// the only required parameter is 'machineKeySection'; other parameters are just used for unit testing
internal MachineKeyMasterKeyProvider(MachineKeySection machineKeySection, string applicationId = null, string applicationName = null, CryptographicKey autogenKeys = null, KeyDerivationFunction keyDerivationFunction = null) {
_machineKeySection = machineKeySection;
_applicationId = applicationId;
_applicationName = applicationName;
_autogenKeys = autogenKeys;
_keyDerivationFunction = keyDerivationFunction;
}
public ECIES(ECDomainNames name)
{
_domain = ECDomains.GetDomainParameter(name);
_kdf = new ANSI_X963_KDF(new SHA1Managed());
_params = new ECIESParameters(_domain);
_mac = new HMACSHA1();
}
internal MachineKeyMasterKeyProvider(MachineKeySection machineKeySection, string applicationId = null, string applicationName = null, CryptographicKey autogenKeys = null, KeyDerivationFunction keyDerivationFunction = null)
{
this._machineKeySection = machineKeySection;
this._applicationId = applicationId;
this._applicationName = applicationName;
this._autogenKeys = autogenKeys;
this._keyDerivationFunction = keyDerivationFunction;
}
// the only required parameter is 'machineKeySection'; other parameters are just used for unit testing
internal MachineKeyMasterKeyProvider(MachineKeyConfig machineKeySection, string applicationId = null, string applicationName = null, CryptographicKey autogenKeys = null, KeyDerivationFunction keyDerivationFunction = null)
{
_machineKeyConfig = machineKeySection;
_applicationId = applicationId;
_applicationName = applicationName;
_autogenKeys = autogenKeys;
_keyDerivationFunction = keyDerivationFunction;
}
public void HashVerify_SamePassword_True()
{
var kdf = new KeyDerivationFunction();
var hash = kdf.HashPassword(Pass);
var result = kdf.VerifyHashedPassword(hash, Pass);
Assert.IsTrue(result);
}
public void HashPassword_Twice_DifferentResult()
{
var kdf = new KeyDerivationFunction();
var hash1 = kdf.HashPassword(Pass);
var hash2 = kdf.HashPassword(Pass);
Assert.AreNotEqual(hash1, hash2);
}
public void HashVerify_DifferentPassword_False()
{
var kdf = new KeyDerivationFunction();
var hash = kdf.HashPassword(Pass);
var result = kdf.VerifyHashedPassword(hash, Pass + "1");
Assert.IsFalse(result);
}
// This constructor is used only for testing purposes and by the singleton provider
// and should not otherwise be called during ASP.NET request processing.
internal AspNetCoreCryptoServiceProvider(MachineKeyConfig machineKeyConfig = null, ICryptoAlgorithmFactory cryptoAlgorithmFactory = null, IMasterKeyProvider masterKeyProvider = null, IDataProtectorFactory dataProtectorFactory = null, KeyDerivationFunction keyDerivationFunction = null)
{
_machineKeyConfig = machineKeyConfig;
_cryptoAlgorithmFactory = cryptoAlgorithmFactory;
_masterKeyProvider = masterKeyProvider;
_dataProtectorFactory = dataProtectorFactory;
_keyDerivationFunction = keyDerivationFunction;
// The DataProtectorCryptoService is active if specified as such in config
_isDataProtectorEnabled = (machineKeyConfig != null && !String.IsNullOrWhiteSpace(machineKeyConfig.DataProtectorType));
}
public void HashPassword_Twice_BothVerified()
{
var kdf = new KeyDerivationFunction();
var hash1 = kdf.HashPassword(Pass);
var hash2 = kdf.HashPassword(Pass);
var result1 = kdf.VerifyHashedPassword(hash1, Pass);
var result2 = kdf.VerifyHashedPassword(hash2, Pass);
Assert.IsTrue(result1);
Assert.IsTrue(result2);
}
// This constructor is used only for testing purposes and by the singleton provider
// and should not otherwise be called during ASP.NET request processing.
