
ReadOnlySpan <byte> salt = RandomNumberGenerator.GetBytes(keySize / 8); // Generate salt based
ReadOnlySpan <byte> iv = RandomNumberGenerator.GetBytes(blockSize / 8); // Generate iv, has to be the same as the block size
byte[] key = Rfc2898DeriveBytes.Pbkdf2(password, salt, iterations, HashAlgorithmName.SHA512, keySize / 8);
using Aes aes = Aes.Create();
aes.Key = key;
int encryptedSize = aes.GetCiphertextLengthCbc(decryptedBytes.Length);
byte[] cipher = new byte[salt.Length + iv.Length + encryptedSize];
Span <byte> cipherSpan = cipher;
salt.CopyTo(cipherSpan);
iv.CopyTo(cipherSpan[salt.Length..]);
public static void OldMain(string[] args)
{
//var dbPasswd = "95$cHY76d#D8";
//var dbServer = "db.agsjyohfeddzbznajrgz.supabase.co";
//var connstr = $"User Id=postgres;Password={dbPasswd};Server={dbServer};Port=5432;Database=postgres";
//var sbClient = await Supabase.Client.InitializeAsync(
// "https://agsjyohfeddzbznajrgz.supabase.co",
// "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFnc2p5b2hmZWRkemJ6bmFqcmd6Iiwicm9sZSI6ImFub24iLCJpYXQiOjE2NDUxODg4MjMsImV4cCI6MTk2MDc2NDgyM30.mEjK4OBjUwN8y7W2lV5JM6iRXdD1iKYc4Yaa2kSApUM");
//var instance = Supabase.Client.Instance;
//if (instance == null)
//{
// throw new Exception("failed to get Supabase client instance");
//}
//var accounts = await instance.From<Account>().Get();
//Console.WriteLine("Accounts:");
//foreach (var a in accounts.Models)
//{
// Console.WriteLine($"Account: {a.Email}");
//}
//var sdtResponse = await instance.Rpc("GetSystemDateTime", null);
//var sdt = JsonSerializer.Deserialize<DateTime>(sdtResponse.Content);
//Console.WriteLine(sdt);
string email = "*****@*****.**";
string mpass = "******";
var mkeyIters = 10000;
var mkeyAlgor = HashAlgorithmName.SHA256;
var mkeyLength = 32;
var emailHash = SHA256.HashData(Encoding.UTF8.GetBytes(email));
var masterKey = Rfc2898DeriveBytes.Pbkdf2(Encoding.UTF8.GetBytes(mpass), emailHash, mkeyIters, mkeyAlgor, mkeyLength);
//Console.WriteLine(masterKey.Length);
//Console.WriteLine(Convert.ToBase64String(masterKey));
}
/// <inheritdoc />
public bool Verify(PasswordHash hash, ReadOnlySpan <char> password)
{
if (string.Equals(hash.Id, "PBKDF2", StringComparison.Ordinal))
{
return(hash.Hash.SequenceEqual(
Rfc2898DeriveBytes.Pbkdf2(
password,
hash.Salt,
int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
HashAlgorithmName.SHA1,
32)));
}
if (string.Equals(hash.Id, "PBKDF2-SHA512", StringComparison.Ordinal))
{
return(hash.Hash.SequenceEqual(
Rfc2898DeriveBytes.Pbkdf2(
password,
hash.Salt,
int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
HashAlgorithmName.SHA512,
DefaultOutputLength)));
}
if (!_supportedHashMethods.Contains(hash.Id))
{
throw new CryptographicException($"Requested hash method is not supported: {hash.Id}");
}
using var h = HashAlgorithm.Create(hash.Id) ?? throw new ResourceNotFoundException($"Unknown hash method: {hash.Id}.");
var bytes = Encoding.UTF8.GetBytes(password.ToArray());
if (hash.Salt.Length == 0)
{
return(hash.Hash.SequenceEqual(h.ComputeHash(bytes)));
}
byte[] salted = new byte[bytes.Length + hash.Salt.Length];
Array.Copy(bytes, salted, bytes.Length);
hash.Salt.CopyTo(salted.AsSpan(bytes.Length));
return(hash.Hash.SequenceEqual(h.ComputeHash(salted)));
}
private static byte[] DeriveKeyImpl(string password, byte[] salt, KeyDerivationPrf prf, int iterationCount, int numBytesRequested)
{
HashAlgorithmName algorithmName;
switch (prf)
{
case KeyDerivationPrf.HMACSHA1:
algorithmName = HashAlgorithmName.SHA1;
break;
case KeyDerivationPrf.HMACSHA256:
algorithmName = HashAlgorithmName.SHA256;
break;
case KeyDerivationPrf.HMACSHA512:
algorithmName = HashAlgorithmName.SHA512;
break;
default:
throw new ArgumentOutOfRangeException();
}
return(Rfc2898DeriveBytes.Pbkdf2(Encoding.UTF8.GetBytes(password), salt, iterationCount, algorithmName, numBytesRequested));
}
public static void Pbkdf2_PasswordString_InvalidUtf8()
{
Assert.Throws <EncoderFallbackException>(() =>
Rfc2898DeriveBytes.Pbkdf2(
"\uD800", s_salt, iterations: 1, HashAlgorithmName.SHA256, s_extractLength));
}
