protected override HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, IPasswordHashingOptions options)
{
return(new HashedPassword(Name, family)
{
{ "h", Convert.ToBase64String(password.Content) }
});
}
public int CalculateStrenghtPercent(PasswordFamily family, SecureBuffer password, int maxScore = 0)
{
if (maxScore <= 0)
{
maxScore = TOP_SCORE_NORMAL;
}
var score = DoCalculateStrenghtScore(family, password);
var result = (int)(100d * (score / (double)maxScore));
return(result > 100 ? 100 : result);
}
protected virtual IEnumerable <PasswordRepresentation> DoGeneratePassword(PasswordFamily family, PasswordRepresentationType type, PasswordStrengthLevel level)
{
if (family != PasswordFamily.Text && family != PasswordFamily.PIN)
{
yield break;
}
if ((type & PasswordRepresentationType.Text) != 0)
{
if (family == PasswordFamily.Text)
{
int score = 0;
while (true)
{
using (var password = ExternalRandomGenerator.Instance.NextRandomWebSafeSecureBuffer(getMinLengthForLevel(family, level), getMaxLengthForLevel(family, level)))
{
score = CalculateStrenghtScore(family, password);
if (score >= getMinScoreForLevel(family, level))
{
var content = password.Content;
var length = content.Length;
var reprContent = new byte[length];
Array.Copy(content, reprContent, length);
yield return(new PasswordRepresentation(PasswordRepresentationType.Text, "plain/text", reprContent));
break;
}
}
}
}
if (family == PasswordFamily.PIN)
{
var min = getMinLengthForLevel(family, level);
var max = getMaxLengthForLevel(family, level);
var minValue = (int)IntMath.Pow(10, min - 1);
var maxValue = (int)IntMath.Pow(10, max) - 1;
var value = (uint)ExternalRandomGenerator.Instance.NextScaledRandomInteger(minValue, maxValue);
var content = value.ToString();
var reprContent = new byte[content.Length];
for (int i = 0; i < content.Length; i++)
{
reprContent[i] = (byte)content[i];
}
yield return(new PasswordRepresentation(PasswordRepresentationType.Text, "plain/text", reprContent));
}
}
}
public int CalculateStrenghtScore(PasswordFamily family, SecureBuffer password)
{
if (password == null)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.CalculateStrenghtScore(password==null)");
}
if (!password.IsSealed)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.CalculateStrenghtScore(!password.IsSealed)");
}
CheckServiceActive();
return(DoCalculateStrenghtScore(family, password));
}
public HashedPassword ComputeHash(PasswordFamily family, SecureBuffer password)
{
if (password == null)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.ComputeHash(password==null)");
}
if (!password.IsSealed)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.ComputeHash(!password.IsSealed)");
}
CheckDaemonActive();
return(DoComputeHash(family, password));
}
private int getMaxLengthForLevel(PasswordFamily family, PasswordStrengthLevel level)
{
switch (level)
{
case PasswordStrengthLevel.Minimum: return(5 - (family == PasswordFamily.Text ? 0 : 1));
case PasswordStrengthLevel.BelowNormal: return(6 - (family == PasswordFamily.Text ? 0 : 1));
default: return(8 - (family == PasswordFamily.Text ? 0 : 2));// Normal
case PasswordStrengthLevel.AboveNormal: return(10 - (family == PasswordFamily.Text ? 0 : 3));
case PasswordStrengthLevel.Maximum: return(13 - (family == PasswordFamily.Text ? 0 : 4));
}
}
private int getMinLengthForLevel(PasswordFamily family, PasswordStrengthLevel level)
{
switch (level)
{ //todo: OGEE - what does this code do?
case PasswordStrengthLevel.Minimum: return(5 - family == PasswordFamily.Text ? 0 : 1);
case PasswordStrengthLevel.BelowNormal: return(6 - family == PasswordFamily.Text ? 0 : 1);
default: return(8 - family == PasswordFamily.Text ? 0 : 2);// Normal
case PasswordStrengthLevel.AboveNormal: return(10 - family == PasswordFamily.Text ? 0 : 3);
case PasswordStrengthLevel.Maximum: return(13 - family == PasswordFamily.Text ? 0 : 4);
}
}
public HashedPassword ComputeHash(PasswordFamily family, SecureBuffer password, PasswordStrengthLevel level = PasswordStrengthLevel.Default)
{
if (password == null)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.ComputeHash(password==null)");
}
if (!password.IsSealed)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.ComputeHash(!password.IsSealed)");
}
CheckServiceActive();
return(DoComputeHash(family, password, level == PasswordStrengthLevel.Default ? DefaultStrengthLevel : level));
}
private int getMinScoreForLevel(PasswordFamily family, PasswordStrengthLevel level)
{
switch (level)
{
case PasswordStrengthLevel.Minimum: return(TOP_SCORE_MINIMUM);
case PasswordStrengthLevel.BelowNormal: return(TOP_SCORE_BELOW_NORMAL);
default: return(TOP_SCORE_NORMAL);