internal AspNetCryptoServiceProvider(MachineKeySection machineKeySection = null, ICryptoAlgorithmFactory cryptoAlgorithmFactory = null, IMasterKeyProvider masterKeyProvider = null, IDataProtectorFactory dataProtectorFactory = null, KeyDerivationFunction keyDerivationFunction = null) {
_machineKeySection = machineKeySection;
_cryptoAlgorithmFactory = cryptoAlgorithmFactory;
_masterKeyProvider = masterKeyProvider;
_dataProtectorFactory = dataProtectorFactory;
_keyDerivationFunction = keyDerivationFunction;
// This CryptoServiceProvider is active if specified as such in the <system.web/machineKey> section
IsDefaultProvider = (machineKeySection != null && machineKeySection.CompatibilityMode >= MachineKeyCompatibilityMode.Framework45);
// The DataProtectorCryptoService is active if specified as such in config
_isDataProtectorEnabled = (machineKeySection != null && !String.IsNullOrWhiteSpace(machineKeySection.DataProtectorType));
}
// This constructor is used only for testing purposes and by the singleton provider
// and should not otherwise be called during ASP.NET request processing.
internal AspNetCryptoServiceProvider(MachineKeySection machineKeySection = null, ICryptoAlgorithmFactory cryptoAlgorithmFactory = null, IMasterKeyProvider masterKeyProvider = null, IDataProtectorFactory dataProtectorFactory = null, KeyDerivationFunction keyDerivationFunction = null)
{
_machineKeySection = machineKeySection;
_cryptoAlgorithmFactory = cryptoAlgorithmFactory;
_masterKeyProvider = masterKeyProvider;
_dataProtectorFactory = dataProtectorFactory;
_keyDerivationFunction = keyDerivationFunction;
// This CryptoServiceProvider is active if specified as such in the <system.web/machineKey> section
IsDefaultProvider = (machineKeySection != null && machineKeySection.CompatibilityMode >= MachineKeyCompatibilityMode.Framework45);
// The DataProtectorCryptoService is active if specified as such in config
_isDataProtectorEnabled = (machineKeySection != null && !String.IsNullOrWhiteSpace(machineKeySection.DataProtectorType));
}
public override void Up()
{
using (var db = new MikolaitisApiDbContext())
{
var pass = new KeyDerivationFunction().HashPassword("aA12345");
db.Users.Add(new UserEntity("Сергей", "*****@*****.**", pass).AddAuth(5));
db.Users.Add(new UserEntity("Василий", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Петр", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Николай", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Елена", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Алена", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Екатерина", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Дарья", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Александр", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Михаил", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Артем", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Геннадий", "*****@*****.**", pass).AddAuth(2));
db.Users.Add(new UserEntity("Алексей", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Джессика", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Мария", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Наталья", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Владимир", "*****@*****.**", pass).AddAuth(22));
db.Users.Add(new UserEntity("Руслан", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Виталий", "*****@*****.**", pass).AddAuth(8));
db.Users.Add(new UserEntity("Виктор", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Евгений", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Никита", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Ангелина", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Надежда", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Стас", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Зоя", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Андрей", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Оля", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Максим", "*****@*****.**", pass));
db.Users.Add(new UserEntity("Дмитрий", "*****@*****.**", pass).AddAuth(2));
db.Users.Add(new UserEntity("Люда", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Карина", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Зинаида", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Кристина", "*****@*****.**", pass).AddAuth());
db.Users.Add(new UserEntity("Гоша", "*****@*****.**", pass).AddAuth());
db.SaveChanges();
}
}
/// <summary>
/// Creates a new instance of the <see cref="SecuritySettings"/> class.
/// </summary>
/// <param name="encryptionAlgo">The algorithm used to encrypt data in the archive.</param>
/// <param name="keyDerivationFunction">The key derivation function (KDF) used to generate user keys.</param>
/// <param name="keyDerivationWorkFactor">The work factor parameter (e.g. iteration count) for the KDF.</param>
/// <param name="KeyIdSizeInBytes">The size (in bytes) of KeyIds generated for user keys.</param>
public static SecuritySettings Create(
EncryptionAlgo encryptionAlgo,
KeyDerivationFunction keyDerivationFunction,
int keyDerivationWorkFactor,
int keyIdSizeInBytes)
{
ArgCheck.IsNot(EncryptionAlgo.Unknown, encryptionAlgo, nameof(encryptionAlgo));
ArgCheck.IsNot(KeyDerivationFunction.Unknown, keyDerivationFunction, nameof(keyDerivationFunction));
ArgCheck.GreaterThanZero(keyDerivationWorkFactor, nameof(keyDerivationWorkFactor));
ArgCheck.GreaterThanZero(keyIdSizeInBytes, nameof(keyIdSizeInBytes));
return(new SecuritySettings
{
EncryptionAlgo = encryptionAlgo,
KeyDerivationFunction = keyDerivationFunction,
KeyDerivationWorkFactor = keyDerivationWorkFactor,
KeyIdSizeInBytes = keyIdSizeInBytes,
});
}
private byte[] _encryptionIV = null;//SORCE_CHANGED added encryption IV to re-ecrypt the data
// This constructor is used only for testing purposes and by the singleton provider
// and should not otherwise be called during ASP.NET request processing.
