예제 #1
0
        public static bool CheckMasterPassword(SecureString password, bool shortCheck = false)
        {
            EncryptedPassword created = new EncryptedPassword();

            created.GetPasswordFromFile(".key");
            int iterations = cryptography.GenerateIterationsFromSalt(created.Salt);

            if (iterations == 0)
            {
                throw new SecurityException("Password hash was tampered with!");
            }
            byte[] newHash = cryptography.GenerateMasterPasswordHash(password, created.Salt, iterations);
            if (!ConstantTimeComparison(newHash, created.Hash))
            {
                return(false);
            }
            else
            {
                string commonErrorMessage = "New password could be generated but all existing data including plugins state will be lost."
                                            + Environment.NewLine + "Would you like to generate new password?";
                if (shortCheck)
                {
                    return(true);
                }
                if (IOProxy.Exists(".bak_key"))
                {
                    EncryptedPassword appHash = new EncryptedPassword();
                    appHash.GetPasswordFromFile(".bak_key");
                    try
                    {
                        _appPassword = new PasswordObject(cryptography.DecryptAppPassword(appHash.Hash, _appPasswordLenght, password, appHash.Salt), appHash.Salt);
                    }
                    catch (Exception)
                    {
                        if (!ShowAppPasswordDecryptionError("Application password cannot be decrypted! " + Environment.NewLine + commonErrorMessage))
                        {
                            OnAuthentificationComplete(new AuthentificationEventArgs(false));
                        }
                        else
                        {
                            NewApplicationPassword(password);
                        }
                    }
                }
                else
                {
                    if (!ShowAppPasswordDecryptionError("Application password file not found! " + Environment.NewLine + commonErrorMessage))
                    {
                        OnAuthentificationComplete(new AuthentificationEventArgs(false));
                    }
                    else
                    {
                        NewApplicationPassword(password);
                    }
                }
                OnAuthentificationComplete(new AuthentificationEventArgs());
                return(true);
            }
        }