case PasswordStrengthLevel.AboveNormal: return(TOP_SCORE_ABOVE_NORMAL);
case PasswordStrengthLevel.Maximum: return(TOP_SCORE_MAXIMUM);
}
}
protected override HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, PBKDF2PasswordHashingOptions options)
{
var salt = options.Salt;
var content = password.Content;
var iterations = getIterations();
//https://stackoverflow.com/questions/18648084/rfc2898-pbkdf2-with-sha256-as-digest-in-c-sharp
var hash = PlatformAbstractionLayer.Cryptography.ComputePBKDF2(content, salt, HASH_LENGTH_BYTES, iterations, HashAlgorithmName.SHA256);
var pwd = new HashedPassword(Name, family)
{
{ "h", hash.ToWebSafeBase64() },
{ "s", salt.ToWebSafeBase64() }
};
Array.Clear(hash, 0, hash.Length);
return(pwd);
}
protected override HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, MD5PasswordHashingOptions options)
{
using (var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider())
{
var content = password.Content;
var contentLength = content.Length;
var salt = options.Salt;
var buffer = new byte[contentLength + salt.Length];
Array.Copy(content, buffer, contentLength);
Array.Copy(salt, 0, buffer, contentLength, salt.Length);
var hash = md5.ComputeHash(buffer);
Array.Clear(buffer, 0, buffer.Length);
return(new HashedPassword(Name, family)
{
{ "hash", Convert.ToBase64String(hash) },
{ "salt", Convert.ToBase64String(salt) }
});
}
}
protected virtual HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, PasswordStrengthLevel level)
{
var algoFamily = m_Algorithms.Where(al => al.Match(family));
if (!algoFamily.Any())
{
throw new SecurityException(GetType().Name + ".DoComputeHash(family!match)");
}
var algs = algoFamily.Where(al => al.StrengthLevel == level);
if (!algs.Any())
{
algs = algoFamily.Where(al => al.StrengthLevel > level).OrderBy(al => al.StrengthLevel);
}
if (!algs.Any())
{
algs = algoFamily;
}
var algo = algs.FirstOrDefault(al => al.IsDefault) ?? algs.First();
return(algo.ComputeHash(family, password));
}
public IEnumerable <PasswordRepresentation> GeneratePassword(PasswordFamily family, PasswordRepresentationType type, PasswordStrengthLevel level = PasswordStrengthLevel.Default)
{
return(DoGeneratePassword(family, type, level == PasswordStrengthLevel.Default ? DefaultStrengthLevel : level));
}
public virtual bool Match(PasswordFamily family)
{
return(true);
}
protected abstract HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password);
protected virtual int DoCalculateStrenghtScore(PasswordFamily family, SecureBuffer password)
{
var chars = Encoding.UTF8.GetChars(password.Content);
if (chars.Length == 0)
{
return(0);
}
try
{
var begin = Array.FindIndex(chars, c => !Char.IsWhiteSpace(c));
if (begin < 0)
{
return(0);
}
if (chars.Length == begin)
{
return(0);
}
var end = Array.FindLastIndex(chars, c => !Char.IsWhiteSpace(c)) + 1;
var score = (end - begin) * CREDIT_CHAR_PRESENT;
if (score == 0)
{
return(0);
}
var wasUpper = false;
var wasLower = false;
var wasDigit = false;
var wasSymbol = false;
char pc = (char)0;
for (var i = begin; i < end; i++)
{
var c = chars[i];
if (Char.IsUpper(c))
{
wasUpper = true;
}
if (Char.IsLower(c))
{
wasLower = true;
}
if (Char.IsDigit(c))
{
wasDigit = true;
}
if (isSymbol(c))
{
wasSymbol = true;
}
if (i > 0 &&
(Char.IsUpper(c) != Char.IsUpper(pc) ||
Char.IsDigit(c) != Char.IsDigit(pc) ||
isSymbol(c) != isSymbol(pc)))
{
score += CREDIT_TYPE_TRANSITION;
}
if (c == pc)
{
score -= DEBIT_CHAR_REPEAT;
}
if (Math.Abs(c - pc) == 1)
{
score -= DEBIT_ADJACENT_CHAR;
}
pc = c;
chars[i] = Char.ToLowerInvariant(c);
}
if (wasUpper && wasLower)
{
score += CREDIT_CASE_MIX;
}
if (wasDigit && (wasUpper || wasLower || wasSymbol))
{
score += CREDIT_DIGIT_MIX;
}
if (wasSymbol)
{
score += CREDIT_SYMBOL_MIX;
}
for (var i = 0; i < DEFAULT_COMMON_WORDS.Length; i++)
{
var commonChars = DEFAULT_COMMON_WORDS[i].ToCharArray();
var from = begin;
while ((from = Array.IndexOf(chars, commonChars[0], from)) >= 0)
{
var find = true;
var j = 0;
for (; j < commonChars.Length && from + j < chars.Length; j++)
{
if (chars[from + j] != commonChars[j])
{
find = false;
break;
}
}
if (find && j == commonChars.Length)
{
score -= DEBIT_COMMON_WORD;
}
from++;
}
}
return(score < 0 ? 0 : score);
}
finally
{
Array.Clear(chars, 0, chars.Length);
}
}
public HashedPassword(string algoName, PasswordFamily family)
{
m_Content = new JsonDataMap(false);
m_Content[KEY_ALG] = algoName.NonBlank(nameof(algoName));
m_Content[KEY_FAM] = family;
}
public virtual bool Match(PasswordFamily family) => true;
public HashedPassword(string algoName, PasswordFamily family)
{
m_Content = new JSONDataMap(false);
m_Content[KEY_ALGO] = algoName;
m_Content[KEY_FAM] = family;
}