private static bool VerifyPasswordHash(string password, byte[] storedHash, byte[] storedSalt) { if (password == null) { throw new ArgumentNullException("password"); } if (string.IsNullOrWhiteSpace(password)) { throw new ArgumentException("Value cannot be empty or whitespace only string.", "password"); } ////if (storedHash.Length != 64) throw new ArgumentException("Invalid length of password hash (64 bytes expected).", "passwordHash"); //if (storedSalt.Length != 128) throw new ArgumentException("Invalid length of password salt (128 bytes expected).", "passwordHash"); //using (var hmac = new System.Security.Cryptography.HMACSHA512(storedSalt)) //{ // var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); // for (int i = 0; i < computedHash.Length; i++) // { // if (computedHash[i] != storedHash[i]) return false; // } //} GostCrypto.Gost34102012Signer signer = new GostCrypto.Gost34102012Signer(new BigInteger(storedSalt)); return(signer.SignIsValid(password, Encoding.UTF8.GetString(storedHash))); }
// private helper methods private static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt) { if (password == null) { throw new ArgumentNullException("password"); } if (string.IsNullOrWhiteSpace(password)) { throw new ArgumentException("Value cannot be empty or whitespace only string.", "password"); } //using (var hmac = new System.Security.Cryptography.HMACSHA512()) //{ // passwordSalt = hmac.Key; // passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); //} BigInteger b = new BigInteger(); b.genRandomBits(512, new Random()); passwordSalt = b.getBytes(); GostCrypto.Gost34102012Signer signer = new GostCrypto.Gost34102012Signer(new BigInteger(passwordSalt)); passwordHash = Encoding.UTF8.GetBytes(signer.Sign(password)); }
internal static string WriteToken(GOSTSecurityToken token) { string header = JsonConvert.SerializeObject(new { alg = "gost34.11.2012", typ = "JWT" }); // TODO claims // audience string payLoad = JsonConvert.SerializeObject(new { userId = token.Id, iss = token.Issuer, aud = "TemplateApp", nbf = token.ValidFrom.ToString(), exp = token.ValidTo.ToString() }); //1 byte[] securityKey = ((SymmetricSecurityKey)token.SecurityKey).Key; string unsignedToken = ToBase64(header) + '.' + ToBase64(payLoad); GostCrypto.Gost34102012Signer signer = new GostCrypto.Gost34102012Signer(new BigInteger(securityKey)); string signature = signer.Sign(unsignedToken); return(ToBase64(header) + "." + ToBase64(payLoad) + "." + ToBase64(signature)); }