public byte[] HashPassword(string password, ISecureRandomGenerator secureRandomGenerator)
{
var passwordBytes = Encoding.UTF8.GetBytes(password);
var salt = secureRandomGenerator.GenerateBytes(32);
var iv = secureRandomGenerator.GenerateBytes(16);
var cipher = Aes.Create();
cipher.KeySize = 256;
cipher.Padding = PaddingMode.PKCS7;
cipher.Mode = CipherMode.CBC;
cipher.Key = salt;
cipher.IV = iv;
var encryptor = cipher.CreateEncryptor();
var subKey = encryptor.TransformFinalBlock(passwordBytes, 0, passwordBytes.Length);
var outputBytes = new byte[9 + salt.Length + iv.Length + subKey.Length];
outputBytes[0] = FormatMarkers.Aes256;
BufferUtil.WriteNetworkByteOrder(outputBytes, 1, (uint)cipher.Padding);
BufferUtil.WriteNetworkByteOrder(outputBytes, 5, (uint)cipher.Mode);
BufferUtil.BlockFill(salt, outputBytes, 9);
BufferUtil.BlockFill(iv, outputBytes, 9 + salt.Length);
BufferUtil.BlockFill(subKey, outputBytes, 9 + salt.Length + iv.Length);
return(outputBytes);
}
public BCryptHashService(
ISecureRandomGenerator secureRandomGenerator,
IEncryptionService encryptionService)
{
_secureRandomGenerator = secureRandomGenerator;
_encryptionService = encryptionService;
}
private static byte[] HashPasswordByPkbdf2(string password, ISecureRandomGenerator secureRandomGenerator, KeyDerivationPrf keyDerivationPrf, int iterCount, uint saltSize, int numBytesRequested)
{
var salt = secureRandomGenerator.GenerateBytes(saltSize);
var subkey = KeyDerivation.Pbkdf2(password, salt, keyDerivationPrf, iterCount, numBytesRequested);
var outputBytes = new byte[13 + salt.Length + subkey.Length];
outputBytes[0] = FormatMarkers.Pbkdf2; // format marker
BufferUtil.WriteNetworkByteOrder(outputBytes, 1, (uint)keyDerivationPrf);
BufferUtil.WriteNetworkByteOrder(outputBytes, 5, (uint)iterCount);
BufferUtil.WriteNetworkByteOrder(outputBytes, 9, (uint)saltSize);
Buffer.BlockCopy(salt, 0, outputBytes, 13, salt.Length);
Buffer.BlockCopy(subkey, 0, outputBytes, 13 + (int)saltSize, subkey.Length);
return(outputBytes);
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticationFlow"/> class.
/// </summary>
/// <param name="httpContextAccessor">The context accessor.</param>
/// <param name="jwtCrytpoProvider">The crypto provider.</param>
/// <param name="userManager">The user manager.</param>
/// <param name="dbContext">The database context.</param>
/// <param name="rngGenerator">The random generator.</param>
/// <param name="moment">The current moment provider.</param>
/// <param name="options">The options.</param>
/// <param name="logger">The logger.</param>
public AuthenticationFlow(
IHttpContextAccessor httpContextAccessor,
IJwtCryptoProvider jwtCrytpoProvider,
UserManager <AppUser> userManager,
FvectContext dbContext,
ISecureRandomGenerator rngGenerator,
IMoment moment,
IOptionsMonitor <BackendOptions> options,
ILogger <AuthenticationFlow> logger)
{
this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
this.jwtCrytpoProvider = jwtCrytpoProvider ?? throw new ArgumentNullException(nameof(jwtCrytpoProvider));
this.userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
this.dbContext = dbContext ?? throw new ArgumentNullException(nameof(dbContext));
this.rngGenerator = rngGenerator ?? throw new ArgumentNullException(nameof(rngGenerator));
this.moment = moment ?? throw new ArgumentNullException(nameof(moment));
this.options = options ?? throw new ArgumentNullException(nameof(options));
this.logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
public PasswordHasher(IBinaryConverter binaryConverter, ISecureRandomGenerator secureRandomGenerator, IEnumerable <IPasswordFormatHasher> passwordFormatHashers)
{
_binaryConverter = binaryConverter ?? throw new ArgumentNullException(nameof(binaryConverter));
_secureRandomGenerator = secureRandomGenerator ?? throw new ArgumentNullException(nameof(secureRandomGenerator));
_passwordFormatHashers = passwordFormatHashers ?? throw new ArgumentNullException(nameof(passwordFormatHashers));
}
public byte[] HashPassword(string password, ISecureRandomGenerator secureRandomGenerator)
{
return(HashPasswordByPkbdf2(password, secureRandomGenerator, KeyDerivationPrf.HMACSHA256, IterCount, 128 / 8, 256 / 8));
}