internal AspNetCryptoServiceProvider(string strValidationKey, string strValAlgo, string strDecryptionKey, string strDecAlgo)
{
MachineKeySection machineKeySection = new MachineKeySection();
machineKeySection.DecryptionKey = strDecryptionKey;
machineKeySection.Decryption = strDecAlgo;
machineKeySection.ValidationKey = strValidationKey;
machineKeySection.ValidationAlgorithm = strValAlgo;
_machineKeySection = machineKeySection;
_cryptoAlgorithmFactory = new MachineKeyCryptoAlgorithmFactory(machineKeySection);
_masterKeyProvider = new MachineKeyMasterKeyProvider(machineKeySection);
_dataProtectorFactory = new MachineKeyDataProtectorFactory(machineKeySection);
_keyDerivationFunction = SP800_108.DeriveKey;
// This CryptoServiceProvider is active if specified as such in the <system.web/machineKey> section
IsDefaultProvider = (machineKeySection != null && machineKeySection.CompatibilityMode >= MachineKeyCompatibilityMode.Framework45);
// The DataProtectorCryptoService is active if specified as such in config
_isDataProtectorEnabled = (machineKeySection != null && !String.IsNullOrWhiteSpace(machineKeySection.DataProtectorType));
}
public static IKdfFunction CreateKdf(KeyDerivationFunction kdfEnum, int outputSize, byte[] config)
{
return(KdfInstantiators[kdfEnum](outputSize, config));
}
/// <summary>
/// Derives a working key with the KDF module.
/// </summary>
/// <returns>The working key.</returns>
/// <param name="kdfEnum">Key derivation function to use.</param>
/// <param name="key">Pre-key to use as input material.</param>
/// <param name="salt">Salt to use in derivation to increase entropy.</param>
/// <param name="outputSize">Output key size in bytes.</param>
/// <param name="config">Serialised configuration of the KDF.</param>
public static byte[] DeriveKeyWithKdf(KeyDerivationFunction kdfEnum, byte[] key, byte[] salt, int outputSize, byte[] config)
{
return(KdfStatics[kdfEnum](key, salt, outputSize, config));
}
public CryptographicKey GetDerivedValidationKey(IMasterKeyProvider masterKeyProvider, KeyDerivationFunction keyDerivationFunction)
{
// has a key already been stored?
CryptographicKey actualDerivedKey = DerivedValidationKey;
if (actualDerivedKey == null)
{
CryptographicKey masterKey = masterKeyProvider.GetValidationKey();
actualDerivedKey = keyDerivationFunction(masterKey, this);
// only save the key back to storage if this Purpose is configured to do so
if (SaveDerivedKeys)
{
DerivedValidationKey = actualDerivedKey;
}
}
return(actualDerivedKey);
}
public CryptographicKey GetDerivedValidationKey(IMasterKeyProvider masterKeyProvider, KeyDerivationFunction keyDerivationFunction) {
// has a key already been stored?
CryptographicKey actualDerivedKey = DerivedValidationKey;
if (actualDerivedKey == null) {
CryptographicKey masterKey = masterKeyProvider.GetValidationKey();
actualDerivedKey = keyDerivationFunction(masterKey, this);
// only save the key back to storage if this Purpose is configured to do so
if (SaveDerivedKeys) {
DerivedValidationKey = actualDerivedKey;
}
}
return actualDerivedKey;
}
internal ECDiffieHellman(ECDiffieHellmanParameters param)
{
_params = param;
_kdf = new ANSI_X963_KDF(new SHA1Managed());
}
public CryptographicKey GetDerivedValidationKey(IMasterKeyProvider masterKeyProvider, KeyDerivationFunction keyDerivationFunction)
{
CryptographicKey cryptographicKey = this.DerivedValidationKey;
if (cryptographicKey == null)
{
CryptographicKey validationKey = masterKeyProvider.GetValidationKey();
cryptographicKey = keyDerivationFunction(validationKey, this);
if (this.SaveDerivedKeys)
{
this.DerivedValidationKey = cryptographicKey;
}
}
return(cryptographicKey);
}
internal ECMQV(ECDomainParameters domain)
{
_params = new ECMQVParameters(domain);
_kdf = new ANSI_X963_KDF(new SHA1Managed());
}
